SOME SPECIAL PERMISSIONS
来源:互联网 发布:犀牛软件 mac 破解版 编辑:程序博客网 时间:2024/05/28 23:11
Though we usually see an octal permission mask expressed as a three-digit number, it is more technically correct to express it in four digits. Why? Because, in addition to read, write, and execute permissions, there are some other, less-used permission settings.
The first of these is the setuid bit (octal 4000). When applied to an execut-able file, it sets the effective user ID from that of the real user (the user actually running the program) to that of the program’s owner. Most often this is given to a few programs owned by the superuser. When an ordinary user runs a pro-gram that is setuid root, the program runs with the effective privileges of thesuperuser. This allows the program to access files and directories that an ordinary user would normally be prohibited from accessing. Clearly, because this raises security concerns, the number of setuid programs must be held to an absolute minimum.
The second less-used setting is the setgid bit (octal 2000). This, like the setuid bit, changes the effective group ID from that of the real group ID of the user to that of the file owner. If the setgid bit is set on a directory, newly created files in the directory will be given the group ownership of the directory rather the group ownership of the file’s creator. This is useful in a shared directory when mem-bers of a common group need access to all the files in the directory, regardless of the file owner’s primary group.
The third is called the sticky bit (octal 1000). This is a holdover from ancient Unix, where it was possible to mark an executable file as “not swap-pable.” On files, Linux ignores the sticky bit, but if applied to a directory, it pre-vents users from deleting or renaming files unless the user is either the owner of the directory, the owner of the file, or the superuser. This is often used to control access to a shared directory, such as /tmp.
Here are some examples of using chmod with symbolic notation to set these special permissions.
The first of these is the setuid bit (octal 4000). When applied to an execut-able file, it sets the effective user ID from that of the real user (the user actually running the program) to that of the program’s owner. Most often this is given to a few programs owned by the superuser. When an ordinary user runs a pro-gram that is setuid root, the program runs with the effective privileges of thesuperuser. This allows the program to access files and directories that an ordinary user would normally be prohibited from accessing. Clearly, because this raises security concerns, the number of setuid programs must be held to an absolute minimum.
The second less-used setting is the setgid bit (octal 2000). This, like the setuid bit, changes the effective group ID from that of the real group ID of the user to that of the file owner. If the setgid bit is set on a directory, newly created files in the directory will be given the group ownership of the directory rather the group ownership of the file’s creator. This is useful in a shared directory when mem-bers of a common group need access to all the files in the directory, regardless of the file owner’s primary group.
The third is called the sticky bit (octal 1000). This is a holdover from ancient Unix, where it was possible to mark an executable file as “not swap-pable.” On files, Linux ignores the sticky bit, but if applied to a directory, it pre-vents users from deleting or renaming files unless the user is either the owner of the directory, the owner of the file, or the superuser. This is often used to control access to a shared directory, such as /tmp.
Here are some examples of using chmod with symbolic notation to set these special permissions.
First, assign setuid to a program:
chmod u+s program
Next, assign setgid to a directory:
chmod g+s dir
chmod u+s program
Next, assign setgid to a directory:
chmod g+s dir
Finally, assign the sticky bit to a directory:
chmod +t dir
By viewing the output from ls, you can determine the special permissions.
Here are some examples. First, a program that is setuid:
-rwsr-xr-x
Now, a directory that has the setgid attribute:
drwxrwsr-x
Finally, a directory with the sticky bit set:
drwxrwxrwt
chmod +t dir
By viewing the output from ls, you can determine the special permissions.
Here are some examples. First, a program that is setuid:
-rwsr-xr-x
Now, a directory that has the setgid attribute:
drwxrwsr-x
Finally, a directory with the sticky bit set:
drwxrwxrwt
- SOME SPECIAL PERMISSIONS
- some special cases of "extern" in C
- Android Create Shortcut for some special mobile phone.
- Permissions
- How-to: deploy hadoop client with some special user based on acl enbaled cluster
- some
- some
- some
- some
- some
- Some
- some
- IIS Permissions
- UNIX permissions
- ????????????no permissions
- android permissions
- ???????????? no permissions
- System Permissions
- UML建模语言学习笔记
- linux内存管理之uboot第一步
- 用eclipse编写Android程序时怎样生成apk文件
- Linux查看所有用户
- tomcat配置文件server.xml详解
- SOME SPECIAL PERMISSIONS
- IDC分析师观点:视频会议是未来五年中国统一通信市场增长的主要驱动力,统一通信产品IP化趋势愈加明显
- assert()函数用法总结
- 为什么在析构函数中不应该抛出异常?
- UBUNTU AND SUDO
- oj 他胖吗
- 背包问题(2)01背包 Bone Collector
- Lucene的Version字段探索
- PLSQL Developer 连接 Oracle数据库
