Shulou(Shulou.com)06/02 Report--

In the previous article, you learned that files have three different permission sets. The users who own the file have a collection, the members of the group who own the file have a collection, and then eventually a collection applies to everyone else. These permissions are displayed on the screen using symbolic mode in a long list (ls -l).

Each collection has r, w, and x entries indicating whether a particular user (owner, group member, or others) can read, write, or execute the file. But there is another way to express these permissions: octal mode.

You are used to the decimal numbering system, which has ten different values (0 to 9). Octal systems, on the other hand, have eight different values (0 to 7). Octal is used as shorthand to display the values of r, w, and x fields when representing permissions. Consider each field as having the following values:

r = 4w = 2x = 1

Now, you can express any combination using a single octal value. For example, read and write permissions (but no execute permissions) have a value of 6. Read and execute permissions have a value of only 5. The octal value of the rwxr-xr-x symbolic permission for a file is 755.

Similar to symbolic values, you can use octal values to set file permissions using the chmod command. The following two commands set the same permissions on files:

chmod u=rw,g=r,o=r myfile1chmod 644 myfile1

special permission bit

There are also several special permission bits on the file. These are called setuid (or suid), setgid (or sgid), and sticky bit (or delete inhibit). Think of this as another set of octal values:

setuid = 4setgid = 2sticky = 1 The setuid bit is ignored unless the file is executable. If this is the case, the file (which may be an application or script) runs as if it were initiated by the user who owns it. A good example of setuid is the/bin/passwd utility, which allows users to set or change passwords. This utility must be able to write to files that are not allowed to be changed by ordinary users. So it needs to be carefully written, owned by root, and has setuid bits so that it can change password-related files.

The setgid bit works similarly for executables. The file will run with the permissions of the group that owns it. However, setgid has an additional use for directories. If you create a file in a directory with setgid permissions, the group owner of the file is set to the group owner of the directory.

Finally, although file sticky bits are meaningless and ignored, they are useful for directories. Sticky bits set on a directory prevent users from deleting files in that directory owned by other users.

The way to set these bits using chmod in octal mode is to add a value prefix, such as 4755, to add setuid to the executable file. In symbolic mode, u and g can also be used to set or remove setuid and setgid, for example u+s,g+s. The viscosity bit is set using o+t. (Other combinations, such as o+s or u+t, are meaningless and ignored.)

http://www.51cto.com/it/news/2019/1014/15367.html

https://article.pchome.net/content-2101735.html

http://www.pcpop.com/article/6067769.shtml

Sharing and special permissions

Recall from the previous article the example of a finance team that needs to share files. As you can imagine, special permission bits help solve problems more efficiently. The original solution simply created a directory to which the entire group could write:

drwxrwx---. 2 root finance 4096 Jul 6 15:35 finance One problem with this directory is that users dwayne and jill, members of the finance group, can delete each other's files. This is not optimal for shared spaces. It may be useful in some cases, but it may not be when dealing with financial records!

Another problem is that the files in this directory may not really be shareable because they will be owned by the default group of dwayne and jill-most likely the user private group is also named dwayne and jill, not finance.

A better solution to this problem is to set setgid and sticky bits on folders. This will do two things: make the files created in the folder automatically owned by the finance group, and prevent dwayne and jill from deleting each other's files. Any of these commands will work:

sudo chmod 3770 financesudo chmod u+rwx,g+rwxs,o+t finance The long list of files now shows the new special permissions applied. Sticky bits appear as T instead of t because users outside the finance group cannot search the folder. drwxrws--T. 2 root finance 4096 Jul 6 15:35 finance

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.