Almost everyone is very clear about the
usually permission for a Linux file/folder. user+group+other, read, write and executable. Now let’s talk something about the special
permission bit.
- setuid: is defined as giving temporary permissions to a user to run a program/file with the permissions of the file owner rather that the user who runs it.
- setgid: the file and directory create in the folder will inherit the group ownership from the directory.
- sticky bit: usually set for the directory. Other users can overwrite the file content but can’t delete or remove the file.
1. Setuid: usually it will apply to an executable file.
Let’s say passwd command, this command needs to update the /etc/passwd file which is only editable by the root.
Another example is ping command. It needs to create the connection via device. The device is only accessible by root.
Also the crontab command which will modify the cron file in /var/spool/cron (only visible to root)
2. Setgid: (not very useful).
Any file created under a directory with setgid flag, it will get the same group permission as the directory itself regardless of the creator’s group.
As the testfile.txt, created by hadoop user and got the root group permission.
Another example is ping command. It needs to create the connection via device. The device is only accessible by root.
Also the crontab command which will modify the cron file in /var/spool/cron (only visible to root)
2. Setgid: (not very useful).
Any file created under a directory with setgid flag, it will get the same group permission as the directory itself regardless of the creator’s group.
As the testfile.txt, created by hadoop user and got the root group permission.
3. Sticky key: usually applied to the directory.
User can change the content of the file (with write permission) in that directory but can’t move or delete it.
Below example shows user hadoop can overwrite the content of /tmp/test.txt file but can’t delete the file.
Below example shows user hadoop can overwrite the content of /tmp/test.txt file but can’t delete the file.
Directory permission:
Let clarify the directory permission, sometimes it confuses the System Admin.
·
r for directory
means you can list the files/sub-directories of the directory
·
w means you can
create, change, remove the files / subdirectory of the directory
·
x means you can
enter the directory.
·
s you can only
delete the files owned by yourself.
Example:
·
rwx=== you can enter, list and create/delete the
files in the directoy
·
rwt=== you can enter, list and create files in
the directoy but only can delete the files owned by itself.
·
rw-=== same as
r--. You can list the file but can’t enter or create/delete the files in the
directory. (not common)
·
r-x===you can enter,
list but you can’t create/delete the files in the directoy
·
-wx== you can enter
and create/delete the files in the directoy but you can’t list the file there.
No comments:
Post a Comment