Home > Article > System Tutorial > Linux file permissions analysis
There are three identities for files in the Linux system u: owner g: group o: others
These identities have the following permissions for commonly used documents:
r: Read permission, the user can read the content of the document, such as using cat, more to view
w: Write permission, the user can edit the document
x: This directory has permissions that can be executed by the system
In addition to read and write execution permissions, the system also supports mandatory bits (s permissions) and sticky bits (t permissions)
s permissions: Set the file to have the permissions of the file owner during the execution phase, which is equivalent to temporarily possessing the identity of the file owner. A typical file is passwd. If a general user executes the file, during the execution process, the file can be obtained Root privileges, so that the user's password can be changed.
ls -al /usr/bin/passwd -rwsr-xr-x 1 pythontab pythontab 32988 2018-03-16 14:25 /usr/bin/passwd
We can set s permissions through character mode: chmod a+s filename, or we can set it using absolute mode:
Set s u i d: Set the bit before the corresponding permission bit to 4;
Set g u i d: Set the bit before the corresponding permission bit to 2;
Set both: Set the bit before the corresponding permission bit to 4+2=6.
Note: When setting the s permission, the file owner and group must first set the corresponding , chmod will not report an error, when we see rwS when we ls -l, the capital S means that the s permission is not effective)
tPermissions: To delete a document, you do not necessarily have to have write permissions for the document, but you must have write permissions for the parent directory of the document. In other words, even if you do not have write permission for a document, but you have write permission for the upper-level directory of this document, you can still delete the document. However, if you do not have write permission for a directory, you cannot delete it in this directory. Create documents.
How to make a directory allow any user to write documents, but also prevent users from deleting other people's documents in this directory. The t permission can play this role. The t permission is generally only used on directories and has little effect on documents.
After setting the t permission bit on a directory, (such as /home, the permission is 1777) any user can create documents in this directory, but can only delete the documents they created (except root), which is not suitable for any user. User documents in directories that users can write are protected.
You can set t permissions by chmod +t filename
The above is the detailed content of Linux file permissions analysis. For more information, please follow other related articles on the PHP Chinese website!