稍微記錄一下,以免下次碰到忘記
有三種特殊權限: Sticky Bit, Set Group ID bit(SGID), Set User ID(SUID),可單獨設定也可合併在一起使用
Sticky Bit的影響
This applies only to directories, and on Linux it prevents users from removing or renaming a file in a directory unless they own that file or directory.
- scope: directories
- operation: removing or renaming a file
- identiry: owner
在啟用Sticky Bit的資料夾內,只能刪除或改名屬於自己的檔案
1 | chmod 1777 /tmp |
Set Group ID bit(SGID)的影響
This can be applied to executable files or directories.
The Set Group ID (SGID) bit on an executable file ensures that the file, when executed, runs with the permissions of the group owner of the file, rather than the group of the user who executed it.
When applied to directories, it will make every file or directory created under it inherit the group from the parent directory.
在啟用SGID的的可執行檔案,執行時期的process會取得檔案所屬group的權限。
在啟用SGID的的資料夾內,新增的檔案或資料夾所屬group會繼承該資料夾的group。
Set User ID(SUID)的影響
It only applies to files and its behavior is similar to the SGID bit, but the process will run with the privileges of the user who owns the file.
在啟用SUID的的可執行檔案,執行時期的process會取得檔案所屬owner的權限。
1 | ls -la /usr/bin/passwd |