Common permissions
There are files in the linux system with three identities u: owner g: group o: others
These identities have the following permissions for documents commonly used:
r: read permission, the user can read the content of the document, such as using cat, more to view
w: write permission, the user can edit the document
x: The directory has permission to be executed by the system
Other permissions
In addition to read, write and execute permissions, the system also supports mandatory bits (s permissions) and sticky bits (t permissions)
s permission
s permission: Set the permission of the file owner during the execution phase, which is equivalent to temporarily owning the identity of the file owner. A typical file is passwd. If a general user executes the file, during the execution process, the file can be rooted permission, so that the user's password can be changed.
ls -al /usr/bin/passwd -rwsr-xr-x 1 pythontab pythontab 32988 2018-03-16 14:25 /usr/bin/passwd
We can set the s permission in character mode: chmod a+s filename, or in absolute mode:
Set suid: Set the bit before the corresponding permission bit to 4;
Set guid: set the bit before the corresponding permission bit to 2;
Both are set: the bit before the corresponding permission bit is set to 4+2=6.
Note: When setting the s permission, the file owner and group must first set the corresponding x permission, otherwise the s permission will not really take effect (the chmod command does not perform the necessary integrity check, even if the x permission is not set, the s permission is set, chmod will not report an error, when we see rwS when we ls -l, the uppercase S indicates that the s permission does not take effect)
tPermissions
t permission: To delete a document, you do not have to have the write permission of the document, but you must have the write permission of the parent directory of the document. That is to say, even if you do not have the write permission of a document, but you have the write permission of the upper-level directory of the document, you can delete the document, and if you do not have the write permission of a directory, you cannot be in this directory. Create documentation.
How to make a directory not only allow any user to write documents, but also prevent users from deleting other people's documents in this directory, t permissions can play this role. t permissions are generally only used on directories, not on documents.
After the t permission bit is set on a directory, (such as /home, the permission is 1777) any user can create documents in this directory, but can only delete the documents created by themselves (except root), which is for any user. User documentation in a writable directory is enabled for protection.
t permissions can be set by chmod +t filename
The original text comes from: https://www.linuxprobe.com/linux-file-permission.html