Security Context
Prerequisite: course there are the owner and group files have the owner and group
- Any executable file can not start for the process: the initiator of the program depends on whether the file has execute permission
- After starting as a process, the owner of which is the initiator of the process : the process is a group of sponsors for the group belongs
- The initiator of the process when permission to access files, depending on the process
- The initiator of the process, with the owner of the file, the application file owner permissions
- The initiator of the process, is a group belonging to the file, the application file is a set of permissions
- Application Files "other" permission
SOUTH 提 权
Breaking the security context of the rules
- Any executable file can not start for the process: the initiator of the program depends on whether the file has execute permission
- After starting as a process, which is the main process for the original program files is the main piece: (genus group process does not make much sense)
Permissions:
chmod u+s FILENAME
chmod u-s FILENAME
SGID
By default, when a user creates a file, it is a basic set of groups this user belongs;
Once a directory is set SGID, then this directory has write access to users in this directory set of files created in this directory belong to the genus group
Permissions
chmod g+s DIR...
chmod g-s DIR...
A user can not be deleted in the file, depending on whether the file directory where you have write access
Sticky sticky bit
For more than a writable directory, if you set the sticky, each user can only delete your files
Permissions:
chmod o+t DIR...
chmod o-t DIR...
By default, the / tmp directory permissions set -t
SUID SGID STICKY
0 0 0
...
1 1 1
chmod 4 777 /tmp/a.txt: Location on behalf of special permissions, which represents a 4 SUID permission
Note:
SUID: user execute permission bits occupy the owner
s: owner has permission to x
S: owner no permission x
GUID: group, occupy execute permission bits is a group of
s: group have permission x
S: group no permission x
Sticky: other, occupy other execution permission bits
t: other permission to have x
T: other x no authority