Part 1 files and directories
Set the user ID and group ID setting
Associated with a process ID of 6 or more.
- Actual:
actual user ID / group ID actually we who are actually - Effective:
a valid user ID / effective group ID / affiliated group ID for file access permission checks - Save settings:
settings saved user ID / group ID storage is provided by a Save function exec
- Real user ID and real group ID identifies us who really is. These two fields in the password file entries from landing at the landing. Typically, during a login session these values do not change, but the super-user process there are ways to change them.
- Effective user ID, effective group ID and group ID determine our subsidiaries file access permissions.
- Save the settings the user ID and group ID stored in the execution program includes a valid user ID and a valid copy group ID.
Typically, a valid user ID is equal to the actual user ID, a valid ID group is equal to the actual group ID.
Each file has an owner and group owner, who is specified by the stat structure st_uid, set_gid designated by the group owner.
When a file is executed, the effective user ID of the process is usually the actual user ID, effective group ID is usually the actual group ID. However, you can set the text mode word (st_mode) in a special logo, which means "when executing this document, the process's effective user ID is set to file owner user ID (set_uid)". Similarly, in file mode can be set in another word, it will execute this process effective group ID of the file to a file group owner ID (st_gid). in the file mode word of the two is called the set user ID (set -user-ID) and set-group ID (set-group-ID) bits. that is SUID, SGID.
For example, if the file owner is super user, and set the set user ID bit of the file, then when the file is executed by the extent of a process that has superuser privileges. No matter what the real user ID process this file is executed, it will be so. System program such as UNIX passwd (1) allows any user to change their password, the program is a program to set the user ID. Because the program should be able to write the user's new password in the password file (usually / etc / passwd or / etc / shadow), but only the super user has write permissions to the file, you need to use set user ID function. Because the user to run the setup program process usually get extra privileges, so be careful when writing such a program.
Stat back function, and set the user-ID bits set group ID values are contained in file st_mode. S_ISUID two constants can be used to test and S_ISGID respectively.
stat structure:
struct stat{
mode_t st_mode;
ino_t st_ino;
dev_t st_dev;
dev_t st_rdev;
nlink_t st_nlick;
uid_t st_uid;
gid st_gid;
off_t st_size;
struct timespec st_atime;
struct timespec st_mtime;
struct timespec st_ctime;
blksize_t st_blksize;
blkcnt_t st_blocks;
};
File Access
st_mode value also includes access permission bits of the file. When referring to a file, it refers to any type of document previously mentioned. So the file type (directory, character special files, etc.) have access (access permission). Many people think that only have access to common files, this is a misunderstanding.
9 access from <sys / stat.h>
| st_mode shield | meaning |
|---|---|
| S_IRUSR | Users Reading |
| S_IWUSR | Users write |
| S_IXUSR | Users execution |
| S_IRGRP | Reading Group |
| S_IWGRP | Group write |
| S_IXGRP | Set of execution |
| S_IROTH | Other Reading |
| S_IWOTH | Other Write |
| S_IXOTH | Other executive |
Three types of access (ie read, write, execute) using a variety of different functions. We will use these different ways are summarized below. When the correlation function is described, further discussion.
- The first rule is that when we use the name to open any type of file, the name of each directory contained in it may contain implicit in the current working directory should have execute permissions. This is why execute permissions for the directory bit is often called the cause of the search bit.
For example, to open /usr/include/stdio.h, the need for directory /, / usr, and / usr / include execute permissions. Then, you need to have the appropriate permissions to the file itself, depending on the mode in which it opened (read only, read - write, etc.).
If the current directory is / usr / include, then in order to open the file stdio.h, it requires execute permissions on the current directory. This is an example of implicit current directory. Open the file and open ./stdio.h stdio.h same effect. Note that the significance of reading and Execute permissions of the directory is different. Read permission allows us to read the directory, a list of all the file names in the directory. When a catalog is an integral part of our path to access the file when the execute permissions to the directory so that we can through this directory (that is, search the directory to find a specific file name) Another example cited is hidden directory If PATH environment variable to specify a directory that we do not have permission, then the shell will not find the executable file in the directory. - For a file read permissions determine whether we can open an existing file for reading. This is related to O_RDONLY and O_RDWR flags open function.
- For a file write permissions determine whether we can open an existing file for writing. This is related to O_WRONLY and O_RDWR flags open function.
- To specify O_TRUNC flag on a file open function, you must have write access to the file.
- To create a new file in a directory, you must have permission to write and execute permissions to the directory.
- To delete an existing file, it must have write access to the executable file to the directory that contains the file. There is no need to read the document itself, write permissions.
- If any one of the seven execute a file exec functions, you must have execute permissions on the file. The document must also be a regular file.