Linux系統(tǒng)中的每一個(gè)文件都與多種權(quán)限類(lèi)型相關(guān)聯(lián)。在這些權(quán)限中����,我們主要和三類(lèi)權(quán)限打交 道:用戶(hù)(user)、用戶(hù)組(group)和其他用戶(hù)(others)���。用戶(hù)是文件的所有者;用戶(hù)組是指和文件所有者在同一組的其他多個(gè)用戶(hù)的集合�;其 他用戶(hù)是除用戶(hù)或用戶(hù)組之外的任何用戶(hù)。
ls -l命令可以列出文件的權(quán)限�����,如:
-rw-rw-r-- 1 lfqy lfqy 529 6月 11 20:21 file-authority.txt
-rw-rw-r-- 1 lfqy lfqy 0 6月 11 19:02 helloworld
drwxrwxr-x 2 lfqy lfqy 4096 6月 11 20:21 try
可以看出�����,每一行輸出代表一個(gè)文件���。每行輸出的前10個(gè)字符代表文件的權(quán)限信息:第一個(gè)字符代表文件的類(lèi)型(-表示普通文件,d表示目錄�,c表 示字符設(shè)備,b表示塊設(shè)備��,l表示符號(hào)鏈接�,s表示套接字���,p表示管道)�,剩下的部分可以劃分成三組(第一組的三個(gè)字符對(duì)應(yīng)用戶(hù)權(quán)限����,第二組的三個(gè)字符對(duì) 應(yīng)用戶(hù)組權(quán)限,第三組的三個(gè)字符對(duì)應(yīng)其他用戶(hù)權(quán)限���。這9個(gè)字符中的每一個(gè)字符指明是否設(shè)置了某種權(quán)限�����,如果設(shè)置了權(quán)限,對(duì)應(yīng)位置上就會(huì)出現(xiàn)一個(gè)字符�����,否則 就一個(gè)'-'表明沒(méi)有設(shè)置對(duì)應(yīng)的權(quán)限)。其中r代表讀權(quán)限���,w代表寫(xiě)權(quán)限,x代表執(zhí)行權(quán)限���,比如第一行中的file-authority.txt文件屬于 用戶(hù)lfqy��,該用戶(hù)對(duì)其擁有讀寫(xiě)權(quán)限��,而沒(méi)有執(zhí)行權(quán)限����,和lfqy在同一組的其他用戶(hù)也擁有對(duì)該文件的讀寫(xiě)權(quán)限����,而其他用戶(hù)對(duì)其只有讀權(quán)限。
1�、文件的權(quán)限
1.1 文件的基本權(quán)限
rwx分別對(duì)應(yīng)文件的讀權(quán)限、寫(xiě)權(quán)限和可執(zhí)行權(quán)限����,然而,對(duì)于目錄來(lái)說(shuō)��,這三種權(quán)限有不同的含義���。目錄的讀權(quán)限允許讀取目錄中文件和子目錄的列表���,目錄的寫(xiě)權(quán)限允許在目錄中創(chuàng)建或刪除文件或目錄,目錄的可執(zhí)行權(quán)限指明是否可以訪問(wèn)目錄中的文件和子目錄�。
1.2 setuid���、setgid和sticky bit
實(shí)際上���,除了最基本的讀、寫(xiě)和執(zhí)行權(quán)限之外�����,Linux中還有setuid���、setgid和sticky bit等三種權(quán)限�����。下面分別解釋這三種權(quán)限。
關(guān)于setuid和setgid維基百科上的解釋如下:
setuid and setgid (short for "set user ID upon execution" and "set group ID upon execution", respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group respectively and to change behaviour in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task.
The setuid and setgid flags, when set on a directory, have an entirely different meaning.
Setting the setgid permission on a directory (chmod g+s) causes new files and subdirectories created within it to inherit its group ID, rather than the primary group ID of the user who created the file (the owner ID is never affected, only the group ID). Newly created subdirectories inherit the setgid bit. Thus, this enables a shared workspace for a group without the inconvenience of requiring group members to explicitly change their current group before creating new files or directories. Note that setting the setgid permission on a directory only affects the group ID of new files and subdirectories created after the setgid bit is set, and is not applied to existing entities. Setting the setgid bit on existing subdirectories must be done manually, with a command such as the following:
[root@foo]# find /path/to/directory -type d -exec chmod g+s {} /;
The setuid permission set on a directory is ignored on UNIX and Linux systems. FreeBSD can be configured to interpret it analogously to setgid, namely, to force all files and sub-directories to be owned by the top directory owner.
(責(zé)任編輯:VEVB)
