- Linux Shell Scripting Cookbook(Third Edition)
- Clif Flynt Sarath Lakshman Shantanu Tushar
- 771字
- 2021-07-09 19:46:28
Working with file permissions, ownership, and the sticky bit
File permissions and ownership are one of the distinguishing features of the Unix/Linux filesystems. These features protect your information in a multi-user environment. Mismatched permissions and ownership can also make it difficult to share files. These recipes explain how to use a file's permission and ownership effectively.
Each file possesses many types of permissions. Three sets of permissions (user, group, and others) are commonly manipulated.
The user is the owner of the file, who commonly has all access permitted. The group is the collection of users (as defined by the system administrator) that may be permitted some access to the file. Others are any users other than the owner or members of the owner's group.
The ls command's -l option displays many aspects of the file including type, permissions, owner, and group:
-rw-r--r-- 1 slynux users 2497 2010-02-28 11:22 bot.py
drwxr-xr-x 2 slynux users 4096 2010-05-27 14:31 a.py
-rw-r--r-- 1 slynux users 539 2010-02-10 09:11 cl.pl
The first column of the output defines the file type as follows:
- -: This is used if it is a regular file
- d: This is used if it is a directory
- c: This is used for a character device
- b: This is used for a block device
- l: This is used if it is a symbolic link
- s: This is used for a socket
- p: This is used for a pipe
The next nine characters are divided into three groups of three letters each (--- --- ---). The first three characters correspond to the permissions of the user (owner), the second sets of three characters correspond to the permissions of the group, and the third sets of three characters correspond to the permissions of others. Each character in the nine-character sequence (nine permissions) specifies whether permission is set or unset. If the permission is set, a character appears in the corresponding position, otherwise a - character appears in that position, which means that the corresponding permission is unset (unavailable).
The three common letters in the trio are:
- r Read: When this is set, the file, device, or directory can be read.
- w Write: When this is set, the file, device, or directory can be modified. On folders, this defines whether files can be created or deleted.
- x execute: When this is set, the file, can be executed. On folders, this defines whether the files in the folder can be accessed.
Let's take a look at what each of these three character sets mean for the user, group, and others:
- User (permission string: rwx------): These define the options a user has. Usually, the user's permission is rw- for a data file and rwx for a script or executable. The user has one more special permission called setuid (S), which appears in the position of execute (x). The setuid permission enables an executable file to be executed effectively as its owner, even when the executable is run by another user. An example of a file with setuid permission set is -rwS------.
- Group (permission string: ---rwx---): The second set of three characters specifies the group permissions. Instead of setuid, the group has a setgid (S) bit. This enables the item to run an executable file with an effective group as the owner group. But the group, which initiates the command, may be different. An example of group permission is ----rwS---.
- Others (permission string: ------rwx): Other permissions appear as the last three characters in the permission string. If these are set, anyone can access this file or folder. As a rule you will want to set these bits to ---.
Directories have a special permission called a sticky bit. When a sticky bit is set for a directory, only the user who created the directory can delete the files in the directory, even if the group and others have write permissions. The sticky bit appears in the position of execute character (x) in the others permission set. It is represented as character t or T. The t character appears in the x position if the execute permission is unset and the sticky bit is set. If the sticky bit and the execute permission are set, the T character appears in the x position. Consider this example:
------rwt , ------rwT
A typical example of a directory with sticky bit turned on is /tmp, where anyone can create a file, but only the owner can delete one.
In each of the ls -l output lines, the string slynux users corresponds to the user and group. Here, slynux is the owner who is a member of the group users.