Thiết lập quyền đọc, ghi nhưng không được xóa trên UBUNTU



Sticky Bit

Setting the sticky bit tells Unix that once the concerned application is executed, it should remain in memory. Remember that Unix is a multi-user OS and was mainly designed so that multiple users can work simultaneously. Thus the logic used is that a program that exists in memory requires lesser time to start when a new user requests for the same program. Thus when one user has just used a program and then a new user wants to use the same program, the second user doesn't have to face a time delay for the program to initialize itself. It would be readily available to him. The concept of the sticky bit was a very useful one, long back when fast disk access and other memory access technologies weren't around. But in today's age the concept of sticky bit is obsolete, since modern day technology is advanced enough to reduce the time delay while loading applications into the memory. Thus currently the sticky bit is of very little significance. Sticky bit is only associated with executables.

SUID (Set User ID
) Bit

Sometime you may faced an error while trying to run any application stating that the application must be 'SUID root' . You might have been confused that time, but now once you read this article you would no longer find it confusing.

SUID stands for Set User ID. This means that if the SUID bit is set for any application then your user ID would be set as that of the owner of application/file rather than the current user, while running that application. That means in case I have an application whose owner is ' root ' and it has its SUID bit set, then when I run this application as a normal user, that application would still run as root. Since the SUID bit tells Linux that the the User ID root is set for this application and whenever this application executes it must execute as if root was executing it (since root owns this file).

In case you have really understood the above you may be wondering - isnt this a major security risk? If users are able to run applications as root, then it must be definitely posing as a threat to the security of the system. Actually the SUID is used to increase the security in a way. Let me explain this with my own example I use on my machine.

SGID (Set Group ID) bit

Just like SUID, setting the SGID bit for a file sets your group ID to the file's group while the file is executing. IT is really useful in case you have a real multi-user setup where users access each others files. As a single homeuser I haven't really found a lot of use for SGID. But the basic concept is the same as the SUID, the files whose SGID bit are set would be used as if they belong to that group rather than to that user alone.
u = user
g = group
o = others
+ = add
w = write (permission)
s = set sticky bit


g+w = set write permission for group
g+s = setgid (set sticky bit for group)
u+w = set write permission for user

Nhận xét

  1. Cái này cho phép thiết lập quyền đọc ghi đối với người dùng nhưng không được quyền xóa cái của người khác tạo.
    ví dụ:
    tạo thư mục:
    sudo mkdir public
    sudo chmod -R 1777 public
    or
    sudo chmod 1777 public
    or
    sudo chmod 777 public
    sudo u+t public
    note: u(user), g(group), o(other)

    Trả lờiXóa
  2. more:
    Người đăng nhập A tạo thư mục AA trong public
    Người đăng nhập B có quyền đọc và tạo cái gì trong thư mục AA cũng được nhưng không được quyền xóa những gì người A đã tạo. chỉ thế thôi. Tương tự Người B tạo thì A cũng có quyền như thế nhưng không được phép xóa những gì người B đã tạo

    Trả lờiXóa

Đăng nhận xét

Bài đăng phổ biến từ blog này

dung lượng RAM lớn nhất mà HĐH cấu trúc 32-bit nhận được

Ký tự viết tắt trong chat & email

Ubuntu LAMP Server