Novell SUSE LINUX Professional 9.3 Update 00662644461625 ユーザーズマニュアル
製品コード
00662644461625
19
W
or
king
king
with
the
Shell
You can see the
s
bit set for the group permission. The owner of the directory
and members of the group
archive
may access this directory. Users that are
not members of this group are “mapped” to the respective group. The effective
group ID of all written files will be
group ID of all written files will be
archive
. For example, a backup program
that runs with the group ID
archive
is able to access this directory even without
root privileges.
19.2.5
The Sticky Bit
There is also the sticky bit. It makes a difference whether it belongs to an exe-
cutable program or a directory. If it belongs to a program, a file marked in this
way is loaded to RAM to avoid needing to get it from the hard disk each time it is
used. This attribute is used rarely, because modern hard disks are fast enough.
If this attribute is assigned to a directory, it prevents users from deleting each
other’s files. Typical examples include the
cutable program or a directory. If it belongs to a program, a file marked in this
way is loaded to RAM to avoid needing to get it from the hard disk each time it is
used. This attribute is used rarely, because modern hard disks are fast enough.
If this attribute is assigned to a directory, it prevents users from deleting each
other’s files. Typical examples include the
/tmp
and
/var/tmp
directories:
drwxrwxrwt
2 root
root
1160 2002-11-19 17:15 /tmp
19.2.6
Access Control Lists
The traditional permission concept for Linux file system objects, such as files or
directories, can be expanded by means of ACLs (access control lists). They allow
the assignment of permissions to individual users or groups other than the origi-
nal owner or owning group of a file system object.
directories, can be expanded by means of ACLs (access control lists). They allow
the assignment of permissions to individual users or groups other than the origi-
nal owner or owning group of a file system object.
Files or directories bearing extended access permissions can be detected with a
simple
simple
ls -l
command:
-rw-r--r--+ 1 tux project3 14197 Jun 21
15:03 Roadmap
The output of
ls
does not reveal much of a change compared to an
ls
on a
file without an ACL.
Roadmap
is owned by
tux
who belongs to the group
project3
.
tux
holds both write and read access to this file and his group as well
as all other users have read access. The only difference that distinguishes this file
from a file without an ACL is the additional
from a file without an ACL is the additional
+
in the first column holding the per-
mission bits.
Get details about the ACL by executing
getfacl Roadmap
:
259
SUSE LINUX