Novell Suse Linux Professional 9.2 00662644457284 ユーザーズマニュアル
製品コード
00662644457284
21
W
or
king
king
with
the
Shell
21.2.4
The setgid Bit
The setuid attribute applies to users. However, there is also an equivalent prop-
erty for groups — the setgid attribute. A program for which this attribute was set
runs under the group ID under which it was saved, no matter which user starts
it. Therefore, in a directory with the setgid bit, all newly created files and subdi-
rectories are assigned to the group to which the directory belongs. Consider the
following example directory:
erty for groups — the setgid attribute. A program for which this attribute was set
runs under the group ID under which it was saved, no matter which user starts
it. Therefore, in a directory with the setgid bit, all newly created files and subdi-
rectories are assigned to the group to which the directory belongs. Consider the
following example directory:
drwxrwxr--
2 root archive
48 Nov 19 17:12 backup
Set the setuid bit with the command
chmod g+s /test
. Subsequently, the ac-
cess permissions appear as follows:
drwxrwxr--
2 root archive
48 Nov 19 17:12 backup
21.2.5
The Sticky Bit
There is also the sticky bit. It makes a difference whether it belongs to an exe-
cutable program or a directory. If it belongs to a program, a file marked in this
way will be loaded to the RAM to avoid needing to get it from the hard disk each
time it is used. This attribute is used rarely, as modern hard disks are fast enough.
If this attribute is assigned to a directory, it prevents users from deleting each
other’s files. Typical examples include the
cutable program or a directory. If it belongs to a program, a file marked in this
way will be loaded to the RAM to avoid needing to get it from the hard disk each
time it is used. This attribute is used rarely, as modern hard disks are fast enough.
If this attribute is assigned to a directory, it prevents users from deleting each
other’s files. Typical examples include the
/tmp
and
/var/tmp
directories:
drwxrwxrwt
2 root
root
1160 2002-11-19 17:15 /tmp
21.2.6
Access Control Lists
The traditional permission concept for Linux file system objects, such as files or
directories, can be expanded by means of ACLs (access control lists). They allow
the assignment of permissions to individual users or groups other than the origi-
nal owner or owning group of a file system object.
directories, can be expanded by means of ACLs (access control lists). They allow
the assignment of permissions to individual users or groups other than the origi-
nal owner or owning group of a file system object.
Files or directories bearing extended access permissions can be detected with a
simple
simple
ls -l
command:
-rw-r--r--+ 1 tux project3 14197 Jun 21
15:03 Roadmap
269
SUSE LINUX