Справочник Пользователя для Novell SUSE LINUX Professional 9.3 00662644461649
Модели
00662644461649
Suppose the file
Roadmap
belong to
tux
, but to the user
geeko
.
root
should then enter
chown
geeko Roadmap
.
chgrp
changes the group ownership of the file. However, the owner of the
file must be a member of the new group. In this way, the user
tux
from Ex-
ProjectData
to
project4
with the command
chgrp project4 ProjectData
, as
long as he is a member of this new group.
19.2.3
The setuid Bit
In certain situations, the access permissions may be too restrictive. Therefore,
Linux has additional settings that enable the temporary change of the current
user and group identity for a specific action. For example, the
Linux has additional settings that enable the temporary change of the current
user and group identity for a specific action. For example, the
passwd
program
normally requires root permissions to access
/etc/passwd
. This file contains
some important information, like the home directories of users and user and
group IDs. Thus, a normal user would not be able to change
group IDs. Thus, a normal user would not be able to change
passwd
, because
it would be too dangerous to grant all users direct access to this file. A possible
solution to this problem is the setuid mechanism. setuid (set user ID) is a special
file attribute that instructs the system to execute programs marked accordingly
under a specific user ID. Consider the
solution to this problem is the setuid mechanism. setuid (set user ID) is a special
file attribute that instructs the system to execute programs marked accordingly
under a specific user ID. Consider the
passwd
command:
-rwsr-xr-x
1 root shadow 80036 2004-10-02 11:08 /usr/bin/passwd
You can see the
s
bit set for the user permission. By means of the setuid bit, all
users starting the
passwd
command execute it as
root
.
19.2.4
The setgid Bit
The setuid attribute applies to users. However, there is also an equivalent prop-
erty for groups: the setgid attribute. A program for which this attribute was set
runs under the group ID under which it was saved, no matter which user starts
it. Therefore, in a directory with the setgid bit, all newly created files and subdi-
rectories are assigned to the group to which the directory belongs. Consider the
following example directory:
erty for groups: the setgid attribute. A program for which this attribute was set
runs under the group ID under which it was saved, no matter which user starts
it. Therefore, in a directory with the setgid bit, all newly created files and subdi-
rectories are assigned to the group to which the directory belongs. Consider the
following example directory:
drwxrws---
2 tux archive
48 Nov 19 17:12 backup
258
19.2. Users and Access Permissions