Each file has an owner and belongs to a group.
Each running process has an owner and belongs to a group.
Users may belong to multiple groups.
at any session a user has an active group, and process she starts will inherit this active group.
each user has a default active group.
users may change the current active group using the commands newgrp and sg.
this security model is sufficient for most needs because GNU/Linux tries to represent everything as a file.
Each file has 3 sets of permissions that apply to different users, one set applies to the file owner, one applies to members of the file's group and the last set applies to anyone else.
in case one needs more some kernel modules offer Access Control Lists which provide more fine grained control.
Permission grid
| Read | Write | Execute | SetUID | SetGID | Sticky | |
|---|---|---|---|---|---|---|
| file | Can read | can modify | Can execute | executed as if owner | executed as if were in that group | no effect |
| directory | can ls | can make new files and delete file | can cd to directory and access its files and subdirectories | no effect | new files get group & new dirs get setgid | only owners can delete files |
| alphabetical chmod | +r | +w | +x | u+s | g+s | o+t |
| numerical chmod | 4 | 2 | 1 | 4000 | 2000 | 1000 |
Comments
Problems with filters in this page.
Can any admin have a look please ?
Thanks phaeron for your
Thanks phaeron for your fast response
fixed
The csvfilter module was missing. Thanks Msameer for helping.
no CSV filter is not
no CSV filter is not needed, I changed the mrkup so it uses wiki syntx for tables, I suggest you remove csvfilter.
Alaa
husband of the Grand Waragi Master