Difference between revisions of "Linux:group"
Jump to navigation
Jump to search
| Line 7: | Line 7: | ||
==Details== | ==Details== | ||
*Every file (including directories) has a set of '''permissions''', an '''owner [[Linux:user|user]]''' and an '''owner group'''. Every file or directory's permission set is composed of twelve bits, but the meaning of the bits is slightly different for directories than for files. | *Every file (including directories) has a set of '''permissions''', an '''owner [[Linux:user|user]]''' and an '''owner group'''. Every file or directory's permission set is composed of twelve bits, but the meaning of the bits is slightly different for directories than for files. | ||
*'''File permissions''' contain three groups of three bits each. The first set of three applies if and only if the current user is the same as the file's owner user; the second set applies only if the current user belongs to the file's owner group, and the third set applies to everyone else. There are some additional specialized bits. Going from Most Significant Bit (MSB) to Least (LSB): | *'''File permissions''' contain three groups of three bits each. The first set of three applies if and only if the current user is the same as the file's owner user; the second set applies only if the current user belongs to the file's owner group (except for the file's owner user), and the third set applies to everyone else. There are some additional specialized bits. Going from Most Significant Bit (MSB) to Least (LSB): | ||
**Bit 11: "set user ID" | **'''Bit 11''': "set user ID" -- set user ID on execution | ||
**Bit 10: "set group ID" | **'''Bit 10''': "set group ID" -- set group ID on execution | ||
**Bit 09: "sticky" -- largely obsolete; used on early Unix systems. See [[chmod]] for more information. | **'''Bit 09''': "sticky" -- largely obsolete; used on early Unix systems. See [[chmod]] for more information. | ||
**Bits 8-0: rwx (owner user), rwx (owner group), rwx (everyone else): r = can read file, w = can write file, x = can execute file | **'''Bits 8-0''': rwx (owner user), rwx (owner group), rwx (everyone else): r = can read file, w = can write file, x = can execute file | ||
*Directory permissions are similar: | *'''Directory permissions''' are similar: | ||
**Bit 11: "set user ID" | **'''Bit 11''': "set user ID" | ||
**Bit 10: "set group ID" | **'''Bit 10''': "set group ID" | ||
**Bit 09: "sticky" -- | **'''Bit 09''': "sticky" -- | ||
**:1 = files in that directory may be unlinked or renamed only by root or their owner. | **:'''1''' = files in that directory may be unlinked or renamed only by root or their owner. | ||
**:0 = anyone able to write to the directory can delete or rename files. | **:'''0''' = anyone able to write to the directory can delete or rename files. | ||
***The sticky bit is commonly found on directories, such as /tmp, that are "world-writable" (rwxrwxrwx) | ***The sticky bit is commonly found on directories, such as /tmp, that are "world-writable" (rwxrwxrwx) | ||
**Bits 8-0: same as for files, except "x" means "can enter (chdir into) directory" | **'''Bits 8-0''': same as for files, except "x" means "can enter (chdir into) directory" | ||
Revision as of 00:42, 10 June 2005
In Linux and other Unix-based operating systems, a group is an entity to which a user may belong and which confers certain "priveleges" or "rights" to such users.
How Groups Are Used
Groups play a significant role in system security. Ideally, a system administrator can define roles which the various users might play (e.g. scanner operator, webmaster, developer), create a group for each of those roles, and then assign the necessary rights (for performing those functions) to each group, rather than to each user. When managing users, it is then only necessary to assign a new user to the group(s) corresponding to that user's role(s).
Details
- Every file (including directories) has a set of permissions, an owner user and an owner group. Every file or directory's permission set is composed of twelve bits, but the meaning of the bits is slightly different for directories than for files.
- File permissions contain three groups of three bits each. The first set of three applies if and only if the current user is the same as the file's owner user; the second set applies only if the current user belongs to the file's owner group (except for the file's owner user), and the third set applies to everyone else. There are some additional specialized bits. Going from Most Significant Bit (MSB) to Least (LSB):
- Bit 11: "set user ID" -- set user ID on execution
- Bit 10: "set group ID" -- set group ID on execution
- Bit 09: "sticky" -- largely obsolete; used on early Unix systems. See chmod for more information.
- Bits 8-0: rwx (owner user), rwx (owner group), rwx (everyone else): r = can read file, w = can write file, x = can execute file
- Directory permissions are similar:
- Bit 11: "set user ID"
- Bit 10: "set group ID"
- Bit 09: "sticky" --
- 1 = files in that directory may be unlinked or renamed only by root or their owner.
- 0 = anyone able to write to the directory can delete or rename files.
- The sticky bit is commonly found on directories, such as /tmp, that are "world-writable" (rwxrwxrwx)
- Bits 8-0: same as for files, except "x" means "can enter (chdir into) directory"