Linux 文件权限(深入)- 数字到字符串表示法,反之亦然;附加文件权限
Linux file permissions(in-depth) - numeric to string notation, and vice versa; additional file-permissions
我想出了如何将符号 rwx 部分 read/convert 转换为 421 个八进制部分,这非常简单。但是当涉及到特殊字符时,我感到非常困惑。我们知道 -r-xr---wx 转换为 0543,但 -r-sr---wt 或 -r-xr---wt 转换为什么?
我相信在用户执行权限下有 x、s、S。对于组执行权限也有 x、s、S。然后所有其他用户执行权限有 x、t、T。所有这些是什么意思和它们如何转换为八进制表示法。我猜这与0421中的0位置有关?
根据我的 class 笔记,它说 5543 转换为 -r-sr---wt。然后 -r-S-wsrw- 的示例问题转换为 6536 除了它希望我们固定第二个位置 (5) 以便它是正确的转换。
我进行了大量搜索和 Google 搜索,但令人惊讶的是,我找不到关于这些特殊字符的任何信息。
在网上深入搜索后,发现this link about Understanding Linux File Permissions里面描述的很详细:
s - This indicated the setuid/setgid permissions. This is not set
displayed in the special permission part of the permissions display,
but is represented as a s in the read portion of the owner or group
permissions.
t - This indicates the sticky bit permissions. This is not set
displayed in the special permission part of the permissions display,
but is represented as a t in the executable portion of the all users
permissions
Setuid/Setgid 特殊权限
---setuid/setguid权限用于告诉系统运行一个可执行文件作为拥有所有者权限的所有者。
---小心使用权限中的setuid/setgid位。如果您错误地将权限分配给设置了 setuid/setgid 位的 root 拥有的文件,那么您可以打开您的系统以进行入侵。
---您只能通过显式定义权限来分配setuid/setgid位。 setuid/setguid 位的字符是 s.
Sticky Bit 特殊权限
---粘滞位在共享环境中非常有用,因为当它被分配到目录的权限时,它会设置它,因此只有文件所有者才能重命名或删除所述文件。
---您只能通过显式定义权限来分配粘滞位。粘性位的字符是 t.
从数字(1/2/4421)到符号表示法(rwx/s/t)转换背后的逻辑:
编辑:
第一个数字代表Owner权限;第二个代表组权限;最后一个数字代表所有其他用户的权限。这些数字是 rwx 字符串的二进制表示。
r = 4
w = 2
x = 1
---> 粘滞位可以使用 chmod 命令设置,可以使用其八进制模式 1000 或通过其符号 t 设置(s 已被 setuid 位使用)。例如,要在目录 /usr/local/tmp 上添加位,可以键入 chmod 1777 /usr/local/tmp.
---> setuid 和 setgid 位通常使用命令 chmod 通过将高阶八进制数字设置为 4 for setuid 或 2对于 setgid。 chmod 6711 file 将设置 setuid 和 setgid 位 (4+2=6),使文件 read/write/executable 为所有者 (7),并可由组(第一个)和其他人(第二个 1)执行).
s --- The setuid bit when found in the user triad; the setgid bit when found in the group
triad; it is not found in the others triad; it also implies that x is set.
S --- Same as s, but x is not set; rare on regular files, and useless on folders.
t --- The sticky bit; it can only be found in the others triad; it also implies that x is
set.
T --- Same as t, but x is not set; rare on regular files, and useless on folders.
s, S, t and T values are always appended before the user-group-others
permission notation. So, first letter of the notation represents s, S, t or T values appended to the string. The next 3 letters are the usual permission.
您的 questions/examples 与文件权限相关:
1. -r-sr---wt = 5543, first 5(s set for user = 4 + t set for others = 1),
second 5(r=4,s=1), third 4(r = 4), and last, fourth 3(w=2, t = 1).
2. -r-S-wsrw- = 6436, first 6(S set for user = 4 + s set for group = 2),
second 5(r=4, x=0, since S don't account for x),
third 3(w = 2, s results in x = 1), and last, fourth 6(r=4,w=2).
如果您想要实际的位,可以在 stat.2 man page 上找到它们(格式为代码,因此更具可读性):
The following mask values are defined for the file type of the
st_mode field:
S_IFMT 0170000 bit mask for the file type bit field
S_IFSOCK 0140000 socket
S_IFLNK 0120000 symbolic link
S_IFREG 0100000 regular file
S_IFBLK 0060000 block device
S_IFDIR 0040000 directory
S_IFCHR 0020000 character device
S_IFIFO 0010000 FIFO
...
The following mask values are defined for the file mode component of
the st_mode field:
S_ISUID 04000 set-user-ID bit
S_ISGID 02000 set-group-ID bit (see below)
S_ISVTX 01000 sticky bit (see below)
S_IRWXU 00700 owner has read, write, and execute permission
S_IRUSR 00400 owner has read permission
S_IWUSR 00200 owner has write permission
S_IXUSR 00100 owner has execute permission
S_IRWXG 00070 group has read, write, and execute permission
S_IRGRP 00040 group has read permission
S_IWGRP 00020 group has write permission
S_IXGRP 00010 group has execute permission
S_IRWXO 00007 others (not in group) have read, write, and
execute permission
S_IROTH 00004 others have read permission
S_IWOTH 00002 others have write permission
S_IXOTH 00001 others have execute permission
这些位在the /usr/include/uapi/linux/stat.h header file中定义:
#ifndef _UAPI_LINUX_STAT_H
#define _UAPI_LINUX_STAT_H
#if defined(__KERNEL__) || !defined(__GLIBC__) || (__GLIBC__ < 2)
#define S_IFMT 00170000
#define S_IFSOCK 0140000
#define S_IFLNK 0120000
#define S_IFREG 0100000
#define S_IFBLK 0060000
#define S_IFDIR 0040000
#define S_IFCHR 0020000
#define S_IFIFO 0010000
#define S_ISUID 0004000
#define S_ISGID 0002000
#define S_ISVTX 0001000
#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
#define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR)
#define S_ISBLK(m) (((m) & S_IFMT) == S_IFBLK)
#define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO)
#define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK)
#define S_IRWXU 00700
#define S_IRUSR 00400
#define S_IWUSR 00200
#define S_IXUSR 00100
#define S_IRWXG 00070
#define S_IRGRP 00040
#define S_IWGRP 00020
#define S_IXGRP 00010
#define S_IRWXO 00007
#define S_IROTH 00004
#define S_IWOTH 00002
#define S_IXOTH 00001
#endif
#endif /* _UAPI_LINUX_STAT_H */
我想出了如何将符号 rwx 部分 read/convert 转换为 421 个八进制部分,这非常简单。但是当涉及到特殊字符时,我感到非常困惑。我们知道 -r-xr---wx 转换为 0543,但 -r-sr---wt 或 -r-xr---wt 转换为什么?
我相信在用户执行权限下有 x、s、S。对于组执行权限也有 x、s、S。然后所有其他用户执行权限有 x、t、T。所有这些是什么意思和它们如何转换为八进制表示法。我猜这与0421中的0位置有关?
根据我的 class 笔记,它说 5543 转换为 -r-sr---wt。然后 -r-S-wsrw- 的示例问题转换为 6536 除了它希望我们固定第二个位置 (5) 以便它是正确的转换。
我进行了大量搜索和 Google 搜索,但令人惊讶的是,我找不到关于这些特殊字符的任何信息。
在网上深入搜索后,发现this link about Understanding Linux File Permissions里面描述的很详细:
s - This indicated the setuid/setgid permissions. This is not set displayed in the special permission part of the permissions display, but is represented as a s in the read portion of the owner or group permissions.
t - This indicates the sticky bit permissions. This is not set displayed in the special permission part of the permissions display, but is represented as a t in the executable portion of the all users permissions
Setuid/Setgid 特殊权限
---setuid/setguid权限用于告诉系统运行一个可执行文件作为拥有所有者权限的所有者。
---小心使用权限中的setuid/setgid位。如果您错误地将权限分配给设置了 setuid/setgid 位的 root 拥有的文件,那么您可以打开您的系统以进行入侵。
---您只能通过显式定义权限来分配setuid/setgid位。 setuid/setguid 位的字符是 s.
Sticky Bit 特殊权限
---粘滞位在共享环境中非常有用,因为当它被分配到目录的权限时,它会设置它,因此只有文件所有者才能重命名或删除所述文件。
---您只能通过显式定义权限来分配粘滞位。粘性位的字符是 t.
从数字(1/2/4421)到符号表示法(rwx/s/t)转换背后的逻辑:
编辑:
第一个数字代表Owner权限;第二个代表组权限;最后一个数字代表所有其他用户的权限。这些数字是 rwx 字符串的二进制表示。
r = 4
w = 2
x = 1
---> 粘滞位可以使用 chmod 命令设置,可以使用其八进制模式 1000 或通过其符号 t 设置(s 已被 setuid 位使用)。例如,要在目录 /usr/local/tmp 上添加位,可以键入 chmod 1777 /usr/local/tmp.
---> setuid 和 setgid 位通常使用命令 chmod 通过将高阶八进制数字设置为 4 for setuid 或 2对于 setgid。 chmod 6711 file 将设置 setuid 和 setgid 位 (4+2=6),使文件 read/write/executable 为所有者 (7),并可由组(第一个)和其他人(第二个 1)执行).
s --- The setuid bit when found in the user triad; the setgid bit when found in the group
triad; it is not found in the others triad; it also implies that x is set.
S --- Same as s, but x is not set; rare on regular files, and useless on folders.
t --- The sticky bit; it can only be found in the others triad; it also implies that x is
set.
T --- Same as t, but x is not set; rare on regular files, and useless on folders.
s, S, t and T values are always appended before the user-group-others permission notation. So, first letter of the notation represents s, S, t or T values appended to the string. The next 3 letters are the usual permission.
您的 questions/examples 与文件权限相关:
1. -r-sr---wt = 5543, first 5(s set for user = 4 + t set for others = 1),
second 5(r=4,s=1), third 4(r = 4), and last, fourth 3(w=2, t = 1).
2. -r-S-wsrw- = 6436, first 6(S set for user = 4 + s set for group = 2),
second 5(r=4, x=0, since S don't account for x),
third 3(w = 2, s results in x = 1), and last, fourth 6(r=4,w=2).
如果您想要实际的位,可以在 stat.2 man page 上找到它们(格式为代码,因此更具可读性):
The following mask values are defined for the file type of the
st_mode field:
S_IFMT 0170000 bit mask for the file type bit field
S_IFSOCK 0140000 socket
S_IFLNK 0120000 symbolic link
S_IFREG 0100000 regular file
S_IFBLK 0060000 block device
S_IFDIR 0040000 directory
S_IFCHR 0020000 character device
S_IFIFO 0010000 FIFO
...
The following mask values are defined for the file mode component of
the st_mode field:
S_ISUID 04000 set-user-ID bit
S_ISGID 02000 set-group-ID bit (see below)
S_ISVTX 01000 sticky bit (see below)
S_IRWXU 00700 owner has read, write, and execute permission
S_IRUSR 00400 owner has read permission
S_IWUSR 00200 owner has write permission
S_IXUSR 00100 owner has execute permission
S_IRWXG 00070 group has read, write, and execute permission
S_IRGRP 00040 group has read permission
S_IWGRP 00020 group has write permission
S_IXGRP 00010 group has execute permission
S_IRWXO 00007 others (not in group) have read, write, and
execute permission
S_IROTH 00004 others have read permission
S_IWOTH 00002 others have write permission
S_IXOTH 00001 others have execute permission
这些位在the /usr/include/uapi/linux/stat.h header file中定义:
#ifndef _UAPI_LINUX_STAT_H
#define _UAPI_LINUX_STAT_H
#if defined(__KERNEL__) || !defined(__GLIBC__) || (__GLIBC__ < 2)
#define S_IFMT 00170000
#define S_IFSOCK 0140000
#define S_IFLNK 0120000
#define S_IFREG 0100000
#define S_IFBLK 0060000
#define S_IFDIR 0040000
#define S_IFCHR 0020000
#define S_IFIFO 0010000
#define S_ISUID 0004000
#define S_ISGID 0002000
#define S_ISVTX 0001000
#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
#define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR)
#define S_ISBLK(m) (((m) & S_IFMT) == S_IFBLK)
#define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO)
#define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK)
#define S_IRWXU 00700
#define S_IRUSR 00400
#define S_IWUSR 00200
#define S_IXUSR 00100
#define S_IRWXG 00070
#define S_IRGRP 00040
#define S_IWGRP 00020
#define S_IXGRP 00010
#define S_IRWXO 00007
#define S_IROTH 00004
#define S_IWOTH 00002
#define S_IXOTH 00001
#endif
#endif /* _UAPI_LINUX_STAT_H */