Linux Server Configuration
Special Directory Permissions: Sticky
Download 493.5 Kb.
|
0501-linux-server-configuration
- Bu sahifa navigatsiya:
- 3.10 Special Directory Permissions: Setgid
- Chapter 4: FileSystem: Mouning and Unmouning
3.9 Special Directory Permissions: StickyThe /tmp directory must be world-writable, so that anyone may create temporary files within it. But that would normally mean that anyone may delete any files within it — obviously a security hole. A directory may have ‘sticky’ permissions: Only a file’s owner may delete it from a sticky directory. Expressed with a t (mnemonic: temporary directory) in a listing: $ ls -l -d /tmp drwxrwxrwt 30 root root 11264 Dec 21 09:35 /tmp We enable ‘sticky’ permission with the following command: # chmod +t /data/tmp 3.10 Special Directory Permissions: SetgidIf a directory is setgid (‘set group-id’), files created within it acquire the group ownership of the directory and directories created within it acquire both the group ownership and setgid permission. It is useful for a shared directory where all users working on its files are in a given group. It is expressed with an s in ‘group’ position in a listing: $ ls -l -d /data/projects drwxrwsr-x 16 root staff 4096 Oct 19 13:14 data/projects We enable setgid with: # chmod g+s /data/projects Chapter 4: FileSystem: Mouning and UnmouningA filesystem in this context is a hierarchy of directories that is located on a single partition (logically independent section of a hard disk drive) or other device, such as a CDROM, DVD, floppy disk or USB key drive, and has a single filesystem type (i.e., method for organizing data). As far as many parts of a Linux system are concerned, a partition contains entirely arbitrary data. When installing, we set things up so that a partition contains a filesystem — a way of organising data into files and directories. One filesystem is made the root filesystem: the root directory on that filesystem becomes the directory named /. Other filesystems can be mounted: the root directory of that filesystem is grafted onto a directory of the root filesystem. This arranges for every file in every mounted filesystem to be accessible from a single unified name space. The directory grafted onto is called the mount point. Download 493.5 Kb. Do'stlaringiz bilan baham: 
|