Scribd
Upload
64 views1 page

Sticky Bit: $ Chmod 2770 /data/myweb

The sticky bit can be applied to directories or files. When applied to a directory, it prevents deletion or renaming of files within the directory unless the user owns the directory or file. The sticky bit implementation is operating system and distribution dependent. Set group ID permission allows a program to run with the permissions of the file's group, giving it access to other group files and diluting security. It can be useful for project directories to set the group of new files created within the directory. Set user ID runs a program with the permissions of the file's owner, diluting security, and should only be used as a last resort with care taken to avoid security breaches if the owner is root. There are usually better

Uploaded by

Ravicr2012
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
64 views1 page

Sticky Bit: $ Chmod 2770 /data/myweb

The sticky bit can be applied to directories or files. When applied to a directory, it prevents deletion or renaming of files within the directory unless the user owns the directory or file. The sticky bit implementation is operating system and distribution dependent. Set group ID permission allows a program to run with the permissions of the file's group, giving it access to other group files and diluting security. It can be useful for project directories to set the group of new files created within the directory. Set user ID runs a program with the permissions of the file's owner, diluting security, and should only be used as a last resort with care taken to avoid security breaches if the owner is root. There are usually better

Uploaded by

Ravicr2012
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Sticky Bit

The sticky bit can be applied to directories or to files. When applied to a file, the file is saved
in memory after first access, thus making it quickly available.
A directory marked with the sticky bit prevents the deleting and renaming of any files and/or
directories within that directory, unless the user is the owner of the sticky bitmarked
directory or the owner of the file to be deleted or renamed (unless the user is a privileged
user such as root).
The sticky bit is very OS and distribution dependent, so it needs to be investigated locally
before use.
Set Group ID
Used with a program (not a shellscript), this permission allows the program to be executed
as a member of the files group, giving the program the programs group permissions to all
files and directories, thus allowing it more latitude. Of course, this also dilutes security and
should be used only as a last resort. It should also be used very carefully, especially with
powerful groups.
Set group ID can be very handy with directories. Lets say you have a directory for a specific
project called myweb, whose directory is /data/myweb. You create group myweb and add all users
needing access to /data/myweb to that group. You set the ownership of /data/myweb so its group
is myweb.
But theres a problem. When any user creates a file in /data/myweb, the files group is the
users primary group, not myweb. Therefore, various members of group myweb cannot modify
each others files without excessively loose permissions (such as chmod 777).
This is where set group ID comes in. Instead of simply setting permissions of /data/myweb to
770 (read and write for user and group), do a set group ID as follows:
$ chmod 2770 /data/myweb
Now any file created in /data/myweb has a group designation of myweb, regardless of the users
primary group. All users of group myweb can now read and write each others files in the
/data/myweb directory. Naturally, /data/myweb must have group myweb as its group:
$ chown root.myweb /data/myweb
Set User ID
Used with a program (not a shellscript), this permission allows the file to be executed as the
user named as the owner of the file. Of course, this also dilutes security and should be used
only as a last resort. It should also be used very carefully. When used with a file whose
owner is root, this is referred to as suid root or setuid root. Unless used with extreme care, this
represents a major security breach. Theres usually a better way to accomplish the same
goal.

You might also like