Get GNU / Linux
News Feed
Blogs
Event Photos
Screen Shots
Polls
Popular Content
Members
Search
Wall PapersGNU/Linux security model
Each file has an owner and belongs to a group.
Each running process has an owner and belongs to a group.
Users may belong to multiple groups.
at any session a user has an active group, and process she starts will inherit this active group.
each user has a default active group.
users may change the current active group using the commands newgrp and sg.
this security model is sufficient for most needs because GNU/Linux tries to represent everything as a file.
Each file has 3 sets of permissions that apply to different users, one set applies to the file owner, one applies to members of the file's group and the last set applies to anyone else.
in case one needs more some kernel modules offer Access Control Lists which provide more fine grained control.
Permission grid
| Read | Write | Execute | SetUID | SetGID | Sticky | |
|---|---|---|---|---|---|---|
| file | Can read | can modify | Can execute | executed as if owner | executed as if were in that group | no effect |
| directory | can ls | can make new files and delete file | can cd to directory and access its files and subdirectories | no effect | new files get group & new dirs get setgid | only owners can delete files |
| alphabetical chmod | +r | +w | +x | u+s | g+s | o+t |
| numerical chmod | 4 | 2 | 1 | 4000 | 2000 | 1000 |
