Skip to Content

GNU/Linux security model

Alaa's picture

Each file has an owner and belongs to a group.

Each running process has an owner and belongs to a group.

Users may belong to multiple groups.

at any session a user has an active group, and process she starts will inherit this active group.

each user has a default active group.

users may change the current active group using the commands newgrp and sg.

this security model is sufficient for most needs because GNU/Linux tries to represent everything as a file.

Each file has 3 sets of permissions that apply to different users, one set applies to the file owner, one applies to members of the file's group and the last set applies to anyone else.

in case one needs more some kernel modules offer Access Control Lists which provide more fine grained control.

Permission grid

ReadWriteExecuteSetUIDSetGIDSticky
fileCan readcan modifyCan executeexecuted as if ownerexecuted as if were in that groupno effect
directorycan lscan make new files and delete filecan cd to directory and access its files and subdirectoriesno effectnew files get group & new dirs get setgidonly owners can delete files
alphabetical chmod+r+w+xu+sg+so+t
numerical chmod421400020001000

Comments

MSameer's picture

Problems with filters in this page.

Can any admin have a look please ?

MSameer's picture

Thanks phaeron for your

Thanks phaeron for your fast response

phaeronix's picture

fixed

The csvfilter module was missing. Thanks Msameer for helping.

Alaa's picture

no CSV filter is not

no CSV filter is not needed, I changed the mrkup so it uses wiki syntx for tables, I suggest you remove csvfilter.

Alaa


husband of the Grand Waragi Master

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.


Dr. Radut | book