问题
I figured out how to read/convert the symbolic rwx parts to 421 octal parts, which was pretty straight forward. But I am extremely confused when there's the special characters involved. We know that -r-xr---wx converts to 0543, but what does -r-sr---wt or -r-xr---wt convert to?
I believe for under user execute permission there's x, s, S. For group execute permission there's also x, s, S. Then all other user execute permission there's x, t, T. What do all these mean and how are they converted over to the octal notation. I'm guessing it has something to do with the 0 position in 0421?
From my class notes it says that 5543 converts to -r-sr---wt. Then a sample question of -r-S-wsrw- converts to 6536 except that it wants us to fix the second position (5) so that it'll be the correct conversion.
I searched and Googled plenty, but surprisingly couldn't find anything on these special characters.
回答1:
After in-depth searching on the Web, I found this link about Understanding Linux File Permissions which describes it in detail :
s - This indicated the setuid/setgid permissions. This is not set displayed in the special permission part of the permissions display, but is represented as a s in the read portion of the owner or group permissions.
t - This indicates the sticky bit permissions. This is not set displayed in the special permission part of the permissions display, but is represented as a t in the executable portion of the all users permissions
Setuid/Setgid Special Permissions
---The setuid/setguid permissions are used to tell the system to run an executable as the owner with the owner\'s permissions.
---Be careful using setuid/setgid bits in permissions. If you incorrectly assign permissions to a file owned by root with the setuid/setgid bit set, then you can open your system to intrusion.
---You can only assign the setuid/setgid bit by explicitly defining permissions. The character for the setuid/setguid bit is s.
Sticky Bit Special Permissions
---The sticky bit can be very useful in shared environment because when it has been assigned to the permissions on a directory it sets it so only file owner can rename or delete the said file.
---You can only assign the sticky bit by explicitly defining permissions. The character for the sticky bit is t.
Logic behind conversion from numeric(1/2/4421) to symbolic notation(rwx/s/t) :
EDIT :
The first number represents the Owner permission; the second represents the Group permissions; and the last number represents the permissions for all other users. The numbers are a binary representation of the rwx string.
r = 4
w = 2
x = 1
---> The sticky bit can be set using the chmod command and can be set using its octal mode 1000 or by its symbol t (s is already used by the setuid bit). For example, to add the bit on the directory /usr/local/tmp, one could type chmod 1777 /usr/local/tmp.
---> The setuid and setgid bits are normally set with the command chmod by setting the high-order octal digit to 4 for setuid or 2 for setgid. chmod 6711 file will set both the setuid and setgid bits (4+2=6), making the file read/write/executable for the owner (7), and executable by the group (first 1) and others (second 1).
NOTE :
s --- The setuid bit when found in the user triad; the setgid bit when found in the group
triad; it is not found in the others triad; it also implies that x is set.
S --- Same as s, but x is not set; rare on regular files, and useless on folders.
t --- The sticky bit; it can only be found in the others triad; it also implies that x is
set.
T --- Same as t, but x is not set; rare on regular files, and useless on folders.
s, S, t and T values are always appended before the user-group-others permission notation. So, first letter of the notation represents s, S, t or T values appended to the string. The next 3 letters are the usual permission.
Your questions/examples related to file-permissions :
1. -r-sr---wt = 5543, first 5(s set for user = 4 + t set for others = 1),
second 5(r=4,s=1), third 4(r = 4), and last, fourth 3(w=2, t = 1).
2. -r-S-wsrw- = 6436, first 6(S set for user = 4 + s set for group = 2),
second 5(r=4, x=0, since S don't account for x),
third 3(w = 2, s results in x = 1), and last, fourth 6(r=4,w=2).
回答2:
In case you want the actual bits, they can be found on the stat.2 man page (formatted as code so it's more readable):
The following mask values are defined for the file type of the
st_mode field:
S_IFMT 0170000 bit mask for the file type bit field
S_IFSOCK 0140000 socket
S_IFLNK 0120000 symbolic link
S_IFREG 0100000 regular file
S_IFBLK 0060000 block device
S_IFDIR 0040000 directory
S_IFCHR 0020000 character device
S_IFIFO 0010000 FIFO
...
The following mask values are defined for the file mode component of
the st_mode field:
S_ISUID 04000 set-user-ID bit
S_ISGID 02000 set-group-ID bit (see below)
S_ISVTX 01000 sticky bit (see below)
S_IRWXU 00700 owner has read, write, and execute permission
S_IRUSR 00400 owner has read permission
S_IWUSR 00200 owner has write permission
S_IXUSR 00100 owner has execute permission
S_IRWXG 00070 group has read, write, and execute permission
S_IRGRP 00040 group has read permission
S_IWGRP 00020 group has write permission
S_IXGRP 00010 group has execute permission
S_IRWXO 00007 others (not in group) have read, write, and
execute permission
S_IROTH 00004 others have read permission
S_IWOTH 00002 others have write permission
S_IXOTH 00001 others have execute permission
The bits are defined in the /usr/include/uapi/linux/stat.h header file:
#ifndef _UAPI_LINUX_STAT_H
#define _UAPI_LINUX_STAT_H
#if defined(__KERNEL__) || !defined(__GLIBC__) || (__GLIBC__ < 2)
#define S_IFMT 00170000
#define S_IFSOCK 0140000
#define S_IFLNK 0120000
#define S_IFREG 0100000
#define S_IFBLK 0060000
#define S_IFDIR 0040000
#define S_IFCHR 0020000
#define S_IFIFO 0010000
#define S_ISUID 0004000
#define S_ISGID 0002000
#define S_ISVTX 0001000
#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
#define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR)
#define S_ISBLK(m) (((m) & S_IFMT) == S_IFBLK)
#define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO)
#define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK)
#define S_IRWXU 00700
#define S_IRUSR 00400
#define S_IWUSR 00200
#define S_IXUSR 00100
#define S_IRWXG 00070
#define S_IRGRP 00040
#define S_IWGRP 00020
#define S_IXGRP 00010
#define S_IRWXO 00007
#define S_IROTH 00004
#define S_IWOTH 00002
#define S_IXOTH 00001
#endif
#endif /* _UAPI_LINUX_STAT_H */
来源:https://stackoverflow.com/questions/36618977/linux-file-permissionsin-depth-numeric-to-string-notation-and-vice-versa-a