Content deleted Content added
Flod logic (talk | contribs) m →Permissions: not a typo template to avoid spellchecker |
Tomasz alias (talk | contribs) GID of files can be set arbitrarily |
||
Line 127:
File system security within [[UNIX]] and [[Unix-like]] systems is based on 9 permission bits, set user and group ID bits, and the [[sticky bit]], for a total of 12 bits. These permissions apply almost equally to all filesystem objects such as files, directories and devices.
The 9 permission bits are divided into three groups of three bits each. The first group describes the permissions of the file owner, the second group describes the permissions of
The set user ID and set group ID bits, commonly abbreviated ''set-UID'' and ''set-GID'' respectively, are used to change the identity of the process which executes a file having either or both of those bits set. A file having the ''[[setuid|set-UID]]'' permission bit set will cause a process which executes that file to temporarily switch the effective user ID to that of the file owner. A file having the ''[[setgid|set-GID]]'' permission bit set will cause a process which executes that file to temporarily switch the effective group ID to that of the file group. A process may then alternate between the effective user or group ID which it inherited from the file and the real user or group ID which it inherited when the user logged on to the system. This provides a mechanism by which a process may limit the access rights it possesses to those code regions which require those access rights. This is a form of a security technique known as [[privilege separation]] and improves program security by limiting the unintended or undesirable actions of a processes.
| |||