最後更新: 2021-02-10

目錄

• Sticky bit(t)
• Delete Permission
• Search bit(x bit for directory)

Sticky bit(t)

t(sticky bit), a permission bit that is set on a directory

only the owner of the file/directory or the root user to delete or rename the file

Search bit(x bit for directory)

It enables you to access the inodes of the files listed inside the folder.

測試帳戶: tim

[測試1]

假設有 Folder 以下 permission

drw-------  2 tim  tim   4096 Feb  3 18:15 tim

cd tim

bash: cd: tim: Permission denied

ls -l tim/

ls: cannot access 'tim/test.txt': Permission denied
total 0
-????????? ? ? ? ?            ? test.txt

=> 當頂層沒有 "x", 在它之下的就 access 唔到, 即使 777

[測試2]

假設有 Folder 以下 permission

d------rwx  2 tim  tim   4096 Feb  3 18:15 tim

ls -l tim/

ls: cannot open directory 'tim/': Permission denied

cd tim

bash: cd: tim: Permission denied

=> If you have "x" but not "r", you can "cd" into it but can not "ls" the files directly.

      But, if you know names of the files or directories you can "cat/ls" them.

Delete Permission

即使 file permission 係 666, 而且是 owner 來, 只要 folder 沒有 w 就不能 delete

ll -d acl/

drwxr-xr-x 2 root root 4096 Mar 23 10:44 acl/

ll

-rw-rw-rw- 1 root tim 0 Mar 23 10:44 test.txt

rm test.txt

rm: cannot remove 'acl/test.txt': Permission denied

ll

-rw-rw-rw- 1 tim tim 0 Mar 23 10:44 test.txt

rm test.txt

rm: cannot remove 'acl/test.txt': Permission denied

如果 file 係 444, 即使 folder 沒有 w 又不是 owner 也能 delete

rm: remove write-protected regular empty file ‘test.txt’? y

Group Permission

getent passwd waf-web

waf-web:x:1002:1002::/home/waf/waf-panel:/bin/bash

ll -d /home/waf

drwx-----x 6 waf waf-web 4096 Sep 28 14:02 /home/waf

ll -d /home/waf/waf-panel

drwxr-s--x 4 waf waf-web 55 Sep 28 14:33 /home/waf/waf-panel

su waf-web

bash: /home/waf/waf-panel/.bashrc: Permission denied