Common scenarios of file sharing
In Linux systems, the requirements for sharing files in a multi-user environment may include:
- Multiple users need to access and modify files in the same directory.
- Ensure the collaboration and security of files in the directory.
- Prevent non-owners from deleting other people's files.
To solve these problems, you can use a combination of directory permissions and sticky bits.
Basic concepts
Linux file permissions
The permissions of the Linux file system are divided into three categories:
- Read ®: Allows viewing file content or listing directories.
- Write (w): Allows you to modify file content or create and delete files in a directory.
- Execute (x): Allows executing files or entering directories.
Permissions are set for three identities:
- File Owner
- Group (Group)
- Others
Sticky Bit
Sticky bits are a special permission for Linux file systems and are usually used for shared directories. Its function is:
- After setting sticky bits in the directory, even if other users have write permissions to the directory, they can only delete or modify files they own, and cannot delete or modify other users' files.
Set up a shared directory and configure sticky bits
Create a shared directory
usemkdirThe command creates a shared directory, for example:
sudo mkdir /shared
Set directory permissions
Assign read and write execution permissions to the shared directory so that all users can access and use the directory:
sudo chmod 777 /shared
The above command sets permissions to:
- Owner: Read, write, execute
- Group: Read, Write, Execute
- Others: Read, write, execute
While all users can now operate directories freely, this setting also brings risks because anyone can delete other people's files.
Add sticky bits
To prevent non-owners from deleting other users' files, we need to add sticky bits to the directory:
sudo chmod +t /shared
At this time, ifls -ld /sharedCheck the permissions of the directory and you can see the following results:
drwxrwxrwt 2 root root 4096 Dec 22 12:00 /shared
The last onetIndicates that the viscosity has taken effect.
Verify the effect of sticky positions
Create a test user
Create two test users:
sudo useradd user1 sudo useradd user2
And set a password for them:
sudo passwd user1 sudo passwd user2
Simulate file operations
Switch touser1User and create a file in the shared directory:
su - user1 cd /shared echo "Hello from user1" >
Switch touser2User, try to deleteuser1Files created:
su - user2 cd /shared rm
An error message similar to the following will appear:
rm: cannot remove '': Operation not permitted
This proves that the viscosity is effective,user2Unable to deleteuser1file.
but,user2You can still create your own file and delete it:
echo "Hello from user2" > rm
Things to note
-
Permission settings:
- Ensure that the permissions of the shared directory meet collaboration needs (e.g.
777)。 - Sticky bits do not restrict users' permissions to their own files.
- Ensure that the permissions of the shared directory meet collaboration needs (e.g.
-
Security:
- Although sticky bits can prevent files from being deleted by mistake, the read or write permissions of files still need to be controlled through reasonable permission management.
-
Application scenarios:
- Viscous positions are usually used for
/tmpDirectory, which is open to all users, but prevents users from deleting other people's files through sticky bits.
- Viscous positions are usually used for
summary
By combining directory permissions and sticky bits, Linux systems can better manage access and protection of shared files. Sticky bits are a simple and effective mechanism that is suitable for scenarios where multi-user collaboration is performed. If you are managing a shared environment, try using sticky bits to improve the security of your resources.
The above is the detailed content of the tutorial on how to share files with sticky bits (t-bit) in Linux. For more information about Linux sticky bits (t-bit) in sharing files, please pay attention to my other related articles!