了解Linux目录权限推理 [英] Understanding Linux directory permissions reasoning

问题描述

我对Linux目录权限有2个我不了解的问题.

Hi I have 2 questions regarding linux directory permissions which I do not understand.

我从名为Documents的文件夹中删除了execute标志.之后，我无法在其上使用cd，但仍可以从父目录执行"ls Documents"，并且它仍将我在Documents目录中的文件列出. 我虽然丢失了x标志，但拒绝读取该目录吗?

I removed the execute flag from a folder named Documents. After that I cannot use cd on it but I still can do "ls Documents" from the parent directory and it still lists me the files in the Documents directory. I though the missing x-flag denies reading this directory?

然后我想知道为什么目录中的粘滞位被发明了.我听说过使用它是为了使用户无法删除其他用户创建的临时文件.但是，此IMO违反了删除文件的规则，我们只需要该目录的权限.为什么不简单地给每个用户一个单独的/tmp/目录，而不是在规则系统中引入异常呢? 我知道该标志的作用，但是我想知道为什么发明了该标志的原因.

Then I want to know for why the sticky bit on directories was invented. I've heard it was used so that users cannot delete temp-files creates by other users. But this IMO violates the rule that for deletion of files we just need rights for this directory. Why not simply give each user a separate /tmp/ directory instead of introducing exceptions in the rule system? I know what the flag does, but I want to know the reasoning on why is was invented.

推荐答案

执行位:需要执行位来遍历目录. 读取目录的权限由读取位控制.

Execute bit: The execute bit is needed to traverse a directory. Permission to read a directory is controlled by the read bit.

有关此区别的示例，请参见此shell对话框:

See this shell dialogue for an example of this difference:

以根用户身份:

# find foo/ -ls
drwxr-xr--   3 root     root         4096 Apr 27 12:57 foo/
drwxr-xr-x   2 root     root         4096 Apr 27 12:57 foo/bar
-rw-r--r--   1 root     root            0 Apr 27 12:57 foo/bar/file

作为用户:

$ ls foo/
bar
$ find foo/ -ls
drwxr-xr--   3 root     root         4096 Apr 27 12:57 foo/
find: foo/: Permission denied
$

通常的用法是相反的:删除读取权限但允许遍历，例如允许Web服务器进入〜/public_html，但不允许通过设置--x进行默认索引列表.

The usual usage is the other way round though: removing read permissions but allowing traversal, e.g. to allow a web server into ~/public_html but not letting it do the default index listing by setting --x.

粘性位:正是为了避免目录中有关删除的默认规则而发明的，因此/tmp可以正常工作. /tmp可能与/home驻留在不同的卷上，并且/或者受不同的配额限制.

Sticky bit: This was invented exactly to avoid the default rules about deletion within a directory so /tmp works. /tmp might reside on a different volume than /home and/or be governed by different quotas.

对于需要以下程序的程序， FHS将/tmp 编入代码临时文件"，而"[他们不能假定/tmp中的任何文件或目录在调用之间都保留了."

The FHS codifies /tmp "for programs that require temporary files" while "[they] must not assume that any files or directories in /tmp are preserved between invocations".

就我个人而言，我认为/tmp是将vi globals.h && make install视为安装过程的原始时代的遗留物.如今，程序应遵循$TMPDIR，该目录应指向用户专用的系统管理的目录，至少应在重新启动时清除该目录.甚至 tmpfile(3)之类的标准化函数也没有规定实际路径.尽管关于/tmp的兼容性和安全性问题似乎很重要， /a>.不过请注意，上一封邮件是1999年寄出的，因此此后情况可能有所变化.

Personally, I consider /tmp to be legacy from the heathen days when vi globals.h && make install was considered an installation procedure. Nowadays programs should honour $TMPDIR, which should point to a user-private system-managed directory, which should be cleaned at least on reboot. Even standardised functions like tmpfile(3) do not prescribe the actual path. Although there seem to be important compatibility and security concerns speaking for /tmp. Note though, that the last mail is from 1999, so things might have change since then.

这篇关于了解Linux目录权限推理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！