这里还有许多其他很好的答案,但是如果您仍然像我一样困惑,这是另一种方法。 请注意,我只是该领域的学生,而不是硕士,所以此答案是一个正在进行的工作,至少在目前还不是一个可靠的答案。考虑这个答案v0.2。
群组既简单又复杂。
以下使用的ID的密钥:
KEY Full name -------- Description---------------------------------------------
u User uID = User ID (a unique # associated with each user)
g Group gID = Group ID (a unique # associated with each group)
While each /etc/passwd entry has one uID and one gID,
additional gIDs can be associated with a users via
/etc/group.
L Login IDs - uID and gID produced from the Login process.
('L' is not exactly standard Linux terminology, but
useful for explanations below.)
F File IDs - uID and gID retrieved from a file's ownership.
('F' is not exactly standard Linux terminology, but
useful for explanations below.)
R Real IDs - Who actually runs a process
E Effective IDs - Who spoofed via setuid or setgid, runs a process
O Original Eff. IDs - Place to save the original Effective ID when changing
it (e.g. temporarily downgrading it) so can later
restore it. Also called "Saved ID"; (but 'S' was not
used for here to help avoid confusion with the 'S' in
'SetUserID' & SetGroupID.)
+ Supplimentary gIDs - Optional, additional groups (none or more) running
this process which can be used to test for permissions.
用户和组ID名称:
Category USER GROUP Notes
----------------- ---- ----- -------------------------------------------
From login: LuID LgID From /etc/passwd lookup
From files: FuID FgID Each file has these. Set by creator process.
For each running process:
Real RuID RgID Actual user starting the program
Effective EuID EgID Assigned user starting the program*
Saved OuID OgID Saves original effective ID.
Supplementary +gID1 (optional, additional groups)
+gID2
...
进程如何获取ID:
1)登录名对用户名进行身份验证,LuID
然后LgID
从返回/etc/passwd
。
2)第一个过程设置有效=真实=登录,即
EuID=RuID=LuID
EgID=RgID=LgID
3)分叉子女继承RuID
,EuID
,RgID
,和EgID
,(可能是保存与供应),然而,
注意:基础文件系统的suid和nosuid挂载选项也适用。
4a)如果使用s u id进行设置EuID
,则EuID
可以临时更改(例如,从根目录降级),但是首先将其原始值保存在其中,OuID
以便以后可以根据需要恢复。
4b)如果使用s g id进行设置EgID
,则EgID
可以临时更改(例如,从根目录降级),但是首先将其原始值保存在其中,OgID
以便以后可以根据需要恢复。
创建文件时:
File's new id's are set from effective id's: FuID=EuID and FgID=EgID
(Permissions are set from umask.)
打开阅读:
If FuID = EuID and user-read bit is set, or
If FgID = EgID and group-read bit is set, or
If FgID = +gID1 and group-read bit is set, or
If FgID = +gID2 and group-read bit is set, ...
then allow reading.
打开写作:
(Same as above but write bit set to allow writing.)
打开执行:
(Same as above but execute bit set to allow execution.)
需要发送消息时:
Use RuID and RgID. (Not EuID or EgID). *(Not sure where I read this.)*
参考文献:人证书
附加:这是一个用于漂亮打印/ etc / group文件的实用程序:
cat /etc/group | sort -t: -k3n | awk -F ':' \
'BEGIN{printf "\n%-20s %-3s %-8s %s", \
"Group name","pw", "Group ID ", "User list"}\
BEGIN{printf "\n%-20s %-3s %-8s %s\n", \
"----------","--", "---------", "---------"} \
{ printf "%-20s %-3s %8d %s\n", $1, $2, $3, $4 }'