Privilege

User

each user has an UID to identify the user

Process

each process has a PID

by default process runs with the privilege of the user stated it

some process has a flag SetUID or SUID, and will run with privilege of owner, not the user start it

most system tools has SUID flag, run as root, but will decrease to a less privileged user soon after done whatever requires root privilege

File System

Default permission system - discretionary access control (DAC):

for files:

privilege (for owner, group and others):

• (r)ead,
• (w)rite,
• e(x)ecute

privilege (shown with "stat filename"):

• restricted deletion, or sticky: user with w on dir but not w on file cannot delete the file
• setuid / setgid: run with privilege of owner user / owner group

type (first field shown by ls -l):

• '-': regular file
• 'd': a directory
• 'l': a symbolic link
• 'b': a block device (like /dev/sda1)
• 'c': a character device (like /dev/console)
• 'p': a named pipe
• 's': a unix domain socket

for dirs:

• (r)ead - obtain dir's content;
• w(rite) - content can be changed, add or remove file / dir;
• e(x)ecute - cd into the dir; [tested] show content of subdir;

Tools

ls -l

stat

chmod u=rw g-w o+w...

chown

lsattr / chattr (gentoo)