1.请介绍一下你自己.
这是外企常问的问题. 一般人回答这个问题过于平常,只说姓名、年龄、爱好、工作经验,这些在简历上都有,其实,外企最希望知道的是求职者能否胜任工作,包括:最强的技能、最深入研究的知识领域、个性中最积极的部分、做过的最成功的事,主要的成就等,这些都可以和学习无关,也可以和学习有关,但要突出积极的个性和做事的能力,说得合情合理外企才会相信. 外企很重视一个人的礼貌,求职者要尊重考官,在回答每个问题之后都说一句“谢谢”.外企喜欢有礼貌的求职者.
2.在学校你最不喜欢的课程是什么?为什么?
这个问题外企不希望求职者直接回答“数学”、“体育”之类的具体课程,如果直接回答还说明了理由,不仅代表求职者对这个学科不感兴趣,可能还代表将来也会对要完成的某些工作没有兴趣. 这个问题外企招聘者最想从求职者口里听到:我可能对个别科目不是特别感兴趣,但是正因为这样,我会花更多的时间去学习这门课程,通过学习对原本不感兴趣的科目也开始有了兴趣,对于本来就有兴趣的科目我自然学习得更认真,所以各门课的成绩较为平衡.通过这样的问题,外企可以找到对任何事情都很感兴趣的求职者.
3.说说你最大的优缺点?
这个问题外企问的概率很大,通常不希望听到直接回答的缺点是什么等,如果求职者说自己小心眼、爱忌妒人、非常懒、脾气大、工作效率低,外企肯定不会录用你. 外企喜欢求职者从自己的优点说起,中间加一些小缺点,最后再把问题转回到优点上,突出优点的部分. 外企喜欢聪明的求职者.
4.你认为你在学校属于好学生吗?
外企的招聘者很精明,问这个问题可以试探出很多问题:如果求职者学习成绩好,就会说:“是的,我的成绩很好,所有的成绩都很优异. 当然,判断一个学生是不是好学生有很多标准,在学校期间我认为成绩是重要的,其他方面包括思想道德、实践经验、团队精神、沟通能力也都是很重要的,我在这些方面也做得很好,应该说我是一个全面发展的学生.” 如果求职者成绩不尽理想,便会说:“我认为是不是一个好学生的标准是多元化的,我的学习成绩还可以,在其他方面我的表现也很突出,比如我去很多地方实习过,我很喜欢在快节奏和压力下工作,我在学生会组织过××活动,锻炼了我的团队合作精神和组织能力.” 有经验的招聘者一听就会明白,外企喜欢诚实的求职者.
5.说说你的家庭.
外企面试时询问家庭问题不是非要知道求职者家庭的情况,探究隐私,外企不喜欢探究个人隐私,而是要了解家庭背景对求职者的塑造和影响. 外企希望听到的重点也在于家庭对求职者的积极影响. 外企最喜欢听到的是:我很爱我的家庭! 我的家庭一向很和睦,虽然我的父亲和母亲都是普通人,但是从小,我就看到我父亲起早贪黑,每天工作特别勤劳,他的行动无形中培养了我认真负责的态度和勤劳的精神. 我母亲为人善良,对人热情,特别乐于助人,所以在单位人缘很好,她的一言一行也一直在教导我做人的道理. 外企相信,和睦的家庭关系对一个人的成长有潜移默化的影响.
6.说说你对行业、技术发展趋势的看法?
外企对这个问题很感兴趣,只有有备而来的求职者能够过关. 求职者可以直接在网上查找对你所申请的行业部门的信息,只有深入了解才能产生独特的见解. 外企认为最聪明的求职者是对所面试的公司预先了解很多,包括公司各个部门,发展情况,在面试回答问题的时候可以提到所了解的情况,外企欢迎进入企业的人是“知己”,而不是“盲人”.
7.就你申请的这个职位,你认为你还欠缺什么?
外企喜欢问求职者弱点,但精明的求职者一般不直接回答. 他们希望看到这样的求职者:继续重复自己的优势,然后说:“对于这个职位和我的能力来说,我相信自己是可以胜任的,只是缺乏经验,这个问题我想我可以进入公司以后以最短的时间来解决,我的学习能力很强,我相信可以很快融入公司的企业文化,进入工作状态.” 外企喜欢能够巧妙地躲过难题的求职者.
8.你期望的工资是多少?
外企的工资水平是很灵活的,何种能力拿何种工资. 外企喜欢直率的人,但这个问题却不能正面回答,外企希望听到:“以我的能力和我的优势,我完全可以胜任这个职位,我相信我可以做得很好. 但是贵公司对这个职位的描述不是很具体,我想还可以延后再讨论”. 外企欢迎求职者给其定薪的自由度,而不是咬准一个价码.
9.你能给公司带来什么?
外企很想知道未来的员工能为企业做什么,求职者应再次重复自己的优势,然后说:“就我的能力,我可以做一个优秀的员工在组织中发挥能力,给组织带来高效率和更多的收益”. 外企喜欢求职者就申请的职位表明自己的能力,比如申请营销之类的职位,可以说:“我可以开发大量的新客户,同时,对老客户做更全面周到的服务,开发老客户的新需求和消费.” 等等.
10.你还有什么问题吗?
外企的这个问题看上去可有可无,其实很关键,外企不喜欢说“没有问题”的人,因为其很注重员工的个性和创新能力. 外企不喜欢求职者问个人福利之类的问题,如果有人这样问:贵公司对新入公司的员工有没有什么培训项目,我可以参加吗? 或者说贵公司的晋升机制是什么样的? 外企将很欢迎,因为体现出你对学习的热情和对公司的忠诚度以及你的上进心.
如何安全度过试用期?
职场热身站——试用期少不了规划
试用期是企业观察新人的一种手段,也是新人适应工作的缓冲期,因此,需要以重视的态度为之,这段时间里学什么?干什么?希望得到什么?一个好的规划,有助于你尽快融入工作。
首先要解决目标定位问题。根据职场目标的生存、积累、发展实现三个职业阶段的划分,试用期的目标就是生存,有人想要一鸣惊人、有人想要被刮目相看、还有人急于一显身手,这些都是危险的。任何与新人身份不符的愿望、举动都不妥当。
其次就是解决心态问题(职业成熟度)。低姿态、主动才是生存心态。企业,特别是中小企业,未必会像对待下嫁的公主一样提供员工培训流程,也未必会像对待客户那样准备好你学习所需的资料、文件,更未必会像对待专家那样安排一个你理想的工作环境。面对这样的现实,职场新人不具备挑剔、评价、质疑或解释规则的资格,只有主动适应的权利。
具体操作起来,需注意以下几点:
1、建立人和,熟悉环境
可以制定类似的计划,10天内认识你同部门的所有人,30天内认识与你工作有关的绝大多数人,以20人为底线。不仅仅是你认识他们,更重要的是让他们认识你,这个并不容易。在这个过程中观察工作流程、组织环境,同时考验你的人际交往能力。
2、进入工作
工作环境内的打杂、任务、挑战、意外、客户、加班、会议甚至是别人推过来的杂事等等,都是有益的机会,能为你带来操作经验和小小的成功体验,甚至会带来表现的机会。
别去思考哪些是分内,哪些是分外,力求干好任何一件小事,哪怕是发传真。因为任何一件事都有人在冷眼旁观,暗自评价。
3、恰当表现
职场新人的最佳形象就是勤快、踏实、好学。勤快就是有求必应,行动及时。先完成领导交办的,再完成老同事交办的,自己的任务,时间不够就加班干。踏实则表现在不挑拣、干活有始有终,圆满完成。
好学很重要,与新人的身分最相称。一个就是问,问专业、问要求、问不足,记住要过了脑子再问,重复请教简单常识问题会让人质疑你的努力和智力。另一个就是对公司资料的研究学习,这些事最好在公司完成,外语学习则千万要回家,因为易生误会。
4、人际是非
人际关系处理对于新人来说最难把握,有人的地方就有是非。多看、多想、多做、少说是前辈们的经验。缺少完整的信息来源之前,哪怕是逻辑周密的天才,都无从做出正确判断。卷入是非的新人,是最容易受伤的,对职业发展也非常不利。
《劳动合同法》对试用期作了明确规范:第一,签订劳动合同可以约定试用期;第二,试用期在同一个单位只有一次,试用期只适用于企业新招收录用的人员;第三,先签合同才有试用期,在合同期间内可以约定一段时间作为试用期,而不能以试用期为由,不签合同。企业只签订试用期合同,《劳动合同法》视同无效。
试用期长短怎么定?
进入劳动合同期间,在3个月以上不满一年的,试用期不允许超过一个月。合同期限在一年以上不满3年的,试用期不能超过两个月,合同期限3年以上或者签订无期限合同,试用期不能超过6个月。换句话说,企业与职工签订3个月以下劳动合同或者签订以完成一定工作为期限的合同,不允许约定试用期。
试用期工资怎么算?
试用期的工资,不得低于本单位相同岗位最低档工资或者劳动合同约定工资的百分之八十,并不得低于用人单位所在地的最低工资标准;试用期中,除劳动者不符合录用条件、严重违纪、医疗期满或不能胜任工作外,用人单位不得解除劳动合同。
晋级直通车——新人如何得到老人认可?
谨小慎微是大多数职场新人的日常表现,陌生的环境,新鲜的工作,更难说对于老板和同事心理的探知了。不过,新人们往往迫切希望自己能尽早融入公司,那么,需要为此做些什么呢?怎样的新人才能得到“老”人认可?
●进取心强
现在许多年轻人的工作效率是“老”人们欣赏的,但是学习精神就显得有些不足。做好分内工作自然没错,但业余时间也需多多充电,不要全花在玩乐上。平常闲暇之余多学些业务知识,或者学些外语、计算机之类的知识,以备不时之需。
●有责任感
责任心是新人进入工作角色所必备的。“老”人们不喜欢新人眼高手低,大事做不了,小事不想做,马马虎虎,不负责任。态度决定一切,认真地做好自己的本职工作,这是最基本的要求。
●勇于创新
对于新人,企业需要他们的活力,以及他们对新知识、新观念的领悟能力。年轻人很少受传统思想的影响,更容易接受新的经营观念,很多传统的老观念都需要他们来更新。正因为如此,新人也许可以给企业带来一股新鲜的力量。
●态度谦虚
谦虚的为人更容易赢得同事的好感。尤其对于新人来说,工作的环境需要适应,角色的转换使得大学生亟待学习不少新的东西。虚心地向前辈请教是大学生初入职场的“法宝”之一,切忌自以为是,谦虚是助你与“老”人相处融洽的关键。
编辑部支招 ——对症下药:三类单位方法不同
到了一个全新的环境,势必会有各种各样的问题,少了老师耐心的解答,少了社会对学生特有的宽容,一切都需要我们自己去面对。虽说都是进入公司,但新单位的情况不同,对新人的要求也有所差异。
国企——要从最基层做起
据报道,某国企人力资源部负责人向记者表示,在国企工作,对新人更看重的是踏实稳健的工作作风以及良好的人际交往能力。
根据国企的职业发展模式,新进人员一般要从最基层做起,逐步适应岗位。一般来说,学生们都是带着热情开始自己的第一份工作的。然而,现实与理想总存在着一定差距,新人要学会协调,出现矛盾时,良好的心态至关重要,摆正自己的位置,踏实做好你该做的。
另外,在人际关系的处理上,现在的大学生已经不再像以前那样缺乏人际交往能力,待人接物上不再显得生涩幼稚,这是非常好的现象。
外企——尽快熟悉企业文化
在外企工作,关键一点是,新人进入公司后要尽快熟悉企业文化,明确自己的角色。只有充分了解了企业文化之后,才能掌握公司的工作尺度。
不仅如此,有些外资企业非常重视新进人员的社会实践经验。实践经验丰富的新人,往往比其他同龄人具有更强的职业意识。在外企工作,其工作环境一般来说较其他企业要更为开放。为了保证工作正常运转,同事之间、上下级之间的沟通非常重要。
许多新进人员由于不熟悉公司环境或其他原因,往往在工作当中显得非常内向谨慎、沉默寡言。其实,这是不必要的。及时表达你的工作意见,对你尽快融入工作环境是大有帮助的。
事业单位——注重点滴小事
一般来说,机关事业单位相较于企业来说最大的特点是注重点滴小事。要想办法跟同事们尽快熟悉,可以帮同事们多做点事,比如打扫卫生、整理报纸文件、接听电话等,可别小看这些努力,它会帮助你迅速融入同事圈中,得到大家的帮助和认同。
另外,由于机关单位的老人比较多,所以在做事时,注意不要太浮躁,要沉稳。刚来单位时,少说话,多办事。有不懂的地方多向前辈虚心请教。尽量不要把自己的私事带进办公室,必要的时候可告诉亲戚朋友,让他们尽量不要在上班时间把私人电话打进办公室。
最后,切记不要参与办公室的一些是是非非之中,不要混入到任何“办公室帮派”,做好自己的分内事就可以了。
什么样的工作算好工作 ?
1. 首先是要选择一个好的行业,所谓好的行业,是其产品附加值高的行业;
2. 然后是好行业中一家好公司,它应该是具备持续赢利能力的牛B的公司;
3. 在这样的公司里,要找到一个好的方向,即实现利润的最关键环节,比如销售或研发;
4. 跟一个好老板,好老板的其中一个指标就是老板本人得“强”,如果跟了弱势的老板,
你的前程很容易就跟着被耽搁了。
29 June 2008
17 June 2008
linux file permission
A very good note on file permission in Linux
from:
http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html
Linux Files and File Permission
Linux files are setup so access to them is controlled. There are three types of access:
1. read
2. write
3. execute
Each file belongs to a specific user and group. Access to the files is controlled by user, group, and what is called other. The term, other, is used to refer to someone who is not the user (owner) of the file, nor is the person a member of the group the file belongs to. When talking about setting permissions for "other" users to use, it is commonly referred to as setting the world execute, read, or write bit since anyone in the world will be able to perform the operation if the permission is set in the other category.
File names and permission characters
File names can be up to 256 characters long with "-", "_", and "." characters along with letters and numbers.
When a long file listing is done, there are 10 characters that are shown on the left that indicate type and permissions of the file. File permissions are shown according to the following syntax example: drwerwerwe
There are a total of 10 characters in this example, as in all Linux files. The first character indicates the type of file, and the next three indicate read, write, and execute permission for each of the three user types, user, group and other. Since there are three types of permission for three users, there are a total of nine permission bits. The table below shows the syntax:
1 2 3 4 5 6 7 8 9 10
File User Permissions Group Permissions Other Permissions
Type Read Write Execute Read Write Execute Read Write Execute
d r w e r w e r w e
* Character 1 is the type of file: - is ordinary, d is directory, l is link.
* Characters 2-4 show owner permissions. Character 2 indicates read permission, character 3 indicates write permission, and character 4 indicates execute permission.
* Characters 5-7 show group permissions. Character 5=read, 6=write, 7=execute
* Characters 8-10 show permissions for all other users. Character 8=read, 9=write, 10=execute
There are 5 possible characters in the permission fields. They are:
* r = read - This is only found in the read field.
* w = write - This is only found in the write field.
* x = execute - This is only found in the execute field.
* s = setuid - This is only found in the execute field.
* If there is a "-" in a particular location, there is no permission. This may be found in any field whether read, write, or execute field.
Examples
Type "ls -l" and a listing like the following is displayed:
total 10
drwxrwxrwx 4 george team1 122 Dec 12 18:02 Projects
-rw-rw-rw- 1 george team1 1873 Aug 23 08:34 test
-rw-rw-rw- 1 george team1 1234 Sep 12 11:13 datafile
Which means the following:
Type and # of Files's File's Size in Date of last Filename
Permission field Links Owner Group Bytes modification
| | | | | | |
drwxrwxrwx 4 george team1 122 Dec 12 18:02 Projects
The fields are as follows:
1. Type field: The first character in the field indicates a file type of one of the following:
* d = directory
* l = symbolic link
* s = socket
* p = named pipe
* - = regular file
* c= character (unbuffered) device file special
* b=block (buffered) device file special
2. Permissions are explained above.
3. Links: The number of directory entries that refer to the file. In our example, there are four.
4. The file's owner in our example is George.
5. The group the file belongs to. In our example, the group is team1.
6. The size of the file in bytes
7. The last modification date. If the file is recent, the date and time is shown. If the file is not in the current year, the year is shown rather than time.
8. The name of the file.
Set User Identification Attribute
The file permissions bits include an execute permission bit for file owner, group and other. When the execute bit for the owner is set to "s" the set user ID bit is set. This causes any persons or processes that run the file to have access to system resources as though they are the owner of the file. When the execute bit for the group is set to "s", the set group ID bit is set and the user running the program is given access based on access permission for the group the file belongs to. The following command:
chmod +s myfile
sets the user ID bit on the file "myfile". The command:
chmod g+s myfile
sets the group ID bit on the file "myfile".
The listing below shows a listing of two files that have the group or user ID bit set.
-rws--x--x 1 root root 14024 Sep 9 1999 chfn
-rwxr-sr-x 1 root mail 12072 Aug 16 1999 lockfile
The files chfn and lockfile are located in the directory "/usr/bin". The "s" takes the place of the normal location of the execute bit in the file listings above. This special permission mode has no meaning unless the file has execute permission set for either the group or other as well. This means that in the case of the lockfile, if the other users (world execute) bit is not set with permission to execute, then the user ID bit set would be meaningless since only that same group could run the program anyhow. In both files, everyone can execute the binary. The first program, when run is executed as though the program is the root user. The second program is run as though the group "mail" is the user's group.
For system security reasons it is not a good idea to set many program's set user or group ID bits any more than necessary, since this can allow an unauthorized user privileges in sensitive system areas. If the program has a flaw that allows the user to break out of the intended use of the program, then the system can be compromised.
Directory Permissions
There are two special bits in the permissions field of directories. They are:
* s - Set group ID
* t - Save text attribute (sticky bit) - The user may delete or modify only those files in the directory that they own or have write permission for.
Save text attribute
The /tmp directory is typically world-writable and looks like this in a listing:
drwxrwxrwt 13 root root 4096 Apr 15 08:05 tmp
Everyone can read, write, and access the directory. The "t'' indicates that only the user (and root, of course) that created a file in this directory can delete that file.
To set the sticky bit in a directory, do the following:
chmod +t data
This option should be used carefully. A possible alternative to this is
1. Create a directory in the user's home directory to which he or she can write temporary files.
2. Set the TMPDIR environment variable using each user's login script.
3. Programs using the tempnam(3) function will look for the TMPDIR variable and use it, instead of writing to the /tmp directory.
Directory Set Group ID
If the setgid bit on a directory entry is set, files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file.
This attribute is helpful when several users need access to certain files. If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group. For example, the administrator can create a group called spcprj and add the users Kathy and Mark to the group spcprj. The directory spcprjdir can be created with the set GID bit set and Kathy and Mark although in different primary groups can work in the directory and have full access to all files in that directory, but still not be able to access files in each other's primary group.
The following command will set the GID bit on a directory:
chmod g+s spcprjdir
The directory listing of the directory "spcprjdir":
drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir
The "s'' in place of the execute bit in the group permissions causes all files written to the directory "spcprjdir" to belong to the group "spcprj" .
Examples
Below are examples of making changes to permissions: chmod u+x myfile Gives the user execute permission on myfile.
chmod +x myfile Gives everyone execute permission on myfile.
chmod ugo+x myfile Same as the above command, but specifically specifies user, group and other.
chmod 400 myfile Gives the user read permission, and removes all other permission. These permissions are specified in octal, the first char is for the user, second for the group and the third is for other. The high bit (4) is for read access, the middle bit (2) os for write access, and the low bit (1) is for execute access.
chmod 764 myfile Gives user full access, group read and write access, and other read access.
chmod 751 myfile Gives user full access, group read and execute permission, and other, execute permission.
chmod +s myfile Set the setuid bit.
chmod go=rx myfile Remove read and execute permissions for the group and other.
Below are examples of making changes to owner and group: chown mark test1 Changes the owner of the file test1 to the user Mark.
chgrp mark test1 Changes the file test1 to belong to the group "mark".
Note: Linux files were displayed with a default tab value of 8 in older Linux versions. That means that file names longer than 8 may not be displayed fully if you are using an old Linux distribution. There is an option associated with the ls command that solves this problem. It is "-T". Ex: "ls al -T 30" to make the tab length 30.
Umask Settings
The umask command is used to set and determine the default file creation permissions on the system. It is the octal complement of the desired file mode for the specific file type. Default permissions are:
* 777 - Executable files
* 666 - Text files
These defaults are set allowing all users to execute an executable file and not to execute a text file. The defaults allow all users can read and write the file.
The permission for the creation of new executable files is calculated by subtracting the umask value from the default permission value for the file type being created. An example for a text file is shown below with a umask value of 022:
666 Default Permission for text file
-022 Minus the umask value
-----
644 Allowed Permissions
Therefore the umask value is an expression of the permissions the user, group and world will not have as a default with regard to reading, writing, or executing the file. The umask value here means the group the file belongs to and users other than the owner will not be able to write to the file. In this case, when a new text file is created it will have a file permission value of 644, which means the owner can read and write the file, but members of the group the file belongs to, and all others can only read the file. A long directory listing of a file with these permissions set is shown below.
-rw-r--r-- 1 root workgrp 14233 Apr 24 10:32 textfile.txt
A example command to set the umask is:
umask 022
The most common umask setting is 022. The /etc/profile script is where the umask command is usually set for all users.
Red Hat Linux has a user and group ID creation scheme where there is a group for each user and only that user belongs to that group. If you use this scheme consistently you only need to use 002 for your umask value with normal users.
from:
http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html
Linux Files and File Permission
Linux files are setup so access to them is controlled. There are three types of access:
1. read
2. write
3. execute
Each file belongs to a specific user and group. Access to the files is controlled by user, group, and what is called other. The term, other, is used to refer to someone who is not the user (owner) of the file, nor is the person a member of the group the file belongs to. When talking about setting permissions for "other" users to use, it is commonly referred to as setting the world execute, read, or write bit since anyone in the world will be able to perform the operation if the permission is set in the other category.
File names and permission characters
File names can be up to 256 characters long with "-", "_", and "." characters along with letters and numbers.
When a long file listing is done, there are 10 characters that are shown on the left that indicate type and permissions of the file. File permissions are shown according to the following syntax example: drwerwerwe
There are a total of 10 characters in this example, as in all Linux files. The first character indicates the type of file, and the next three indicate read, write, and execute permission for each of the three user types, user, group and other. Since there are three types of permission for three users, there are a total of nine permission bits. The table below shows the syntax:
1 2 3 4 5 6 7 8 9 10
File User Permissions Group Permissions Other Permissions
Type Read Write Execute Read Write Execute Read Write Execute
d r w e r w e r w e
* Character 1 is the type of file: - is ordinary, d is directory, l is link.
* Characters 2-4 show owner permissions. Character 2 indicates read permission, character 3 indicates write permission, and character 4 indicates execute permission.
* Characters 5-7 show group permissions. Character 5=read, 6=write, 7=execute
* Characters 8-10 show permissions for all other users. Character 8=read, 9=write, 10=execute
There are 5 possible characters in the permission fields. They are:
* r = read - This is only found in the read field.
* w = write - This is only found in the write field.
* x = execute - This is only found in the execute field.
* s = setuid - This is only found in the execute field.
* If there is a "-" in a particular location, there is no permission. This may be found in any field whether read, write, or execute field.
Examples
Type "ls -l" and a listing like the following is displayed:
total 10
drwxrwxrwx 4 george team1 122 Dec 12 18:02 Projects
-rw-rw-rw- 1 george team1 1873 Aug 23 08:34 test
-rw-rw-rw- 1 george team1 1234 Sep 12 11:13 datafile
Which means the following:
Type and # of Files's File's Size in Date of last Filename
Permission field Links Owner Group Bytes modification
| | | | | | |
drwxrwxrwx 4 george team1 122 Dec 12 18:02 Projects
The fields are as follows:
1. Type field: The first character in the field indicates a file type of one of the following:
* d = directory
* l = symbolic link
* s = socket
* p = named pipe
* - = regular file
* c= character (unbuffered) device file special
* b=block (buffered) device file special
2. Permissions are explained above.
3. Links: The number of directory entries that refer to the file. In our example, there are four.
4. The file's owner in our example is George.
5. The group the file belongs to. In our example, the group is team1.
6. The size of the file in bytes
7. The last modification date. If the file is recent, the date and time is shown. If the file is not in the current year, the year is shown rather than time.
8. The name of the file.
Set User Identification Attribute
The file permissions bits include an execute permission bit for file owner, group and other. When the execute bit for the owner is set to "s" the set user ID bit is set. This causes any persons or processes that run the file to have access to system resources as though they are the owner of the file. When the execute bit for the group is set to "s", the set group ID bit is set and the user running the program is given access based on access permission for the group the file belongs to. The following command:
chmod +s myfile
sets the user ID bit on the file "myfile". The command:
chmod g+s myfile
sets the group ID bit on the file "myfile".
The listing below shows a listing of two files that have the group or user ID bit set.
-rws--x--x 1 root root 14024 Sep 9 1999 chfn
-rwxr-sr-x 1 root mail 12072 Aug 16 1999 lockfile
The files chfn and lockfile are located in the directory "/usr/bin". The "s" takes the place of the normal location of the execute bit in the file listings above. This special permission mode has no meaning unless the file has execute permission set for either the group or other as well. This means that in the case of the lockfile, if the other users (world execute) bit is not set with permission to execute, then the user ID bit set would be meaningless since only that same group could run the program anyhow. In both files, everyone can execute the binary. The first program, when run is executed as though the program is the root user. The second program is run as though the group "mail" is the user's group.
For system security reasons it is not a good idea to set many program's set user or group ID bits any more than necessary, since this can allow an unauthorized user privileges in sensitive system areas. If the program has a flaw that allows the user to break out of the intended use of the program, then the system can be compromised.
Directory Permissions
There are two special bits in the permissions field of directories. They are:
* s - Set group ID
* t - Save text attribute (sticky bit) - The user may delete or modify only those files in the directory that they own or have write permission for.
Save text attribute
The /tmp directory is typically world-writable and looks like this in a listing:
drwxrwxrwt 13 root root 4096 Apr 15 08:05 tmp
Everyone can read, write, and access the directory. The "t'' indicates that only the user (and root, of course) that created a file in this directory can delete that file.
To set the sticky bit in a directory, do the following:
chmod +t data
This option should be used carefully. A possible alternative to this is
1. Create a directory in the user's home directory to which he or she can write temporary files.
2. Set the TMPDIR environment variable using each user's login script.
3. Programs using the tempnam(3) function will look for the TMPDIR variable and use it, instead of writing to the /tmp directory.
Directory Set Group ID
If the setgid bit on a directory entry is set, files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file.
This attribute is helpful when several users need access to certain files. If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group. For example, the administrator can create a group called spcprj and add the users Kathy and Mark to the group spcprj. The directory spcprjdir can be created with the set GID bit set and Kathy and Mark although in different primary groups can work in the directory and have full access to all files in that directory, but still not be able to access files in each other's primary group.
The following command will set the GID bit on a directory:
chmod g+s spcprjdir
The directory listing of the directory "spcprjdir":
drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir
The "s'' in place of the execute bit in the group permissions causes all files written to the directory "spcprjdir" to belong to the group "spcprj" .
Examples
Below are examples of making changes to permissions: chmod u+x myfile Gives the user execute permission on myfile.
chmod +x myfile Gives everyone execute permission on myfile.
chmod ugo+x myfile Same as the above command, but specifically specifies user, group and other.
chmod 400 myfile Gives the user read permission, and removes all other permission. These permissions are specified in octal, the first char is for the user, second for the group and the third is for other. The high bit (4) is for read access, the middle bit (2) os for write access, and the low bit (1) is for execute access.
chmod 764 myfile Gives user full access, group read and write access, and other read access.
chmod 751 myfile Gives user full access, group read and execute permission, and other, execute permission.
chmod +s myfile Set the setuid bit.
chmod go=rx myfile Remove read and execute permissions for the group and other.
Below are examples of making changes to owner and group: chown mark test1 Changes the owner of the file test1 to the user Mark.
chgrp mark test1 Changes the file test1 to belong to the group "mark".
Note: Linux files were displayed with a default tab value of 8 in older Linux versions. That means that file names longer than 8 may not be displayed fully if you are using an old Linux distribution. There is an option associated with the ls command that solves this problem. It is "-T". Ex: "ls al -T 30" to make the tab length 30.
Umask Settings
The umask command is used to set and determine the default file creation permissions on the system. It is the octal complement of the desired file mode for the specific file type. Default permissions are:
* 777 - Executable files
* 666 - Text files
These defaults are set allowing all users to execute an executable file and not to execute a text file. The defaults allow all users can read and write the file.
The permission for the creation of new executable files is calculated by subtracting the umask value from the default permission value for the file type being created. An example for a text file is shown below with a umask value of 022:
666 Default Permission for text file
-022 Minus the umask value
-----
644 Allowed Permissions
Therefore the umask value is an expression of the permissions the user, group and world will not have as a default with regard to reading, writing, or executing the file. The umask value here means the group the file belongs to and users other than the owner will not be able to write to the file. In this case, when a new text file is created it will have a file permission value of 644, which means the owner can read and write the file, but members of the group the file belongs to, and all others can only read the file. A long directory listing of a file with these permissions set is shown below.
-rw-r--r-- 1 root workgrp 14233 Apr 24 10:32 textfile.txt
A example command to set the umask is:
umask 022
The most common umask setting is 022. The /etc/profile script is where the umask command is usually set for all users.
Red Hat Linux has a user and group ID creation scheme where there is a group for each user and only that user belongs to that group. If you use this scheme consistently you only need to use 002 for your umask value with normal users.
09 June 2008
Memory allocation in C
Had a nice discussion with Ilpo today.
Write down some experience.
char SendBuf[10][SIZE];
actually allocate a continuous memory.
At first I thought it's like
char *pt[10];
so that I could manipulate on the pointer pt[0] pt[1] ...
and pass it to another function.
No, that doesn't work.
To solve my program, I did a small trick:
int i;
char *pt[10];
char SendBuf[10][SIZE];
for(i=0;i<10;i++ )
{
pt[i]=SendBuf[i];
}
after that, I can use "pt" to do my tricks :)
Another note is that when use the
definition of struct
like: struct A example
we need to memset the 'example' before use it.
Because the stack in memory may leave some garbage information in the struct which can lead to unexpected failure. Like the one I encounter in the PSE project.
The msgsend struct always fail in sending msg because there is a garbage bit in the stack.
thank u Ilpo.
Write down some experience.
char SendBuf[10][SIZE];
actually allocate a continuous memory.
At first I thought it's like
char *pt[10];
so that I could manipulate on the pointer pt[0] pt[1] ...
and pass it to another function.
No, that doesn't work.
To solve my program, I did a small trick:
int i;
char *pt[10];
char SendBuf[10][SIZE];
for(i=0;i<10;i++ )
{
pt[i]=SendBuf[i];
}
after that, I can use "pt" to do my tricks :)
Another note is that when use the
definition of struct
like: struct A example
we need to memset the 'example' before use it.
Because the stack in memory may leave some garbage information in the struct which can lead to unexpected failure. Like the one I encounter in the PSE project.
The msgsend struct always fail in sending msg because there is a garbage bit in the stack.
thank u Ilpo.
08 June 2008
Good link on Makefile
http://www.eng.hawaii.edu/Tutor/Make/index.html
Good illustration on Make and dependency issues.
Good illustration on Make and dependency issues.
Subscribe to:
Posts (Atom)