Learn Linux_07_Linux file permissions from scratch

Learn Linux_07_Linux file permissions from scratch

Command name	Purpose	Command example
Groupadd	Add Group	Groupadd g_study Groupadd-g 777 mygroup -The g parameter specifies the gid directly.
Gpasswd	Manage user group information, such as setting passwords and adding and deleting group members	Gpasswd g_study Gpasswd-a study g_study -A: Add a user to the group. -D. delete a user from the group.
Groupmod	Modify user group information	Groupmod-n studygroup (new name) g_study (old name)
Groupdel	Delete User Group	Groupdel studygroup
Groups	Display the user group to which the user belongs	Groups study
Groupadd	Add Group	Groupadd g_study Groupadd-g 777 mygroup -The g parameter specifies the gid directly.

Command name	Purpose	Command example
Useradd or adduser	Add User	Useradd study
Passwd	Set a password for the user	Passwd study Passwd-d study (delete password)
Usermod	Modify user information	Usermod-c study (alias changed) study
Userdel	Delete a user	Userdel-r study (-r is deleted together with the main directory)
Su	User Switching	Su root
Id	View UID, GID, and user group	Id study

I. Linux user category 1. user category root: This is the system privileged user category. They all have the permission to access the root login account.
Owner: the user who actually owns the file.
Group: the user group name of the user class for the group access to shared files.
World: this does not belong to all other users in the above three categories.
2./etc/shadow # cat/etc/shadow
Xin: $6 $ vhP8o8VT $ activities. wkkkly0: 16430: 0: 99999: 7 ::: (: separate each item) (1) User Name
(2) password (encrypted password, * or! Indicates that you cannot log on)
(3) The last time the password was modified (the number of days from January 1, January 1, 1970 to that day)
(4) Number of days allowed to be modified from the last password change to the next one
(5) The number of days after which the user must change the password
(6) How many days before the password expires to send a warning to the user that the password must be changed
(7) How many days after the password expires will this account be closed
(8) Account Expiration Date
(9) Reserved
3./etc/group (1) group File Format: groupname: password: gid: user_list
-- Groupname: group name
-- Password: group password
-- Gid: Group ID
-- User_list: list of users in this group
# Cat/etc/group
Root: x: 0: xin: x: 1000:

2. Group Management


Iii. User Management


Iv. permission management Linux File Permission bit (1) representation of the File Permission bit:-rwxrwxrwx
(2) The first part indicates the file type.-indicates a common file, d indicates a directory file, and l indicates a symbolic link file;
(3) The next three digits indicate the owner's read, write, and execute permissions.
(4) The next three digits indicate the group user's read, write, and execute permissions.
(5) The last three digits indicate the read, write, and execute permissions of the world user.
Linux File Permission Management 1. Grant the corresponding chmod to the file (1) chmod Introduction [1] the chmod command format is:
Chmod [option] mode files...
[2] mode format:
<1> numeric mode: [n] [n] [n] r = 4 w = 2 x = 1
Rwx: 4 + 2 + 1; r-x: 4 + 1; rw-: 4 + 2
<2> text mode: [ugoa] [+-=] [rwx]
U -- owner of the file;
G -- the owner of the archive belongs to the same group;
O -- other people; a -- all people; + -- add permissions
--- Remove Permissions
= -- Set permissions
(2) Example 1 [1] Grant the rwxr-xr-x permission to the text file: chmod 755 text
[2] Grant rwxr-xr-x permission to all files under text and its subdirectories:
Chmod-R 755 text
(3) Example 2 [1] add rw permission to the group owner of the file abc
Chmod g + rw abc
[2] Remove the x permission for the user owner of the abc File
Chmod u-x abc
[3] other user permissions of the specified file abc are rw-
Chmod o = rw-
[4] adds the x permission to all users of all files under the abc and Its subdirectories.
Chmod-R a + x abc
2. Set the user to which the file belongs and the group to which the file belongs (chown, chgrp) (1) chgrp [1] chgrp is used to change the owner of the file group. The general format is:
Chgrp [option] group file
[2] Change the group owner of the file abc to study:
Chgrp xin abc
[3] Change the group owner of all files in the test and its subdirectories to study:
# Chgrp-R xin test/

(2) chown [1] chown is used to change the file owner and group owner. Its general format is:
Chown [option] owner [: group] file
[2] Change the owner of all files in test and Its subdirectories to jjl:
# Chown-R root test/
[3] Change the owner of the test file to jjl and the group owner to study:
# Chown-R xin: xin test/
3. set uid (suid) and set gid (sgid) When s indicates that the x Project of the file owner is SUID, s is called Set GID and SGID in group x!
(1)/usr/bin/passwd-rwsr-xr-x
(2)/etc/shadow-r --------
(3) The suid permission is only valid for executable programs, that is, it has the x permission.
(4) This Permission applies to running processes.
(5) A running process will have the permissions of the program owner.
(6) When s appears at the x position of the group permission, it is called sgid (7 ).
Vbird has the x permission for the/usr/bin/passwd program, indicating that vbird can run passwd;
The owner of passwd is the root account;
When vbird runs passwd, it will "Temporarily" Get the root permission;
/Etc/shadow can be modified by the passwd run by vbird.
4. sticky bit (sbit): adhesive bit t attribute
(1) If a file has w attributes, you can delete (2)/tmp drwxrwxrwt
(3) only valid for directories
(4) Prevent files or directories from being deleted by non-owner users. They can only be deleted by themselves or root users.

5. Applications

If you add a number before the three numbers, the first number indicates the permissions!

4. Set SUID2 to SGID1 to SBIT.
(1) Example 1 # ls-l a-rw-r -- 1 root 7 August 26 20:01
# Chmod 4644
# Ls-l
-RwSr -- r -- 1 root 7 August 26 20:01 a (uppercase S indicates no executable permission)
# Chmod 4744
# Ls-l
-Rwsr -- r -- 1 root 7 August 26 20:01

(2) Example 2 # chmod 7777
# Ls-l
-Rwsrwsrwt 1 root 7 August 26 20:01

6. umask (1) normal user default: 0002 indicates that other users must remove the permission of 2, mode = 777 &~ Umask (2) root User: 0022 (3) if it is a file, the executable permission will be removed, mode = 666 &~ Umask