Linux file permissions and directory configuration

Source: Internet
Author: User
Tags bz2

One: Users and Groups

1 file Owner (user): is the owner of this file, has permissions to the file
2 Group: Users within their group have access to files
3 Others (Other):
4 Linux user identities and group recorded files
By default, information about super users and seven users is recorded in the/etc/passwd directory, the password is recorded under the/etc/shadow file, and all Linux group names are recorded in/etc/group.

Two-file permissions concept: 1 Linux file properties

LS is the list meaning, focus on displaying the file name and related properties, and the option [-al] is to list all the file detailed permissions and attributes, including the hidden file, the first character is.
[Email protected] ~]# Ls-al
Total Dosage 76
D r-xr-x---. Root root 4096 January 28 16:02.
Document Type document Permissions link number document owner document belongs to group document capacity last modified time document name
Drwxr-xr-x. Root root 4096 January 28 15:56..
Drwxr-xr-x. 3 root root 67 January 10:58 AAA

Document Type:
D is the directory

    • is the file
      L is the linked document
      b is an interface device that can be stored in the device file (a random access device)
      C is the serial port device in the file of the text device, such as keyboard, mouse

Document permissions:
A group of three, both [rwx] where R is readable (read), [W] means writable (write), [x] means executable (execute), the position of the parameter does not change, and if there is no permission, a [-] is present.

The first set of permissions that the file owner can have
The second group is the right to join this group of accounts
The third group is not the person and does not join the group's other account privileges

where R is 4 W is 2 x is 1

Number of connections: Indicates how many file names are linked to this node (I-node)
Each file will have his permissions and attributes recorded in the file system's I-node, and each filename will be linked to a i-node.

Document owner: The owner account of this file,

Group to which the document belongs: the group to which this file belongs

Document capacity: The default unit is bytes;

To display the full time format, you can use Ls-l--full-time
[Email protected] ~]# ls-l--full-time
Total dosage 0
Drwxr-xr-x. 3 root root 2018-01-28 10:58:15.199512334 +0800 AAA

Document file name:
If the file name is before [.] Represents a hidden file,

LS Document extension:
Using LS--help
Mans LS
Info ls
can view its underlying syntax

The importance of file permissions
1 Data protection features: Files about the system services are usually only root to read and write or execute, root is basically not restricted by the system, so no matter what the permissions of the file, the default root can have access function;
[Email protected] ~]# Ll/etc/shadow
----------. 1 root root 1322 January 11:32/etc/shadow
2 features of team development or data sharing:
3 Improper permission setting is a huge hazard.

2 How to change file properties and permissions

CHGRP: Change the group to which the file belongs
Chown: Changing the file owner
chmod: Change the file permissions, Suid,sgid,sbit, etc.

-r: Represents a continuous change of recursion, and all file directories in the same directory are updated to this owner or owning group.

Chown can change both the owner and the owning group: [chown user.group file] Adds a decimal point (.) between the owner and the group. Or you can. You can also use: to separate the owner from the owning group.

Chown can also be used to modify groups individually, chown. admin file

Change permissions
A Numeric type changes file permissions
Linux files have 9 basic permissions, respectively, owner/group/others three identities each have their own Read/write/execute permissions,
R-4
W-2
X-1
Each identity has its own three permission (R/W/X) scores that need to be accumulated,
Rwx=7
R-x=5
R--=4
--x=1

Symbol Type Change file permissions
Three identities can use U,g,o to represent User,group,other respectively, and a for all is also the full identity.

[email protected] ~]# ll aaa.py
-rw-r--r--. 1 root root 0 January 13:49 aaa.py
[Email protected] ~]# chmod u=rwx,g=rwx aaa.py
[email protected] ~]# ll aaa.py
-RWXRWXR--. 1 root root 0 January 13:49 aaa.py
[Email protected] ~]# chmod u-x,g-x aaa.py
[email protected] ~]# ll aaa.py
-rw-rw-r--. 1 root root 0 January 13:49 aaa.py
[Email protected] ~]# chmod a=rwx aaa.py
[email protected] ~]# ll aaa.py
-rwxrwxrwx. 1 root root 0 January 13:49 aaa.py

[Email protected] ~]# chmod 111 aaa.py
[email protected] ~]# ll aaa.py
---x--x--x. 1 root root 0 January 13:49 aaa.py

3 What is the meaning of directory and file permissions:

1 The importance of permissions to files
Files are places where data is actually contained, including generic text files, database content files, and binary executables.
R (Read): Can read the actual contents of some files,
W (write): You can edit, add, or modify the contents of the file
X (EXecute): The file has permissions that can be executed by the system.
Whether or not our files can be executed is determined by having [x] this permission, which is not related to the document name.

W This permission does not represent the ability to delete this file, the file's permissions are mainly for the content of the file

2 Importance of permissions to the directory
The main content of the directory is in the list of record file names, the file name is strongly associated with the directory.
R (Read contents in directory)
Represents a permission to read a list of directory structures, so when you have permission to read a directory, you can query the file name data under that directory. So you can use the LS command to list the contents of this directory

W (Modify contents of Direcoty):
Represents a permission that has a list of different directory structures
1 Creating a new file and directory
2 Deleting files and directories that already exist
3 Renaming a file or directory that already exists
4 moving files and directory locations within the directory

X (Access directory)
The X of the directory represents whether the user can enter the directory to become the working directory. and the ability to access the CD, if you do not have X permission in a directory, then you can not switch to the directory, you will not be able to execute any instructions under the directory, even if you have the directory of R or W permissions.

4 Special Privileges:

1 o+t permissions: sticky, sticky bits
Effect: For directories only, when the directory has o+t permissions, all users can create files in that directory, but only the file owner and root user can delete files in that directory
Setting mode:
chmod o+t Directory
chmod 1777 Catalogue
2 U+s privileges: suid Adventure Bit
Effect: For binary executables only, the program initiated by the command is executed as the owner of the command.
chmod u+s Binary executable file
chmod 47,552 Binary executable file
3 G+s permissions: Force bit
Effect: For binary executables: This command initiates a program that executes as all groups of the command, and for directories, the owning group of the directory letter file is consistent with the owning group of the directory
Setting mode:
chmod g+s File | directory
chmod 2755 File | directory

5 Linux file types with extension 1 file type

1 Regular documents (regular file)
The first character is a-
Divided into: Plain text document (ASCII), binary file (binary), data format file
2 contents (directory)
The first parameter is [d]
3 link file, similar to a shortcut under Windows. The first property is L (lowercase in L)
4 Device and device files
Divided into: Block device file (block) The first property is a B-character device file (character) The first property is a C
5 Data Interface file (sockets)
This type of file is usually taken over by the data used on the network. The first property is S
6 data transfer file (FIFO, pipe)
FIFO is also a special file type, his main purpose is to solve multiple programs simultaneously access a file caused by the error problem, FIFO's first property is P

2 File extension

Under Windows, the file extension that can be executed is usually. Com,.exe,.bat, and under Linux, as long as you have x in your permission, and you have the ability to execute it on behalf of the file.
With executable permissions The good guys have executable program code different,
Common extensions for Linux underground:
1. sh Shell script file
2
Z,tar,tar.gz,. zip,. tgz: Packaged Compressed files
3 . html,. PHP: Web-related files, respectively, representing HTML and PHP syntax.

3 Linux file length limit

The maximum allowable file name for a single file or directory is 255bytes, in an ASCII English for a bytes, it is approximately 255 characters in length, and if you use 2bytes for each Chinese word, the maximum file name is about 128 characters.

4 limitations of the Linux file name

Try to avoid some special characters:
*? < >:; @ $ and so on

Three Linux directory configuration 1 Linux directory configuration based on--FHS1 filesystem hierarchy Standard (FHS)

Purpose: Let the user know that the installed software is usually placed in that directory.
The focus of FHS is to standardize what data should be placed on each particular directory.

FHS defines the directory as a form of four interactions.
1 shareable: Can be shared to other system mount used directory, so including the execution of files and users of the message, is able to share to other hosts on the network mounted directory
2 Non-shareable: Device file or program-related sockets,
3 Immutable: Function library, file description file, host service configuration file managed by system administrator, etc.
4 variable: frequently changing data, such as log-in files, etc.

In fact, FHS only defines what data should be placed in the three-tier directory for the directory tree schema.
/(/root, root directory): Related to boot system
/usr (Unix software Resource): Related to Software Installation/execution
/var (variable): related to the system running process.

2 The meaning and content of the root directory (/)

The root directory is the most important directory in the system, not only the directory is derived from the root directory, but also the root directory and boot/restore/system repair and other actions.
FHS Standard Recommendation: The root directory (/) where the partition slot should be smaller and better, and the software installed by the application should not be placed in the same partition slot with the root directory, keep the root directory as small as possible.




The meaning and content of 3/usr:

Usr:unix software resource, which is the directory placed by the [Unix operating system software resource], rather than the user's data.

The meaning and content of 4/var

/var is a directory that will gradually take up hard disk capacity after the system is operational, because the/var directory is primarily for files that are normally changed, including cache, login file (log file), and files generated by some software operations

2 directory tree

In Linux, all files and directories start with the root directory, which is the source of all directories and files.
Directory trees [directory tree] Features:
The starting point of the directory tree is the root directory (/,root)
Each directory layout can use the partition file system on the local side, and can also use the filesystem of the network.
Each file has a unique filename in this directory tree (contains the full path)
[Email protected] ~]# ls-l/
Total Dosage 32
lrwxrwxrwx. 1 root root 7 December 19:18 Bin--Usr/bin
Dr-xr-xr-x. 3 root root 4096 December 11:52 boot
Drwxr-xr-x. Root root 3300 January 15:57 Dev
Drwxr-xr-x. 154 root root 8192 January 15:56 etc
Drwxr-xr-x. 3 root root 16 January 11:54 FTP
Drwxr-xr-x. 3 root root 18 December 19:40 Home
lrwxrwxrwx. 1 root root 7 December 19:18 Lib--usr/lib
lrwxrwxrwx. 1 root root 9 December 19:18 lib64-usr/lib64
Drwxr-xr-x. 2 root root 6 March media
Drwxrwxrwx. 2 root root 6 mnt March
Drwxr-xr-x. 4 root root 30 January opt
Dr-xr-xr-x. 493 root root 0 January 15:55 proc
Dr-xr-x---. Root root 4096 January 16:02 root
Drwxr-xr-x. Root root 1360 January 15:57 run
lrwxrwxrwx. 1 root root 8 December 19:18 sbin-Usr/sbin
Drwxr-xr-x. 3 root root 19 January 16:27 SRV
Dr-xr-xr-x. Root root 0 January 15:56 sys
DRWXRWXRWT. Root root 4096 January 19:58 tmp
Drwxr-xr-x. Root root 4096 December 19:18 usr
Drwxr-xr-x. Root root 4096 January 15:56 var

To view the directory schema:
Tree
[Email protected] ~]# yum-y Install tree
[Email protected] ~]# Tree/root
/root
├──aaa
│?? ├──repodata
│?? │?? ├──03897b8e5f471bc4672119dd2e03c6119f369967b2a23e92fdf6cb7ec1862af5-other.xml.gz
│?? │?? ├──0d6b7db64a801b5d1a1b40041ba7d365c527cf772fdc2344afed26ce2db5df24-filelists.xml.gz
│?? │?? ├──550a2eb61507b66a86da417d7bf53fcbe9ddcdfe7994a9f94ce88e6ae0672de4-primary.sqlite.bz2
│?? │?? ├──be88fdfd3dbb63e730cb9d10f28121ccc08ff79b7d65d43f71edf4b79e7888a6-other.sqlite.bz2
│?? │?? ├──dcb3565731ea14adb4ea46231ff3147609e88d570fa4e1024514d19fc2a16b09-filelists.sqlite.bz2
│?? │?? ├──e1e31c6ee42ae9cd189a3e8003869a3971ebc3e1826b444dfdcb640e9df60175-primary.xml.gz
│?? │?? └──repomd.xml
│?? └──wps-office-10.1.0.5672-1.a21.x86_64.rpm
├──aaa.py
├──\345\205\254\345\205\261
├──\346\250\241\346\235\277
├──\350\247\206\351\242\221
├──\345\233\276\347\211\207
├──\346\226\207\346\241\243
├──\344\270\213\350\275\275
├──\351\237\263\344\271\220
└──\346\241\214\351\235\242

Ten directories, 9 files

3 absolute path vs. relative path:

Absolute path: The file name or directory name that is written by the root directory (/).
Relative path: The name of the file in relation to the current path
[[email protected] ~]# cd/var/log/Absolute Path
[Email protected] log]# CD. /log relative path
.: Represents the current directory, or you can use./to indicate
: Represents a previous level of directory, or you can ... /to indicate

Linux file permissions and directory configuration

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.