1. ACL Permissions Introduction: Professional to solve the problem of insufficient identity (similar to Windows Rights Assignment) View partition ACL permissions open: Dumpe2fs-h/dev/sda3 options:-H Show only information in the Super block temporarily turn on partition ACL permissions: Mount-o remount,acl/ &NB Sp Permanently turn on ACL permissions: Modify auto Mount files/etc/fstab View and set ACL permissions View ACL Permissions command: GETFACL file name set ACL permissions command: SETFACL file name &NB Sp Options:-M set ACL permissions user--setfacl-m u:username:rwx /project Group--SETFAC l-m g:groupname:rwx /project x &N Bsp Delete specified ACL permissions -B Delete all ACL permissions &NB Sp -D Set default ACL permissions &NBSP ; -K Delete default ACL permissions -R & nbsp Recursive ACL permissions Maximum effective permissions mask: The ACL permissions given to the user are not the permissions they really have, they need to be with mask and then their true permissions command:setfacl-m m:rx file name #对用户, user group, and ACL Group Have effects Remove ACL permissions:setfacl-x g:groupname file name #删除指定的ACL权限 setfacl-b filename #删除所有的ACL权限 Default ACL permissions and recursive ACL permissions (commands for directories) recursive ACL permissions: The parent directory has the same ACL permissions for all sub-files and subdirectories when setting ACL permissions setfacl-m u:username: Rights -r directory default ACL rights Limit: If default ACL permissions are set for the parent directory, all new sub-files in the directory inherit ACL permissions from the parent directory  SETFACL-M D : U: User name: Permissions file name
2. File Special PermissionsSetUID: (Owner's SUID permission)--note: It's dangerous. Only binary programs can be executed to set the SUID permission command performer to have X permission on the program the executor executes the program
Get the program file ownerThe identity setuid permission is only valid during the execution of the program Setuid:4 Representative Suid 2 represents suid 1 for suid command: chmod 4755 filename Cancel command: chmod 755 file name or chmod u-s filename SetGID: (sgid permission of the owning group)for files:Only binaries that can be executed to set the SUID permission command performer to have X permission on the program execute the program
get the file group identity's identityfor directory:Normal user must have R and X permissions to the directory normal users the valid group in this directory will change to the owning group of this directory if the normal user has W permissions to this directory, the new file default belongs to the group Sticky bit of this directory: (Sticky bit permissions --For directories only)
3. File System Properties Chattr permissions (prevent misoperation)Command format: charttr [+-=][options] File name or directory options: I pair files: Do not allow deletion of files, renaming, or modifying content (locked) to a directory: only directories can be modified File data, but does not allow the creation and deletion of file a pairs of files: You can only add data to a file, but you cannot delete or modify the data to a directory: You can only create and modify files, and you cannot delete In addition to the existing File View File System Properties: Lsattr option file name option:-A Show All files and directories-D if the target is a directory, list only the properties of the directory itself, not the child files
4. System commands sudo permissions--root a command that could have been executed only by the superuser to the ordinary user, sudo the operation of the object when the System command command: Visudo #实际修改的是文件/etc/sudoers file format: The user name is shut down by the main Machine Address = absolute address of the command +++++++++++++++++++++++++ +++++ Rights Management +++++++++++++++++++++++++++++++
Linux Learning Notes-rights Management (VI)