Linux has three ways to change permissions:chmod/acl/sudo
- The first two are used to change file permissions,sudo is used for more application or command execution permissions
- chmod limitation is the inability to achieve multiple rights allocation (there are only three user groups), in the face of multiple permissions need to be set with ACLs
Chmod
chmod (Agou) (+-) (RWX) filename
- Agou represents the extent to which file permission changes are affected, representing all , group, others, user , respectively
- +- = Add or remove permissions
- Rwx indicates the specific permission type
- chmod a+x test.txt to increase execution rights for all users of test.txt
- chmod a-x,a-w test.txt To remove permissions for everyone to execute and change test.txt
chmod XXX filename
- three categories of users set up together, the first x represents the owner, the second X< Span style= "font-family: Microsoft Jacob Black; font-size:11.0pt; "lang=" ZH-CN "> represents the group, the third X< Span style= "font-family: Microsoft Jacob Black; font-size:11.0pt; "lang=" ZH-CN "for other
- r (4) W (2) x (1): chmod 755 Test.txt test.txtowner settings rwx permissions, Set rx rights because you want to calculate the permissions for each user, it is more for batch processing permissions. Set permissions to users individually in English, not numbers
Permissions thinning problem,chmod up to only three permission groups, when there are multiple users, and each user's permissions are different,chmod has limitations.
ACL (SETFACL/GETFACL)Permissions for files and folders:
- If there are multiple user groups, permission settings are complex things that need careful planning (ACLs and Chmod mixed use are prone to some permissions issues)
- Read permissions for the folder: You can list the contents of the directory
- Folder Execution permissions: You can go to the folder, do the switch directory and other operations
- Folder Write permissions: You can delete files in the folder
- The user has the RWX permission to a file, does not mean that the user has the right to delete the file, only the file content has the delete permission, to be able to operate on the file level, you need to set the corresponding folder w permissions.
Getfacl filename/filedirectory
- view file / folder permissions: Results will show user,group and other
setfacl-m u:username:rwx filename
a file or folder
- After adding the appropriate permissions to ordinary users, rootroot has the most permissions)
Setfacl- x u:username filename
- Remove a user's special permissions on a file or folder
About Sudo
- differs fromChmod/aclSet permissions on a file,sudoroot users increase the processing and execution privileges of the system. For example, only rootuseradd< Span style= "font-family: Microsoft Jacob Black; font-size:11.0pt; "lang=" ZH-CN "> permission, through sudo< Span style= "font-family: Microsoft Jacob Black; font-size:11.0pt; "lang=" ZH-CN ", can add permissions.
- There are two ways to increase permissions for a normal User: with password authentication and without password authentication, and you can specify sudo machine to run.
- There are two steps to using sudo:1. Visudo Edit Permissions 2. Ordinary users add sudo before using the command
Create no password sudo ( usually with no password sudo when executing scripts )
- EditVisudo: RunVisudo, with vim editor edit add Span style= "FONT-FAMILY:CALIBRI; font-size:11.0pt; "lang=" en-us "> SR LOCALHOST=NOPASSWD :/usr/sbin/useraddsr add Super permissions for Add users
- Switch to SR user
- sudo useradd testadd, Adding a new user in SR mode
Create a password sudo(you can ensure that a password is used by the user before using this command)
- EditVisudo: run visudo, vim editor edit add Span style= "FONT-FAMILY:CALIBRI; font-size:11.0pt; "lang=" en-us "> SR LOCALHOST=/USR /sbin/useraddsr add Super permissions for Add users
- Switch to SR user
- sudo useradd testadd, the system will pop up a command prompt, after verifying the command SR can successfully add users
. shell file permissions and script execution (change permissions)