1.7.3 decoding file permissions
Use the LS command to view file permissions for files, directories, and devices on a Linux system. The first character in the field defines the type of object:-Represents a file , D represents adirectory, L represents a link, C represents a character device, B represents a block device, and N represents a network device .
Behind it are 3 groups of characters. Each set of 3 characters defines an access permission: R forobject Read permission, W for object Write permission, and X for object execution permission . If a permission is denied, a dash (-) appears in that location. These 3 sets of characters are related to 3 levels of object security: The object owner, the user group that owns the object, and anyone else on the system .
The operation example is interpreted as follows:
The permissions for the first file are interpreted as follows:
These permissions represent the user login name Ewang can read, write, and execute file permissions. Members in the user group Ewang can also read, write, and execute file permissions. Anyone who is not in the Ewang user group also has read, write, execute permissions . 1. Default File Permissions
The umask command sets the default permissions for any file or directory that is created. Using the Umask command setting is not clear enough, the first digit represents a special security feature called a sticky bit . The next 3 digits represent the octal umask value of the file or directory. Examples of operations are as follows:
The octal mode security Setting converts 3 rwx permission values to a 3-bit binary value, represented by an octal value. In a binary representation, each location is a binary. Therefore, the Read permission is a unique permission set, the value should be r--, and the associated binary value is 100, which means that the octal value is 4.
Octal mode uses octet permissions and lists the permissions values for the 3 security levels (user, user group, anyone) in sequence. The octal mode value of 664 indicates that the user and user groups have read and write permissions, while others have only read permissions.
The umask value is just a mask. It masks the permissions that you do not want to specify for the security level. The Umask value is the value subtracted from the object's full permission set. the full permissions of the file are schema 666 (Everyone has read/write permissions), and the full permissions of the directory are 777. The umask value is typically set in the/etc/profile startup file, and you can use the umask command to specify different default umask settings. Therefore, the initial permission for the file in the instance is 666, and after the umask of 002 is applied, the file license becomes 664.
The umask value is typically set in the/etc/profile startup file. You can use the umask command to specify different default umask settings. By setting the Umask value to 026, the default file permissions become 640, and the permissions for the directory are 751. The operation example is as follows: