1th Chapter Bashshell Command------------(chmod, Chgrp, chown, shared file settings)

1.7.4 Modify security Settings

If you have already created a file or directory, and you need to modify its security settings. 1. Modify Permissions

The chmod command allows you to modify the security settings for files and directories. The format of the chmod command is as follows:

The pattern parameter allows you to set security settings using octal or symbolic mode. The octal mode setting is fairly simple and requires a standard 3-bit octal code for the file as needed. The octal file permissions are automatically applied to the specified file. The implementation of symbolic mode permissions is not so easy. As shown in the figure above:U represents the user, G represents the user group, O represents the other (anyone else), and a represents all of the above . Using a symbol: add a permission (+) to an existing permission, subtract a permission (-) from an existing permission, and assign a value (=). Set use permissions, which not only include rwx values, but other settings include:

1. x is used to specify execution permissions that are valid only if the object is a directory or if it already has execute permissions

2. s is used to set the UID or GID that is being executed

3. t for saving program text

4. U is used to set permissions to the owner's permissions

5. g is used to set permissions to the user group's permissions

6. o is used to set permissions to other people's permissions

The operation instance of the command is as follows:

The chmod-r parameter loops through file and directory modifications. You can use wildcards when specifying file names to facilitate the ability to modify multiple files in one command. The action example looks like this:

2. Modify owner

The chown command makes it easy to modify the owner of the file, and thechgrp command allows you to modify the default user group for the file . The chown parameter commands are as follows:

The chown command Action example looks like this:

PS: Only the root user can modify the owner of the file. Any user can modify the default group for a file, but the user must be a member of the user group associated with the modification operation .

The operation parameters of the chgrp command are as follows:

chgrp The operation instance of the command is as follows:

Now any member of the Ewang group can perform operations on the file, which is a way to share files on a Linux system. 3. Sharing files

Linux Stores 3 additional bits of information for each file and directory:

Ø set User ID (SUID): When a file is executed by a user, the program runs under all permissions of the file.

Ø set Group ID (SGID): for files, programs run under the permissions of the file user group. For directories, new files created in the directory use the directory user group as the default user group.

Ø sticky bit: After the process is finished, the file remains (glued) in memory.

The SGID bit is very central to the shared file. By enabling the SGID bit, you can force all new files created in the shared directory to be owned by the user group of the directory and the user group of the individual users.

You can use the chmod command to set up SGID. It will be added to the beginning of the standard 3-bit octal (consisting of four-bit octal values), or you can use symbol sin symbolic mode.

To create a shared directory that always has a directory user group set for all new files, simply set SGIDfor the directory. The action example looks like this:

The first step is to create a user group shared using Groupadd. Next, use the mkdir command to create a directory that you want to share. Next, use the CHGRP command to modify the default user of the directory to a user group that contains members that need to share files. Finally, set the directory to SGIDto ensure that any files created in that directory can use the shared user group name as the default user group.

For this environment to work, all user group members need to set their own umask 002 values so that members of the user group can write to the file.

After you complete all of these tasks, you can go to the shared directory and create a new file. As expected, the new file uses the default user group for the directory instead of the default user group for the user account. This file is now accessible to any user in the shared user group.