Centos6.5 cainiao tour: detailed explanation of File Permissions

I. Preface

In Linux, all resources and devices are treated as files, and the File Permission determines the scope of operations that users can perform on each file, or write programs all involve this aspect. The following is a collection of personal learning materials for future reference.

 

Ii. Three Permissions

1. Common Permissions

Permission	File	Directory
R, read permission	View File Content	List its subdirectory structure information (that is, the executable ls directory)
W. Write Permission	With the r permission, you can modify and delete files.	With the X permission, you can add, delete, and move internal files. to delete or copy files in a directory, you must use the R and X permissions.
X: Execution permission	Executable permissions with R Permissions	You can access this directory and perform operations on the files under it (that is, the CD directory can be executed)

2. Special Permissions

Scenario 1:When user a calls program B, and program B needs to modify file C, and user A has no right to modify file C, then program B will also be rejected to modify file C.

Cause: The program uses the user ID of the caller (User A) to operate the system. the permissions of the program are the same as those of the caller.

Required: Enable the program to use user or user group IDs irrelevant to the caller, so there is no difference when any caller executes the program.

Solution: Use the SUID and guid with special permissions.

Permission	File	Directory
SUID	Note: Only set binary executable files The binary executable file is executed with the user ID of the owner and the caller, that is, it has the permissions of both.	No directory settings
Guid	Note: Only set binary executable files The binary executable file is executed according to the group and caller ID, that is, it has the permissions of both.	Create files and directories in the directory. The Group is the same as that of the directory. Instead of the owner user group.

Scenario 2:When executing the RM-RF directory/*, a user deletes all files and directories that are not owned by the user.

Cause: by default, as long as you have the Wx permission for a directory, you can delete or cut all files and directories under the directory, even if the user has no permissions on the files or directories under the directory.

Requirement: only files and directories owned by the owner are deleted.

Solution: use the special permission sbit.

Permission	File	Directory
Sbit (stick bit, stick bit)	File not set	With the Wx permission, only the directory owner, subdirectory, or file owner and root user can delete and move subdirectories and files in the directory.

 

3. Hide Permissions

There are 13 types, which are valid only when the file system format is ext2 +.

 

3. Understand permissions through commands

In the previous section, we learned about the types of file permissions in Linux From a conceptual point of view. The following describes how to use commands.

1. View Permissions

Enter LS-L to view the permissions of all files and subdirectories in the current directory.

Assume that the Echo information is ①-② RWS ③ R-x ④ R-x ⑤ 1 6 root 7 root records 430540 records DEC 20 records/usr/sbin/passwd, analyze the content one by one.

①. The first character-indicates that the file is a normal file.

-,Common file;

D,Directory file;

L,Symbolic Link;

C,Character device file;

B,Byte Device File;

P,First-in-first-out files;

S,Socket file.

②. 2nd ~ 4 characters, indicating the owner's Permissions

③. 5th ~ 7 characters, indicating the Group permission

④ 8th ~ 10 characters, indicating the permissions of other users (other)

11th characters, indicating the number of hard links

6. Is the user name (owner) of the file owner)

7. is the name of the user group to which the file belongs (Group)

Bytes. It is the file size, in the unit of blocks. If LS-LH is used, the unit is kb and MB.

Modification. The last modification date.

Absolute. is the absolute path of the file or directory

From the above content, we can know that there are three permission roles in Linux:Owner),Group)AndOther users (other).

2. Permission Representation

[A]. Symbolic notation

Common permissions:

R, read permission; W, write permission; X, executable permission.

Special permissions:

SUID permission can only be set in ②. s indicates that the binary executable file has both the SUID permission and the X executable permission. s indicates that the binary executable file has the SUID permission but does not have the X executable permission.

SGID permission can only be set in ③. s indicates that the binary executable file or directory has both SGID permission and X executable permission; s indicates that the binary executable file or directory has the sgid permission but does not have the X executable permission.

The sbit permission can only be set in ④. t indicates that the directory has both the sbit permission and the X executable permission. t indicates that the directory has the sbit permission but does not have the X executable permission.

 

[B]. digital representation

The numeric notation is calculated in binary format and set in octal format.

For binary calculation, 1 indicates that you have permissions, and 0 indicates that you do not have permissions:

			Owner			Group			Other users
SUID	SGID	Sbit	R	W	X	R	W	X	R	W	X
1/0	1/0	1/0	1/0	1/0	1/0	1/0	1/0	1/0	1/0	1/0	1/0

Then, convert each three digits into an octal group. For example, if the binary format is 100111101101, The octal group is 4755.

Then, you can use the CHMOD 4755 file to change the permission of the file. The permission section in LS-l ECHO is rwsr-XR-X.

Note: 1. If no special permission is set, we can directly Save the first digit of the octal sequence, for example, the CHMOD 755 file;

2. Set special permissions in digital notation. Only special permissions can be enabled, but cannot be disabled. For example, file a has special permissions, SUID and SGID, and executes chmod 0755 File A, but the permission for viewing through LS-L is still rwsr-Sr-X.

 

Iv. Set permissions through symbolic notation

Setting permissions through array notation is sometimes not convenient, So Bash provides us with symbolic notation to set permissions.

Set common Permissions

// Add the execution permission chmod + X file path for the owner, group, and other users. // Delete the execution permission chmod-X file path for the owner, group, and other users // add the execution permission to the owner. chmod U + X file path // Add the execution permission to the group. chmod g + X file path // Add the execution permission to other users. chmod o + x file Path // the permission to add and execute to the owner and group. chmod ug + X file path // the permission to add write and execute to the owner, group, and other users, cancel read permission chmod = wx file path // Add write and execute permissions to the owner and group, and cancel read permission chmod ug = wx file path

Set special permissions

// Enable or disable suidchmod U + s file name chmod u-s file name // enable or disable sgidchmod G + s file name chmod g-s file name // enable or disable sbitchmod O + T file name chmod o-t file name

 

5. Change owner and group

1. View user information

// View the current user whoami // view the group groups of the current user // view the group groups of other users 1 user 2

2. Change owner and group

Only root users have the permission to execute the following commands.

// Change the path of the owner chown user name file // change the path of the chgrp user group file. // change the owner and chown User Name of the group. user Group file path // recursively change the owner and group chown-r username. user Group directory path

 

6. Manage Users

1. Add a user

Command: useradd [-u uid] [-G group] [-D Home] [-s shell] User Name
-U, user ID, and user ID are used by the system, while the user name is used by the user. The two are in a one-to-one relationship.
-G: User Group ID
-D. Use an existing directory as your home directory.
-S, define Shell

Example:

// Add the user ID Garfield # useradd Garfield

Check whether the user is created successfully by checking the/etc/passwd,/etc/shadow, and/etc/group files. The details are as follows:

Note: When creating a user, the system will make basic settings for the new user based on the content of the/etc/login. defs and/etc/default/useradd files.

/Etc/login. defs file content:

/Etc/default/useradd

The skel option specifies that the contents of the user's home directory are copied from '/etc/skel.

2. Set the password

Command: passwd username and password

3. Enable and disable accounts

// Disable # usermod-l user name // enable # usermod-u User Name

To enable the disable function, you must delete and add the corresponding user name in the '/etc/shadow' file before the user password! (Exclamation point.

4. Miscellaneous

// Add the user to the user group usermod-G User Group Name User // change the user group usermod-G User Group Name User // modify the user name usermod-l new user name old user // Delete the user userdel Username

 

Vi. manage user groups

// Add a user group groupadd [-g gid [-O] [-R] [-F] user group name // modify the user group name groupmod-N new user group name old user group name // delete user group groupdel user group name

 

VII. User and user group configuration files

1./etc/passwd,Any user can read the content of this file. Store the user name and the encrypted password of each user (if the operating system uses the Shadow technology, use the encrypted password in the/etc/shadow file, which is represented by X or), user ID (a user ID can correspond to multiple user names, each user name has an independent password, home directory and shell, but the system will think that these user names are the same user. 0 is a Super User, 1 ~ 99 system reserved. 100 is a common user and the default value is 500. The overall value range is 0 ~ 65535), user group ID (corresponding to a record in/etc/group), annotation description string, Home Directory, shell program path <br/>

Psuedousers: The shell program path is null or/sbin/nologin, which is mainly used to facilitate system management and meet the File Attribute requirements of the corresponding system process.

The pseudo user is as follows:

Bin, which has executable USER command files
Sys, with system files
ADM, with account files
Uucp, used by UCP
LP, LP, or lpd subsystem usage
Nobody, NFS used

You can set "shell program path" to a program to restrict a user from executing the program only after entering the system. After the program is executed, it exits the system.

2./etc/shadow,Only Super Users can view and modify the data. The pwconv command automatically generates a one-to-one relationship based on the data in/etc/passwd. The record format is: User Name, encrypted password (fixed length is 13 characters, null indicates no password, if contain \. /0-9a-za-z characters cannot be logged on), the last password modification time (calculated based on the number of days from January 1, January 1, 1970), and the minimum interval (minimum number of days for password modification), maximum time interval (password valid days), warning time (from the system to warn the user to change the password to the number of days cannot log on), no activity time (the user has no logon activity, however, the account remains valid for the maximum number of days) and the expiration time (the number of valid days for the user name)

3./etc/group,Name of the user group, password encrypted by the user group (null, \ *, or X indicates no password), user group ID, and member User Name (separated by and)

 

VIII. Summary

The File Permission of Linux is now available here. Continue to supplement it later!

Respect Original, reprinted please indicate from: http://www.cnblogs.com/fsjohnhuang/p/3999224.html ^_^ fat Zi John

 

IX. References

Http://blog.csdn.net/fan_zhen_hua/article/details/2050009
Http://blog.csdn.net/xsz0606/article/details/5256719
Http://blog.chinaunix.net/uid-20671208-id-3488852.html
Http://www.cnblogs.com/huangzhen/archive/2011/08/22/2149300.html
Http://blog.csdn.net/liqfyiyi/article/details/7742775
Http:// OS .51cto.com/art/201003/187591.htm
Http:// OS .51cto.com/art/201003/187572.htm

Centos6.5 cainiao tour: detailed explanation of File Permissions