Default permissions and Extended permissions

When you create a new file with touch or use mkdir to create a new folder, you will also find that they have default permissions when you do not manually add permissions to it.

Each terminal will automatically add permissions to the newly created file or folder.

The default permissions for files are 666-umask values

The default permissions for folders are 777-umask values

Umask is a command to view and set the default permissions for the current terminal, with R 4,w for the calculation of 2,x to 1.

Normal user's Umask value defaults to 002. If you create a new file for normal use, the default permission for the current file is 666-002 equals 664, and the rw-rw-r--permission is obtained after conversion. If you create a new folder, the permissions for the folder are 777-002 equals 775, and you get rwxrwxr-x after the conversion.

The root user's default Umask value is 022, which means that if the root user creates a new file, the default permission for the file is 666-022 equals 644, and the rw-r--r--permission is obtained after the conversion. If you create a new folder, the default permissions for the folder are 777-022 equals 755, and the Rwxr-xr-x permissions are obtained after conversion.

You can view or modify the values of the default permissions by using the Umask command

Use the umask command directly when viewing, but note that Umask returns a four-bit number where the first bit represents extended permissions. The latter three bits are normal permissions.

Use the Umask value when modifying, for example to change the umask value of the ordinary user to 022, then only need to use umask 022.

The operation of a command or program in Linux is run as standard by the current user's permissions. Like what:

The test.c file is created by the root user, and all test.c users are root. The TEST.C permission is rwxr-xr-x.

User TestUser2 can execute test.c file. However, there are resources in the test.c file that only the root user can access, so when the TestUser2 user executes the file, the file will discover insufficient permissions during the execution of TestUser2 permissions. Therefore, the use of extended permissions on test.c files is required.

Extended privileges are divided into three types:

Suid

Sgid

Sticky

Suid is to allow files with Suid permissions to always be executed only as the file's owning user. Like the passwd command. This is a command that belongs to the root, and in the process of executing it, the root/etc/shadow file is modified. However, ordinary users may also use the passwd command to modify their own passwords. The permission to discover this file through Ls-l is rwsr-xr-x. The s means that it has extended privileges of suid.

You can add suid permissions to a file by using the command chmod u+s file.

Sgid is similar to suid, except that the SUID acts on the file, while the Sgid acts on the folder.

You can add Sgid permissions to a folder by using the command chmod g+s file.

You can add sticky permissions to a folder by using the command chmod o+t file.

Default permissions and Extended permissions