Default Permissions: umask, file system, special permissions, and umask

Source: Internet
Author: User

Default Permissions: umask, file system, special permissions, and umask
Chapter 4 permission errors 1st common user ls/root/

/Root is a common root user and does not have any permissions, so it cannot be viewed.

[Oldboy @ znix ~] $ Ls/root/

Ls: cannot open directory/root/: Permission denied

[Oldboy @ znix ~] $ Ls-ld/root/

Dr-xr-x ---. 5 root 4096 Sep 5 :05/root/

1.2 normal user touch/root/oldboy.txt

The permission to create a file depends on the permission of the directory where the file is located./root is a common root user who does not have any permission. Therefore, you cannot create a file in it. To create a file, you must have the wx permission in the directory.

[Oldboy @ znix ~] $ Touch/root/oldboy.txt

Touch: cannot touch '/root/oldboy.txt': Permission denied

[Oldboy @ znix ~] $ Ls-ld/root/

Dr-xr-x ---. 5 root 4096 Sep 5 :05/root/

1.3 normal user \ rm-f/etc/passwd

To delete a file, you must have the wx permission on the directory where the file is located. Normal users only have the r-x permission, so they cannot delete the file.

[Oldboy @ znix ~] $ \ Rm-f/etc/passwd

Rm: cannot remove '/etc/passwd': Permission denied

[Oldboy @ znix ~] $ Ls-ld/etc

Drwxr-xr-x. 78 root 4096 Sep 5 11: 27/etc

[Oldboy @ znix ~] $ Ll/etc/passwd

-Rw-r -- 1 root 1177 Sep 5 11: 27/etc/passwd

1.4 normal user cat/etc/shadow

When viewing the file content, you need to view the file's permissions. Here, normal users do not have any permissions for this file, so they cannot view the file content.

To view the file content, you must grant the r permission to the file.

[Oldboy @ znix ~] $ Cat/etc/shadow

Cat:/etc/shadow: Permission denied

[Oldboy @ znix ~] $ Ll/etc/shadow

---------- 1 root 881 Sep 5/etc/shadow

1.5 solutions to errors

1. First, determine whether the operation is a file or a directory.

2. Check the relationship between you and the operation object.

3. file first view Permissions

4. view directory permissions first

5. view the file content, modify the file content, and run the file (SCRIPT), depending on the file permissions

6. view the contents in the directory, delete files, create files, and rename (change the name of the file), depending on the directory permissions.

Chapter 2 file access process 2nd process 2.1.1

Inode

File Permissions

Block location

 

Block

Actual File Content

File

Access files from relative paths

 

 

 

2.1.2 data-to-path access

/Directory

Directory block, find the corresponding file

Inode Of The/etc directory

Inode

File Permissions

Block location

 

Block

Actual File Content

File

2.2 Relationship

1. The file name is stored in the block in the directory.

2. Put the correspondence between the file name and inode in the block of the directory.

Chapter 4 website permissions-website root Security 3rd linux system default permissions 3.1.1 file Default Permissions

Maximum file permissions: rw-oldboy.txt 666

Generally, the rw-r -- 644 permission is granted to the file --

3.1.2 default directory permissions

Default directory maximum permission-rwxrwxrwx 777

Generally, rwxr-xr-x root oldboydir is assigned the directory 755 permission.

3.2 how to plan website permissions to make the website more secure 3.2.1 make the website run as www

[Root @ znix/] # useradd www

3.2.2 keep the main Files Owned by the root user

[Root @ znix/] # mkdir-p/app/blog

[Root @ znix/] # mkdir-p/app/blog/upload

[Root @ znix/] # ll-d/app/blog // app/blog/upload/

Drwxr-xr-x 3 root 4096 Sep 6 10:09/app/blog/

Drwxr-xr-x 2 root 4096 Sep 6 10:09/app/blog/upload/

[Root @ znix/] # su-www

[Www @ znix ~] $ Cd/app

App/application/

[Www @ znix ~] $ Cd/app/blog/upload/

[Www @ znix upload] $

3.2.3 process uploaded files

Put the files uploaded by the user in the folder of the www user;

Restrict the file suffix;

You cannot view uploaded files ......

[Root @ znix/] # chown www. www/app/blog/upload/

[Root @ znix/] # ll-d/app/blog // app/blog/upload/

Drwxr-xr-x 3 root 4096 Sep 6 10:09/app/blog/

Drwxr-xr-x 2 www 4096 Sep 6/app/blog/upload/

[Root @ znix/] # cd/app/blog/upload/

[Root @ znix upload] # touch aaa.png

[Root @ znix upload] #

Chapter 2 umask-default permission Control

Control the default permissions in linux

4.1 default permissions for files and directories in the system

File --- 666-rw

Dir --- 777 drwxrwxrwx

 

4.2 umask anti-mask Calculation

Default maximum permission minus umask

4.2.1 when umask is an even number

Instance 4-1 umask is 0022

File:

File-666-022 = 644

Directory:

Dir-777-022 = 755

 

4.2.2 when umask is an odd number

Instance 4-2 umask is 0032

4.3 When umask is an odd number, add 1 to the odd number when calculating the default permissions of the file.

File-666-032 = 634

+ 010 = 644

Directory unchanged

4.4 sample umask = 035

[Root @ znix ~] # Umask 035

[Root @ znix ~] # Touch file035

[Root @ znix ~] # Mkdir dir035

[Root @ znix ~] # Ll file035 & ll-d dir035

-Rw-r --- w-1 root 0 Sep 6 10:42 file035

Drwxr --- w-2 root 4096 Sep 6 10:42 dir035

File = 642 dir = 742

4.5 permanent umask modification method

[Root @ znix ~] # Vim/etc/profile

If [$ UID-gt 199] & ["'/usr/bin/id-gn'" = "'/usr/bin/id-un'"]; then

Umask 002

Else

Umask 022

Fi

Explanation:

If [user UID> = 199] and [user name = user group name], then

Umask 002

So

Umask 022

Guoru

Chapter 2 file system permissions 5th chattr setting file system permissions (change attr)

Chattr + a can only append (append)

Chattr + I cannot perform any operations (immutable)

5.2 Test +

You can only Append content to an object, but cannot delete it.

[Root @ znix ~] # Chattr + a oldboy.txt

[Root @ znix ~] # Lsattr oldboy.txt

----- A ------- e-oldboy.txt

[Root @ znix ~] # Echo 123> oldboy.txt

[Root @ znix ~] #> Oldboy.txt

-Bash: oldboy.txt: Operation not permitted

5.2.1 remove permission-

[Root @ znix ~] # Chattr-a oldboy.txt

[Root @ znix ~] # Lsattr oldboy.txt

------------- E-oldboy.txt

5.3 test + I

The root user cannot perform any operations on files.

[Root @ znix ~] # Chattr + I oldboy.txt

[Root @ znix ~] # Lsattr oldboy.txt

---- I -------- e-oldboy.txt

5.4 lsattr

List attr: Permission to display the File System

[Root @ znix ~] # Lsattr-d/etc/

------------- E-/etc/

Chapter 4 special linux Permissions

-Rw-r -- 1 root 252 Sep 6 :04 oldboy.txt

This is the 9-bit basic permission.

Linux has 12-bit permissions and three special permissions.

6.1 three special permissions

[Root @ znix ~] # Ls-ld/tmp/usr/bin/passwd/usr/bin/locate/bin/ls

-Rwxr-xr-x. 1 root 117048 Mar 23/bin/ls

Drwxrwxrwt. 11 root 4096 Sep 6 11: 29/tmp/

-Rwx -- s -- x. 1 root slocate 38464 Mar 12 2015/usr/bin/locate

-Rwsr-xr-x. 1 root 30768 Nov 24 24 2015/usr/bin/passwd

6.2 rwsr-xr-x

Place suid on the host. When running a command containing suid permissions, it is equivalent to the owner of the command.

For example:/usr/bin/passwd to change the User Password

6.2.1 grant the suid permission to the rm directory

[Root @ znix ~] # Chmod u + s/bin/rm

[Root @ znix ~] # Ll/bin/rm

-Rwsr-xr-x. 1 root 57440 Mar 23/bin/rm

[Oldboy @ znix ~] $ \ Rm-f/root/oldboy.txt

[Root @ znix ~] # Chmod u-s/bin/rm

[Root @ znix ~] # Ll/bin/rm

-Rwxr-xr-x. 1 root 57440 Mar 23/bin/rm

6.2.2 suid: Big S and small s

File Permission. If there is x permission, + s is a small number of seconds. If there is no x permission, + s is a large number of seconds.

[Root @ znix ~] # Ll test.txt

-Rw-r --. 2 root 22 Sep 4 :28 test.txt

[Root @ znix ~] # Chmod u + s test.txt

[Root @ znix ~] # Ll test.txt

-RwSr -- r --. 2 root 22 Sep 4 :28 test.txt

[Root @ znix ~] # Chmod u + x test.txt

[Root @ znix ~] # Ll test.txt

-Rwsr -- r --. 2 root 22 Sep 4 :28 test.txt

6.3 drwxrwxrwt

[Root @ znix ~] # Ll-d/tmp/

Drwxrwxrwt. 11 root 4096 Sep 6 11: 29/tmp/

You can only manage files created in directories with the specified sticky bits.

6.4 rwx -- s -- x sgid

The user runs the locate group. Rarely used!

Rwx -- s -- x. 1 root slocate 38464 Mar 12 2015/usr/bin/locate

Chapter 1 What about viruses in the system 7th Solutions

1. Use the top command to check who uses the most cpu resources.

2. Find the pid Number of the process that occupies cpu or memory.

3. Kill the process based on the pid of the process

7.2 Process Termination Method

[Root @ znix ~] # Kill process number

7.3 top Command

PID pid process id the number of the process is unique in the system

CMD process name (command)

 

Pid user pr ni virt res shr s % CPU % mem time + COMMAND

14011 oldboy 20 0 102 m 672 568 R 19.2 0.1. 45 dd

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.