Easy to forget Linux commands chattr lsattr set hidden permissions and special permissions settings

Source: Internet
Author: User

Attr understood as attributes, attribution

A lsattr

List Hidden Property information

Parameters:

-D lists only directories

-R recursively displays hidden information, that is, files in all subdirectories are traversed

-A includes hidden files and. directories. Directory

[Email protected] test]# Ll-r

.:

Total 4

-rw-r--r--. 1 root root 0 Apr 07:20 1.txt

Drwxr-xr-x. 2 root root 4096 Apr 07:23 test2

./test2:

Total 0

-rw-r--r--. 1 root root 0 Apr 07:23 2.txt

[Email protected] test]# Lsattr-r

-------------E./test2

./test2:

-------------E./test2/2.txt

-------------E./1.txt

Here, we create a new. test file, and then lsattr a bit.

[email protected] test]# touch. Test

[Email protected] test]# lsattr

-------------E./test2

-------------E./1.txt

By default, we find that lsattr only shows the intuitive, hidden files in the directory, the recursive directories do not show us, lsattr a try

[Email protected] test]# lsattr-a

--------------- ./..

-------------E./test2

-------------E./.

-------------E./1.txt

-------------e-/.test# hidden files

When we want to display the hidden properties of a directory, such as test, you can enter the upper directory and enter Lsattr D/path/to/dir

[Email protected]/]# lsattr-d/test

-------------e-/test

Two chattr

①chattr [|+] i/path/to/file OR DIR

I understand as ego I, when files are always present, cut cannot be deleted with ADD, imagine system important files,

[Email protected]/]# chattr +i/test/

[email protected]/]# Touch haha.txt/test

Touch:setting times of '/test ': Permission denied

②chattr [-|+]a/path/to/file OR DIR

A comprehension as add adds, when the file can only be added, nor can it be deleted, imagine log file

[Email protected]/]# lsattr-d/test

-------------e-/test

[Email protected]/]# chattr +a/test/1.txt

[Email protected]/]# Lsattr/test/1.txt

-----a-------E-/test/1.txt

[Email protected]/]# echo "Hello" >/test/1.txt

-bash:/test/1.txt:operation not permitted# permissions are insufficient because the Add permission is set

[Email protected]/]# Rm/test/1.txt

Rm:remove regular empty file '/test/1.txt '? Y

Rm:cannot remove '/test/1.txt ': Operation not permitted# can not delete, of course, the log can not be deleted

Three special permissions SUID SGID STICKY

S is understood as set,

    1. SetUID (for binary files!) ) (chmod 4XXX chmod u+s)

      When other users execute the binary, they temporarily have the permissions of their owner, such as/bin/ls this file

    2. SetGID (file + directory) (chmod 2XXX chmod g+s)

      For binary files

      Require additional permissions of at least X, for security, no enforcement rights of course, you're not allowed to do anything else.

      Users temporarily have permissions to the user group when they execute the binary file

      1. For directory

        Require the user to at least be able to enter the directory, so at least for the RX permission, at this time the user temporarily belongs to the directory of this user group, such as a new file, the user group that the original directory user group

    3. Sticky Bit (typically only for directory settings) (chmod 1XXX chmod o+t)

After setting the sticky bit in a directory, all users can create files in this directory, but only the files they create (except root), which will protect the user files in the directory that all users can write.

Easy to forget Linux commands chattr lsattr set hidden permissions and special permissions settings

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.