Attr understood as attributes, attribution
A lsattr
List Hidden Property information
Parameters:
-D lists only directories
-R recursively displays hidden information, that is, files in all subdirectories are traversed
-A includes hidden files and. directories. Directory
[Email protected] test]# Ll-r
.:
Total 4
-rw-r--r--. 1 root root 0 Apr 07:20 1.txt
Drwxr-xr-x. 2 root root 4096 Apr 07:23 test2
./test2:
Total 0
-rw-r--r--. 1 root root 0 Apr 07:23 2.txt
[Email protected] test]# Lsattr-r
-------------E./test2
./test2:
-------------E./test2/2.txt
-------------E./1.txt
Here, we create a new. test file, and then lsattr a bit.
[email protected] test]# touch. Test
[Email protected] test]# lsattr
-------------E./test2
-------------E./1.txt
By default, we find that lsattr only shows the intuitive, hidden files in the directory, the recursive directories do not show us, lsattr a try
[Email protected] test]# lsattr-a
--------------- ./..
-------------E./test2
-------------E./.
-------------E./1.txt
-------------e-/.test# hidden files
When we want to display the hidden properties of a directory, such as test, you can enter the upper directory and enter Lsattr D/path/to/dir
[Email protected]/]# lsattr-d/test
-------------e-/test
Two chattr
①chattr [|+] i/path/to/file OR DIR
I understand as ego I, when files are always present, cut cannot be deleted with ADD, imagine system important files,
[Email protected]/]# chattr +i/test/
[email protected]/]# Touch haha.txt/test
Touch:setting times of '/test ': Permission denied
②chattr [-|+]a/path/to/file OR DIR
A comprehension as add adds, when the file can only be added, nor can it be deleted, imagine log file
[Email protected]/]# lsattr-d/test
-------------e-/test
[Email protected]/]# chattr +a/test/1.txt
[Email protected]/]# Lsattr/test/1.txt
-----a-------E-/test/1.txt
[Email protected]/]# echo "Hello" >/test/1.txt
-bash:/test/1.txt:operation not permitted# permissions are insufficient because the Add permission is set
[Email protected]/]# Rm/test/1.txt
Rm:remove regular empty file '/test/1.txt '? Y
Rm:cannot remove '/test/1.txt ': Operation not permitted# can not delete, of course, the log can not be deleted
Three special permissions SUID SGID STICKY
S is understood as set,
- SetUID (for binary files!) ) (chmod 4XXX chmod u+s)
When other users execute the binary, they temporarily have the permissions of their owner, such as/bin/ls this file
- SetGID (file + directory) (chmod 2XXX chmod g+s)
For binary files
Require additional permissions of at least X, for security, no enforcement rights of course, you're not allowed to do anything else.
Users temporarily have permissions to the user group when they execute the binary file
- For directory
Require the user to at least be able to enter the directory, so at least for the RX permission, at this time the user temporarily belongs to the directory of this user group, such as a new file, the user group that the original directory user group
- Sticky Bit (typically only for directory settings) (chmod 1XXX chmod o+t)
After setting the sticky bit in a directory, all users can create files in this directory, but only the files they create (except root), which will protect the user files in the directory that all users can write.
Easy to forget Linux commands chattr lsattr set hidden permissions and special permissions settings