File permissions and special permissions for Linux

I. Basic file permissions for Linux

1. Permissions for files

650) this.width=650; "Src=" Https://s4.51cto.com/oss/201711/18/c97ff7f4fb35e2d1cc40ff14bc3d64ff.png-wh_500x0-wm_3 -wmp_4-s_699971176.png "title=" Linux basic file Information "alt=" C97ff7f4fb35e2d1cc40ff14bc3d64ff.png-wh_ "/>

When the user does not have a permission, use-placeholder r-x: Read and Execute permissions r--: Read-only permission rw-: Read and Write permissions use numbers to represent permissions: R:4 w:2 x:1#================================== ===============================

2. Permissions for file and directory differences

Permissions for files: R: View W: Modify x: Run permissions on the directory: R: View the list of files in directory W: Create and delete files (requires X permission) X:CD into the directory #================== ===============================================

3. Basic commands for Rights management

chmod: Modify file permissions chmod [options] ... mode ... file example: chmod 777 file chmod +x file chmod-x file option:-r: Recursive Modify permission chown: Modify genus Chown [options] ... user:group file example: chowm root:root file1 option:-r: Recursive CHGRP: Modify group permissions chgrp [options] ... GROUP FILE ... Example: chgrp group1 file1 option:-r: Recursive #=================================================================

4.umask: Default permissions for new files and directories

The Umask value can be used to keep the new file permission in the Create Files permission: 666-umask If the result has an execute (odd) permission on a bit, then its permissions +1 new DIR permission: 777-umask non-privileged user umask is 002root umask Yes 022 usage: umask: View Umask #: Set umask 002 umask–s mode display UMASK–P output can be called Umask Global settings:/ETC/BASHRC; user settings: ~/.b ashrc#=================================================================

II. special permissions on Linux systems

Special permissions: Suid,sgid,sticky

Security context:

The process has a group of owners and owners, and the document has a master and owner

(1) Any executable program file can be started as a process, depending on whether the initiator has EXECUTE permission on the program file

(2) After starting as a process, the owner of the process is the initiator, and the group of the process belongs to the initiator

(3) Permissions for the process to access the file, depending on the initiator of the process

Permission Matching model:

(a) initiator of the process, owner of the same document: The application file belongs to the master permission

(b) The initiator of the process, belonging to the group of documents; Apply file group permissions

(c) Apply file "Other" permissions

suid : Sample file:/bin/passwd1. only works on binaries. 2. The user who executes the program inherits the permissions of the program owner. 3. After initiating a process, its process belongs to the owner of the original program file. Permission setting: Empowering: Chmod u+s file...chmod 4755 file ... Cancel Empowerment: Chmod u-s file...chmod 0755 file ... SGID: Sample directory:/tmp1. When acting on a binary program:     (1) The user who executes the program inherits the permissions of the group to which the program belongs.      (2) after starting as a process, the group of its processes is the genus of the original program Files 2.:     (1) A new file created by ordinary users in this directory, Will inherit the genus Group of the directory. Permission setting:     empowering:    chmod g+s file...     chmod 2755 file...     Cancel Empowerment:     chmod 0755 file ...     chmod g-s file...sticky:1. can only function in the directory (function on the file is meaningless) 2. A directory with sticky permissions, the normal user cannot delete the file, Only the file owner can be deleted. Permission setting:     empowering:     chmod o+t dir ...     chmod 1755 dir.      de-empowerment:     chmod 0755 dir ...     chmod o-t dir ... Chattr :  Lock the specified file     + :  append parameters on the original basis     - :  Remove parameter     = :  set to specified parameters     i :  lock file on original basis, cannot be modified or deleted.     a :  can only add data to a file     A :  disable modification of atime         #=================================================================

Third,ACL: Access Control Table

Alc:access control list, accessing the controls list

In addition to the owner of the file, the group and others, you can set permissions on more users

ACL Permissions Effective Order:

Owner > (custom user > Owning group, custom group) > Other People

Users outside the brackets do not accept mask effect

Getfacl: View ACL information setfacl: Set Aclgetfacl:getfacl FILE ... User:USERNAME:MODE group:GROUPNAME:MODEsetfacl:-M: Set AC        L parameter-M u:user_name:mode file|dir-m g:group_name:mode dir-x: Cancel ACL parameter-x u:user_name file|dir -X g:group_name file|dir-b: Cancels all ACL permissions-r: Recursive #============================================================ =====

This article is from the "Bigboss" blog, make sure to keep this source http://bigboss.blog.51cto.com/12113895/1982960

File permissions and special permissions for Linux