File permissions, users, and user group management in Linux

Source: Internet
Author: User
Tags chmod parent directory readable

1. File Permissions


2. File and directory rwx permission description

    • File rwx permissions:

R: Readable, with permission to read the contents of the file (), if no R,vi/vim editor prompts cannot be edited (can be forced to edit), echo can be appended or redirected.

W: writable, with permission to modify the contents of the file

X: Executable with permission to execute the file.

Need to satisfy: The file itself has the executable permission, the ordinary user also must have the R permission, the root user as long as x permission can execute. Executable files in Linux: *.sh *.py *.perl and so on.

    • Directory rwx permissions:

R: Readable, view the directory under the file and sub-directory permissions, namely LS dir

If there is no X, you cannot enter the directory, that is, CD dir is not available, and if no x,ls can see all the file names, you will be prompted not to have access to the files in the directory.

W: writable, with the ability to modify, add, delete file names within the directory (requires X permission to mate)

X: Executable with permission to enter the directory. For example CD dir, but no r cannot list file or directory, no w cannot be modified, added, deleted


3, delete files (or modify the file name) is controlled by the permissions of the parent directory, and the permissions of the file itself, delete the file (or modify the file name) is in the upper directory of the operation of the file name and inode associated with the data, and therefore related to the parent directory permissions.


4, the process of reading/data/test


5. Common commands


Change file or directory user rights: chmod [numeric permission or character permission] [file name or directory name].

The Plus-R (recursive) means changing the permissions of files or subdirectories in the directory.

Digital permissions: R:4 w:2 x:1-:0

Character permissions: U: Owning primary g: Owning group O: Other person A: equivalent to Ugo +: Add permission-: Cancel Permission =: Cancel Other permissions add only given permission


Change file or directory owner: chown [option] [owner] [filename or directory name]

Option:-R to change the owner of the file or subdirectory in the specified directory.


Change a file or directory belongs to group: chgrp [Options] [genus] [filename or directory name]

Option:-R to change the owning group of a file or subdirectory in the specified directory.



6. Default permission Assignment command: umask

Each Linux system terminal has a umask that can be used to determine the default permissions for newly created files or directories. Due to the creation of a file default permission in the System 666, create a directory default permissions 777, the permissions to open up a large, so after setting the Umask permission mask, the default file directory permissions minus the Umask value is the actual file directory permissions.

Umask altogether 4 digits, the first is used to define special permissions, and the second three bits represent the permission mask.


For Superuser, the default value for Umask is 0022, the superuser (user root and user group root) creates the directory default permissions: 777-022=755, creates the file default permissions: 666-022 = 644, is relatively secure permission.

For ordinary users, the default value of Umask is 0002, the normal user creates directory default permissions: 777-002=775, create file default permissions: 666-002=664.


Umask Set Value If there is an odd digit,777 (666)-umask, the corresponding odd bit plus 1, is the default permission to create a directory or file .

Umask Set value if all is even, 777 (666)-umask is the default permission to create a directory or file.


View umask values: umask

Change umask value: Umask-s [SetPoint] (temporary setting, invalid restart)

If it needs to be permanent, modify the/etc/profile or/ETC/BASHRC file and add umask [setpoint] to the end of the file. Both/etc/profile and/ETC/BASHRC can be used to automatically perform certain actions when a user logs on, except that/etc/profile is performed only when the user logs on for the first time, and/ETC/BASHRC is executed every time the user logs on to the bash shell. As a result, modifying/etc/profile can only take effect for newly created users,/ETC/BASHRC for all logged-in users.


7. Special privileges


    • Special permissions for Linux files are used to compensate for the inability of general permissions to be implemented and are a special feature for file settings.

    • Special permissions for Linux files:

SUID: Allows the performer to temporarily own the owner's permission (valid only for binaries that have execute permission x). s (with X), S (without x).

SGID: Allows the performer to temporarily have permissions for the group (for binary programs that have execute rights x set). s (with X), S (without x).

Mainly used in the directory, when a directory is set Sgid, the newly created file in the directory has the group permissions of the directory, making it easy to share directories among multiple users.

Sbit (Sticky Bit): Can only manage its own data and cannot delete other files (only valid for the directory). T (with X), T (when x is not).

    • Settings for special permissions for Linux files:

SUID:4 SGID:2 sbit:1

Set Suid:chmod 4755 [filename or directory name] or chmod u+s [filename or directory name]

Set Sgid:chmod 2755 [filename or directory name] or chmod g+s [filename or directory name]

Set sbit (Sticky bit): chmod 1755 [directory name]


8. User and User group management

    • User management:


Useradd:

Userdel:

Usermod:


    • User Group Management:


Groupadd:

Groupdel:

Groupmod:

9, Chattr, lsattr

    • chattr: The   command is used to change file or directory properties,

 These two commands are used to view and change the file, directory properties, compared to chmod this command, chmod just change the file read and write, execute permissions, the more underlying property control is changed by Chattr.

        such as:     chattr +i    /etc/resolv.conf      # Use the chattr command to prevent a key file in the system from being modified:

Parameters:

-R                    : recursive processing, all the text in the specified directory and sub-directories are processed together.

-v< version number >: Set the file or directory version.

v                  : Show instruction execution process.

+< properties >          : Opens the Item property of the file or directory.

-< properties >          : Close the Item property of the file or directory.

=< properties >         &NBSP;: Specifies the property of the file or directory.


    1. A: Make the file or directory available for additional use only.

    2. B: Do not update the last access time of the file or directory.

    3. C: Compress the file or directory and store it.

    4. D: Exclude files or directories from dumping operations.

    5. I: Do not alter the file or directory arbitrarily.

    6. S: Privacy delete files or directories.

    7. S: Update files or directories instantly.

    8. U: Prevent accidental deletion.


    • Lsattr: Displays the file properties set by the Chattr command.

lsattr [-adlrvv][file or directory ...]

Parameters:

    • -a displays all files and directories, including "." Additional built-in for the name of the beginning character, current directory "." With the upper directory "...".

    • -D Displays the directory name, not its contents.

    • -L This parameter does not currently have any effect.

    • -R recursively handles all files and subdirectories under the specified directory.

    • -V Displays the file or directory version.

    • -V Displays version information.



File permissions, users, and user group management in Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.