File System permissions for Unix-like systems

1. Introduction to file systems and permissions
2. Permission setting chmod
3. Advanced applications of find and chmod
4. End

Today I saw a sentence:
UNIX is very user-friendly. It's just picky who its friends are.

1. Introduction to file systems and permissions

For a Windows user, the first entry to access Linux should be the ext file system permission.

Unix-like operating systems have won the reputation of server operating systems with their concise and rigorous permissions.
If you set a user and log on to the system, you can modify, delete, and destroy the file.
Re-create a user and log on to the system without any impact, and the system is not damaged.
This is also the root cause of no virus (or virus infection) in Unix-like systems.

Because of the shit design of their file system and operating system permissions, Windows users are suffering from difficulties every day.
If the system disk is the most advanced, most advanced, and safest NTFS partition format claimed by microsot,
Sorry, except for the super administrator or users with this permission,
No one else can use it normally. No, a power user is logged in,
In a short time, if the log cannot be written by Skynet, Skynet firewall will automatically shut down,
After a while, there will be 10 write errors in a row. Even though the desktop system is running,
However, there is nothing in the firewall and there is no security guarantee,
This is the security partition of Microsoft's so-called advanced technology;

If the administrator user logs in, isn't the desktop system normal ?!
Yes, it is normal, but if the user accidentally runs the downloaded file with malicious code,
Or browse a webpage with malicious code,
Sorry, the malicious code also follows the Administrator's context permission,
It can thoroughly damage your window system.
(Do not forget that Internet Explorer is known for its vulnerabilities)

If you use partitions such as FAT32, dig for Kaka, and the virus prefers it,
Because that partition has no permission settings, a common user can write something into the system.
Modifying or deleting system files directly means finding dead !!

If the virus does not pass through, let alone the disk quota required by the server system.

You have to sacrifice 10% or more CPU resources,
It is wasted on real-time virus protection and real-time registry monitoring,
Or use disk detection to enable disk quota.
In addition, excellent anti-virus software and the accompanying upgrade of the virus Database Service are generally expensive, poor man...

Simple Unix-like system Permissions
For beginners, a file has three permissions: read, write, and run.
Very correct. There are three permissions, so I am very concise.

File. It has three permissions: one owner, two groups, and three other users.
Read/write operation of the owner, read/write operation of the group, and read/write operation of other users
You can implement nine permission modes!

View a file

Quote: dorainm @ LAPTOP :~ $ LS-l dorainm
-Rwxrw-r -- 1 dorainm master 7165 Jun 4 13:50 dorainm
Dorainm @ LAPTOP :~ $

The first group of rwx indicates that the owner has the read and write permissions.
RW-in the second group indicates that the Group has read and write permissions.
R in the third group -- indicates that the owner has the read permission.
Reading a file is to view what is in the file and load the file from the hard disk to the memory.
Writing a file is to modify the content of the file.
Run a file because a Unix-like system does not have a registry,
Windows uses the Registry to maintain the file opening mode with the extension.
Therefore, there is no extension in Unix-like systems. If a common file is a program or shell program
As long as you add the running permission to it, Okay is the executable program recognized by the operating system.

View a directory

Quote: dorainm @ LAPTOP :~ $ LS-l
......
Drwxr-XR-x 7 dorainm master 4096 May 28 Workspace
......

The first D represents a directory file (directory)
The expressions in each group are the same as those in files (in Unix-like systems, everything is a file)
Read a directory to list all the files and subdirectories under the directory.
To write a directory, you have the permission to create or delete files or subdirectories.
To run a directory, you have the permission to enter a directory.

Although there are only three types of permissions for read and write operations, three types of permissions are available, and three types of 9 permissions are available.
9 permissions of a file plus 9 permissions of its parent directory,
Three simple permission settings have evolved into nine or 81 permission modes,
Almost adapted to any service, file sharing, or other applications!
Amazing !!

2. Permission setting chmod (Change Mode)

This topic describes how to set permissions,
Chmod, one of the most important commands in Unix-like systems

Chmod [Option] [permission] file...

Common options include:
-C display changes
-R recursively modifies all files and subdirectories in a directory and all
-F ignore error messages

Permission expression
U + X Add (+) Owner (User) Execution permission (X)
O-R: deprive (-) Other (other) users of the read permission (r)
G = W set (=) Write Permission for group (W)
Of course, it can also be written in a complex way.
U + WR, O = R, G-XW
Append the read and write permissions of the owner, set other users as write permissions, and remove the write execution permissions of the group.
Do you understand?

Each permission corresponds to a single bit. For example, the binary represents read/write execution.
Then r-X is 101 of binary, and the corresponding permission number is 4 + 1 = 5
Similarly, permission 6, binary 110, corresponds to RW-
Therefore, you can use numbers to express permissions in CHMOD,
For example, chmod-r 764 dorainm/
Similarly, chmod-r u = rwx, G = RW, O = r dorainm/

Files can be described using regular expressions, such as wildcards.

3. Advanced applications of find and chmod

Find is the most powerful file search tool in Unix-like systems.

Quote: dorainm @ LAPTOP: Mode $ find
.
./Dorainm
./Ch01
./Ch01/file01
./Ch01/file02
Dorainm @ LAPTOP: Mode $

Displays the names of all files and directories in the current directory and Its subdirectories.

We can add parameters, such

Quote: Find-type F-name '*. c'

Recursively lists all file names ending with. C in the current directory (not Directories)

Of course, pipelines can also be used to achieve high consumption.

Quote: $ find | grep dorainm

Find has a useful execution parameter, such

Quote: Find-type F-exec LS-l {}/;

According to LS-l, this command lists the files found by find as long files.
Have fun

In actual server management, we will encounter many problems, such as a PHP site./PHP
Any *. php file must be read-only,
Files under the upload directory./PHP/updata can be read/written and deleted.

Quote: chown-RC Apache./PHP
Chgrp-RC Apache./PHP
Find./PHP-type-D-exec chmod 555 {}/;
Find./PHP-type-F-name '*. php'-exec chmod 444 {}/;
Find./PHP/updata-type-D-exec chmod 775 {}/;
Find./PHP/updata-type-F-exec chmod 664 {}/;

All right, qianjun Wanma can be completed by the find and-r recursive parameters.

Someone may ask, UNIX is really troublesome. windows can be used as long as files are passed in.
Hey, after your system is infiltrated,
Attackers also use del */S/f/Q/a to destroy all your data and even the system.
[Quote]
Del Win32 File Deletion command
/S recursively traverses all file subdirectories and all
/F force Delete read-only files
/Q quiet mode, no inquiry
/A check all files, including system files and hidden files
[Quote]
Oh, my God, how do you tell your food and clothing parents-customers !!
Data Recovery technologies such as dual-machine Hot Backup are built on a large number of people and coins!

For this website in Unix-like mode, the. php program file will not be tampered with because the file has no write permission,
The directory cannot be deleted because it has no write permission !!

4. End

UNIX beginners are very afraid of permissions, such as writing a shell and running chmod U + x *. Sh.
Or some Unix-supported users may also find chmod permission settings very complicated.

In fact, this is a bright spot for Unix-like systems. It is a good design !!
That is, to achieve server security, but also to pursue ease of use,
Among these conflicting trade-offs, only rwx-type UNIX systems with simple and rigorous permission settings
Is definitely the best solution currently

The sentence at the beginning of the article:
UNIX is very user-friendly. It's just picky who its friends are.