Five permissions: Ugo permissions, SetUID SetGID Sticky, ACL permissions, chattr (file system-level permissions), SELINUX

Source: Internet
Author: User

Five big permissionsUgo PermissionsSetUID SetGID StickyACL Permissionschattr(Permissions at the file system level), SELINUX ====================== file attributes and Ugo permissions ==================================ls-l list The properties of a file  linux file types include the following six kinds:-   Normal file  d directory file l   link file B block type device file   block device file C character type device file s socket file network type file P pipe type file  ugo permissions u represent users owned G for group-owned groups O represents Othersa on behalf of all, including the meaning of ugo rwx  r delegate Read permission W for write permissions x for file: R stands for the ability to view the contents of the file using the Cat commands, W represents the ability to add/remove/Modify the contents of the file, X means that the file can be executed. For Table of Contents: R means that you can use the LS command to list the file name under the directory, in order to see the details of the file, you need to combine the X permission. The W represents the table where you can create/delete files and subdirectories, or modify the file names to use with X. X means you can enter the directory. r=4    w=2    x=1  How to view file types? Permissions for two ls-l or file  folders x     rep can CD in Rx     delegate can CD in LS ls-lwx   represent can CD LS touch RM vi own files and Other people's files Wxt   can only edit their own files CD Touch vi chmod modify file Ugo permissions chmod Ugoa  +-= rwx command way: chmod o+w file1chmod g-w  file 1chmod o=---file1chmod a=rw file1chmod-r recursive modified file Ugo permissions chmod 644 File1 chownchown Sherk achown shrek.ttt bchown Shrek: TTT Bchown-rchown. tttchgrp ttt r4  w2  X1   files in the ext2 ext3 file system exist in Inode + block mode, Inode saves the file's properties stat fileName can be used to check the inode umask of a file umask default permissions for user-created files and directories。 Root user 022 (default) normal user 002 (default) file maximum permissions 666, directory maximum permissions 777. Umask Direct Enter to view the Umask value of the current user. Setting the Umask value(1) Umask number can temporarily modify the Umask value of the current user. ~/.BASHRC add umask number to permanently modify the user's Umask value   (2)  vim ~/.BASHRC   Permanent/ETC/BASHRC is a system-level configuration VIM/ETC/BASHRC (global configuration) Generally not ======================suid sgid sticky=============================suid function on binary executable program, let anyone in the execution of this two Temporarily owns the permissions of the file owner when the executable program is in process. Setting: chmod u+s filename, such as the passwd executable, is the permission sgid on binary executables, and anyone who temporarily owns the permissions of the user within the group to which the file belongs when executing the binary executable program. Role in the directory, anyone who creates a file in this directory belongs to the group that inherits the directory. Setting mode: chmod g+s filename/dirnamesticky function on the directory. Anyone can create files in this directory, but they can only delete or modify their own files, can not delete other user-created files, only the owner of this directory can delete all files in the directory, to achieve dynamic balance. Setup mode: chmod +t dirnamesuid=4 sgid=2 sticky=1chmod 1777 filechmod 7777 file ======================acl permissions ============ ================= access Control list ACL permissions are supplemental permissions for UGO permissions, Ugo can control up to three types of users, and ACLs can set permissions on individual users and individual groups. Getfacl filename View ACL permissions for a file setfacl-m u:usename:rwx  file1 set ACL permissions for a specific user setfacl-m g:groupname:r-x   File1 set ACL permissions for a single group setfacl-m m: Permission sets the mask value, which specifies the maximum permissions that the remaining users can have except user and others. ^csetfacl-x u:username finame Delete an ACL entry ^csetfacl-x g:groupname filenamesetfacl-x m filEnamesetfacl-b filename Clears the entire ACL list  ACL permissions are typically used with Linux and Windows, because Windows General permissions are  ls for individual users drwxrwxr-x+ 2 Root root 4096 Feb  5 17:08 aclfile ===================== =attr Permissions =========================== Special permissions for special users lsattr file1 view chattr +i  filename Anyone cannot modify the file  chattr-i filename   Applies to important files to prevent accidental deletion    ch attr +a can only append files, can not change the original chattr-a filename   for log file +a file timestamp is not updated     for large access files is the +i and +a help document man Chattr    View the properties of a file Lsfilelsattrstatgetfacl

Five permissions: Ugo permissions, SetUID SetGID Sticky, ACL permissions, chattr (file system-level permissions), SELINUX

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.