Basic Permissions Ugo
You belong to the primary G-owned group O other people
R (4) reads read W (2) writes write X (1) executes execute
For files:
? R Read allows you to view the contents of a file
? W Write can modify or delete the contents of the file
? x executes whether the file can be executed
Whether a user can delete a file based on whether the user has write permission to the directory where the file resides
For directory:
? R Read allows you to view the list in the directory
? W Write whether can delete, rename files under directory and modify properties of files under directory etc.
? X execution can enter into the directory
Normal operation of a directory, at least should ensure that r-x
?
Modify Permissions
chmod, modify the permissions of the file-R (recursive modification) changes the directory and all child objects in the directory
Grammar:
Modify permissions for one location individually
chmod u-x filename----Subtract the user's access or execution rights
chmod [u|g|o|a]+-=rwx filename
[[email protected] ~]# chmod g=rwx /shared/sysadmin[[email protected] ~]# chmod o=--- /share/sysadmin
Modify FILE Permission syntax
chmod [-R] <a|u|g|o> +-= rwx-/<path>/filename
chmod [-R] 755/<path>/filename
[[email protected] ~]# chmod 750 /home/harry[[email protected] ~]# chmod 510 /home/harry/test -R[[email protected] ~]# chmod 770 /shared/sysadmin
Modify file properties
Chown Effect: Modify file owner and owning group
Syntax format:
1:chown user:group/<path>/filename----Modify user and genus Group
Chown User/<path>/filename----Modify users individually
Chown:group/<path>/filename----individually modified genus Group
? 2:chown USER. Group/<path>/filename----Modify users and genera
Chown. Group/<path>/filename----individually modified genus
-R option: Recursive (all content changes in the directory, otherwise only directories are modified)
[[email protected] Desktop]# chown harry:harry /root/Desktop/test ----修改用户和组drwxr-xrwx 2 harry harry 4096 7月 13 14:32 test[[email protected] Desktop]# chown root /root/Desktop/test ----修改用户drwxr-xrwx 2 root harry 4096 7月 13 14:32 test[[email protected] Desktop]# chown :root /root/Desktop/test ----修改组drwxr-xrwx 2 root root 4096 7月 13 14:32 test[[email protected] Desktop]# chown .test /root/Desktop/test ----修改组
Umask Default permissions (Matte permissions)
The default permission created by the user to create the object is determined by Umask.
Root User: #umask 0022
Normal User: #umask 0002
Directory default permissions are 777
Default permissions for ordinary users to create a directory: 777-002 = 775
Default permissions for the root user to create a directory: 777-022 = 755
File default permissions maximum permission is 666
Starting permissions for normal user-created files: 666-002 = 664
Root user-created file start permissions: 666-022 = 644
umask + 权限= 临时在当前 终端下更改umask值修改 ~/.bashrc 只针对当前用户永久修改 umask值修改 /etc/bashrc 针对所有所用户永久修改umask值
Special permissions
Adventure Bit (SETUID) u+s 4000 temporary ownership of the owner of the authority, the role of the Lord, for the command
chmod u+s filename
chmod 4755 filename
[[email protected] ~]# chmod u+s /sbin/shutdown[[email protected] ~]# ll /sbin/shutdown-rwsr-xr-x. 1 root root 60400 5月 28 2013 /sbin/shutdown
Force bit (setgid) G+s 2000 Any file or directory created by anyone in this directory will force inheritance of the parent directory's group permissions, for the directory.
chmod g+s /shared/sysadminchmod 2770 /shared/sysadmin[[email protected] sysadmin]$ ll /shared/sysadmin/ -ddrwxrws---. 2 root sysadmin 4096 7月 13 12:19 /shared/sysadmin/
Sticky bit (stick bit) o+t 1000 for public directory, this directory under the file, only root and creator can be deleted.
chmod 777 /share/sysadminchmod o+t /share/sysadmin chmod 1777 /share/sysadmin
Access Control List ACL
ACLs are used only when normal permissions, special permissions, and default permissions are not implemented.
ACL is an abbreviation for access Control list
ACLs can be r,w,x for individual users, individual files, or directories, especially for use where special permissions are required.
Getfacl: View ACL permissions for files/directories
Setfacl: Setting ACL permissions for files/directories
语法:setfacl [-bkRd][{-m|-x} acl参数] 文件名例:setfacl -R -m u:huangbing:rwx hb/ --(-R一定要在-m前面,表示目录下所有文件)
Option:-M: Set subsequent ACL parameters
? -x: Remove subsequent ACL parameters
? -B: Remove all ACL setting parameters
? -r: Recursively setting ACL parameters
? -D: Sets the default ACL parameter (valid only for the directory, which is also used by the new file in the directory)
? -K: Delete the default ACL parameters
例:setfacl -x u:huangbing hb/ --删除用户ACL: 例:setfacl -b hb/ --删除所以用户ACL
Note: File settings ACL maximum permissions depend on the value of Umask
File System Extended Properties
chattr--settings file cannot be deleted (including root)
Syntax: chattr + options + file
Options:
? +a can only append content
? +i cannot be modified
Lsattr viewing File extension properties
Linux Basic permissions and special rights Management