Linux file and directory permissions in a detailed

I. Linux file and directory Rights Management

1. File Permission Description:

(1) r: Indicates a permission to read the contents of the file;

(2) W: Indicates the permission to modify the contents of the file;

(3) x: Indicates the permission to execute the file, and the R permission is required;

2, directory permission description;

(1) r: Indicates which files have the permission to browse the directory, must use the X permission to be able;

(2) W: Indicates the right to add, delete, move directory content files, and need x permission;

(3) x: Indicates a permission to enter the directory;

3. Order of Permission acquisition

• First look at the user is not the owner of the file, and then see whether it belongs to the group, and finally see whether other users, if it is one, there is permission;
• For ordinary users, there is no access to resources;
• Read and Write permissions are unrestricted for the root user, but X permissions are controlled;
• Note that: For the root user, if root does not have X permissions, as long as the group and other X permissions, the root user can execute, and ordinary users do not;

4. Owner and Group of documents

(1) Modify the owner of the file: Chown user file to modify the owner;

Chown-r user.group file Recursive modification files belong to the master;

Chown. group file to modify the genus;

(2) Modify the permissions of the file: chmod ugo=rwx Flie Modify All rights of a class of users;

chmod ugo+/-rwx file modifies a class of user or some bit of permission;

-R recursive modification;

Ii. default permissions and umask for files and directories

(1) root user default umask is 022, normal user defaults to 002

　　(2) Umask represents the default permissions of the user to create the file, the maximum permission for the directory is 777, the file is up to 666;

(3) directory default permissions =777-umask; file default permissions =666-unamk, resulting in odd digits plus 1

(4) The default permission after the new creation of the directory is 755, the default permission after the file is created is 644;

III. Special permissions for Linux system files (suid,sgid,sticky)

Set UID

• When the S flag appears on the file owner's X-rights, such as "-rwsr-xr-x", this is called the set UID, which is referred to as the special permission of SUID.
• SUID permissions are valid only for binary programs;
• The performer needs to have X's executable permission on this program;
• This permission is valid only in the course of executing the program;

• The performer will have the permission of the owner of the program;

  For example:/etc/shadow is a file that records the password of all accounts in the system, and its permissions are -r--------1 root root that only root can force changes to the contents of this file. But ordinary users can also modify their own password, because the ordinary user to change the password when the execution of the/USR/BIN/PASSWD ( -rwsr-xr-x ) This program, the process of executing a temporary root authority, so you can modify the/etc/shadow this file, thereby modifying the password. If the user performs other programs that do not have SUID permissions, the/etc/shadow cannot be accessed, such as when the user executes the/bin/cat ( -rwxr-xr-x ) program, the/etc/shadow cannot be read.

Set GID

• Sgid can be set for files or directories.
• When the S flag appears on the X permission of the user group, for example "-rwx–s–x" is set GID, referred to as the special permission of Sgid, Sgid can be set for the file or directory.
• For files: Sgid is useful for binary programs, the program performer must have the executable permission of X for the program, and the performer will get the support of the program User group during the execution.
• When a directory is set to Sgid permissions, it will have the following functions: If the user has R and X permissions on this directory, the user will be able to access this directory, and the user's valid user group in this directory becomes the user group of that directory, if the user has permission to W in this directory, The user group that the user creates the new file is the same as the user group for this directory;

Sticky Bit

• Sticky Bit, abbreviated as Sbit. Currently only valid for the directory, the file is invalid.
• Sbit: When a user has a user group or other person's identity to a directory and has the W permission (that is, the permission to write), this indicates that the user can delete, move, rename, and so on, any new directory or file in that directory. However, if the directory has Sbit permissions, only the file owner and root can delete, move, rename the file, and ordinary users cannot delete files that are not part of the directory.

Linux file and directory permissions in a detailed