Permissions and special permissions for directories and files under Linux

I. Permissions for directories and files under Linux

Chown Change the owner of a file or directory, the owning group

/ETC/PASSWD configuration file holds user information

Useradd adding users

chown owner: Owning group file or directory

Chown-r to change all permissions for files under directories and directories

Chown-v visual display of permission changes

[[email protected] tmp]# chown user1:root aa[[ EMAIL PROTECTED] TMP]# LS -LDRWXR-XR--.  2 user1 root 4096 mar  18 16:41 AA-RW-------.  1 root  root    0 nov  13 09:25 yum.log[[email protected] tmp]# ls -l aa/-rw-r--r--.  1  root root 0 mar 18 16:41 bb[[email protected] tmp]# chown  -R USER1:USER1 AA[[EMAIL PROTECTED] TMP]# LS -LD AA/DRWXR-XR--.   2 user1 user1 4096 mar 18 16:41 aa/[[email protected] tmp]#  Ls -l aa/-rw-r--r--.  1 USER1 USER1 0 MAR 18 16:41 BB 

chmod changing rwx permissions r=4 w=2 x=1  

Chmod-r changing the file permissions under directories and directories

Chmod-v visual display of permission changes

[Email protected] tmp]# mkdir aa[[email protected] tmp]# ls-ld aa/drwxr-xr-x. 2 root root 4096 Mar 16:46 Aa/[[email protected] tmp]# touch Aa/bb[[email protected] tmp]# ls-l aa/-rw-r--r--. 1 root root 0 Mar 16:46 bb[[email protected] tmp]# CHMOD-RV 666 aamode of ' AA ' changed to 0666 (rw-rw-rw-) mode of ' aa/ BB ' changed to 0666 (rw-rw-rw-)

umask The default permissions for the specified directory or file , theroot user is 022, and the normal user is 002;

Change umask value umask 001

[[email protected] ~]# umask0022[[email protected] ~]# umask 001[[email protected] ~]# umask0001[[email protected] ~]# MKD IR aa[[email protected] ~]# touch Bb[[email protected] ~]# ls-ldrwxrwxrw-. 2 root root 4096 Mar 16:26 aa-rw-rw-rw-. 1 root root 0 Mar 16:26 bb

If you change the Umask value to 001, the directory permission is 776 rwxrwxrw-file permissions are 666 rw-rw-rw- files do not require X permissions at all , so permissions are still intact.

The default directory under root is 755 rwxr-xr-x and the file is 644 rw-r--r--
Directory maximum permission is 777 rwxrwxrwx 777

----w--w-022

Rwxr-xr-x 755

File maximum permission is 666 rw-rw-rw-666

----w--w-022

rw-r--r--644

A directory must have the RX permission to enter the directory CD to list the contents of the directory LS

If the directory does not have X Execute permission, we cannot CD to this directory, but can ls this directory.

[Email protected] tmp]# mkdir aa[[email protected] tmp]# ls-ld aa/drwxr-xr-x. 2 root root 4096 Mar 16:33 aa/[[email protected] tmp]# chmod 754 aa[[email protected] tmp]# ls-ld AA/DRWXR-XR--. 2 root root 4096 Mar 16:33 aa/[[email protected] tmp]# su-user1[[email protected] ~]$ Cd/tmp/[[email protected] tmp] $ cd aa-bash:cd:aa:permission denied[[email protected] tmp]$ ls-ld AA/DRWXR-XR--. 2 root root 4096 Mar 16:33 aa/

Normal user default directory is 775 rwxrwxr-x, file is 664 rw-rw-r--

Second, modify the file, directory special permissions     

Chattr

+i added, file cannot be deleted, renamed, set Connection, write, new data

[Email protected] tmp]# chattr +i aa[[email protected] tmp]# Touch aa/cc touch:cannot Touch ' aa/cc ': Permission denied [[email protected] tmp]# chattr-i AA [[email protected] tmp]# Touch aa/cc [[email protected] tmp]# chattr +i AA [[EMA Il protected] tmp]# rm-rf aa/cc rm:cannot Remove ' aa/cc ': Permission denied [[email protected] tmp]# mv AA BB Mv:canno T move ' aa ' to ' BB ': Operation not permitted

+a Add this property, only append cannot delete, non-root user cannot modify property

files can only be appended, subdirectories and files under the directory, can write files, cannot delete subdirectories and files, and cannot be renamed.

[ [email protected] tmp]# touch 11 [ [email protected] tmp]#  ls -l -rw-r--r--.  1 root  root    0 mar 18  17:10 11  [ [email protected] tmp]# echo  ' abc ' >11   [ [email protected] tmp]# cat 11 abc  [ [email protected]  tmp]# chattr +a 11  [ [email protected] tmp]# echo  ' Def ' >11 bash: 11: operation not permitted  [ [email protected]  tmp]# echo  ' def ' >>11 [ [email protected] tmp]# cat 11  abc def[ [email protected] tmp]# chmod 666 11chmod: changing  permissions of  ' one ':  operation not permitted [ [email protected]  tmp]# chown user1:root 11 chown: changing ownership of  ' One ': operation not  Permitted[ [email protected] tmp]# rm -rf 11 rm: cannot remove   ' One ':  operation not permitted

Lsattr to view special permissions for a file or directory

[Email protected] tmp]# lsattr-------------E./yum.log----i--------E./aa

Lsattr-d viewing the special properties of a directory

[Email protected] tmp]# lsattr-d AA-----a-------E-aa

Lsattr-r list the special properties of the current directory and subdirectories

[Email protected] tmp]# lsattr-r-------------E./yum.log-----a-------E./aa./AA:-------------E./aa/bb--------- ----E./aa/cc

Set_uid enables a normal user to temporarily have permission to execute the owner of this command

Set_uid=4 set_gid=2 Stick_bit=1

[Email protected] ~]# umask 0022[[email protected] ~]# which passwd/usr/bin/passwd[[email protected] ~]# ls-l/usr/b In/passwd-rwsr-xr-x. 1 root root 25980 February 2012/usr/bin/passwd

Rws=rwx+s Small S description file has rwx permissions large s Description file does not have X permission

passwd owner is the root user, with RWS permissions, the ordinary user also has root permissions, so ordinary users can change their password.

The performer must have X permission on the file (otherwise, even if the suid is set, because you cannot execute the file at all suid it is not valid at this time, the permission bit displays s);

To illustrate:

[Email protected] tmp]# chmod u-sx/usr/bin/passwd [[email protected] tmp]# ls-l/usr/bin/passwd-rw-r-xr-x. 1 root root 25980 Feb 2012/usr/bin/passwd[[email protected] ~]# chmod u+s/usr/bin/passwd [[email protected] ~]# LS- L/usr/bin/passwd-rwsr-xr-x. 1 root root 25980 February 2012/usr/bin/passwd

Uppercase S description file does not have X permission, cannot execute, meaningless.

chmod u-s/usr/bin/passwd executable file, binary can set the S permission;

[Email protected] tmp]# chmod u-s/usr/bin/passwd [[email protected] tmp]# ls-l/usr/bin/passwd-rwxr-xr-x. 1 root root 25980 Feb 2012/usr/bin/passwd

File has rwx permissions after u-s

[Email protected] ~]# ls-l/usr/bin/passwd-rwsr-xr-x. 1 root root 25980 February 2012/usr/bin/passwd[[email protected] tmp]# chmod 755/usr/bin/passwd [[email protected] tmp] # ls-l/usr/bin/passwd-rwxr-xr-x. 1 root root 25980 Feb 2012/usr/bin/passwd [[email protected] tmp]# chmod 4755/usr/bin/passwd [[email protected] t mp]# ls-l/usr/bin/passwd-rwsr-xr-x. 1 root root 25980 Feb 2012/usr/bin/passwd

itself passwd is 755, the first add suid this value is 4, so this passwd permission is 4755

[Email protected] ~]# chmod 6755/usr/bin/passwd [[email protected] ~]# ls-l/usr/bin/passwd-rwsr-sr-x. 1 root root 25980 February 2012/usr/bin/passwd

6 is to represent suid4+sgid2=6 and then its own permission is 755, so is 6755

Set_gid allows ordinary users to temporarily have the permissions of the group to which the file belongs, you can acting on files and directories

chmod g+s Directory Name

After the change is complete, the newly created directory under the directory is the property of the group to which the parent directory belongs

The newly created directory has the permissions of the group to which the parent directory belongs, inheriting from the parent directory.

[ [email protected] tmp]# mkdir aa [ [email protected] tmp]#  ls -ld aa/ drwxr-xr-x. 2 root root 4096 mar 19 10:04  aa/[[email protected] tmp]# chown user1:user1 aa[[email protected]  Tmp]# ls -ld aa/drwxr-xr-x. 3 user1 user1 4096 mar 19 10:05  aa/[[email protected] tmp]# chmod  g+s aa/[ [email protected]  tmp]# ls -ld aa/ drwxr-sr-x. 4 user1 user1 4096 mar 19  10:07 aa/[[email protected] tmp]# mkdir aa/cc[ [email protected]  tmp]# ls -l aa drwxr-sr-x. 2 root user1 4096 mar 19  10:06 cc [ [email protected] tmp]# touch aa/1.txt [ [email  protected] tmp]#  Ls -l aa/1.txt  -rw-r--r--.  1 root user1 0 Mar 19  10:07 aa/1.txt[ [email protected] tmp]# chmod g-s aa/ [ [email  protected] tmp]# ls -ld aa drwxr-xr-x. 4 user1 user1 4096  Mar 19 10:07 aa [ [email protected] tmp]# mkdir aa/dd  [ [email protected] tmp]# ls -l aa/ drwxr-sr-x. 2 root user1  4096 mar 19 10:06 cc drwxr-xr-x. 2 root root  4096  mar 19 10:10 dd

After removing the GUID's S permission, the directory created in the directory does not inherit the parent directory's properties;

sticky_bit anti-delete bit, RWT Property , only the creator can delete its own, and no other user can delete it. Root has the overriding privileges to delete.

chmod o+t Directory Name

[Email protected] ~]# LS-LD/TMP/DRWXRWXRWT. 3 root root 4096 March 19:30/tmp/[[email protected] tmp]# mkdir 11[[email protected] tmp]# chmod 777 [Email Prote CTED] tmp]# ls-ld 11/drwxrwxrwx 2 root root 4096 March 19:40 11/[[email protected] tmp]# chmod o+t 11/[email prote CTED] tmp]# ls-ld 11/drwxrwx RWT 2 root root 4096 March 19 19:40 11/

Directory must have X permission to go in, lowercase t description directory has x permission, T description does not have X permission, the file is T display.

[ [email protected] 11]# su - test1 [ [email protected] ~]$  cd /tmp/11/ [ [email protected] 11]$ mkdir 12[ [email  Protected] 11]$ touch 123 drwxrwxr-x 2 test1 test1 4096 3 month    19 20:14 12 -rw-rw-r-- 1 test1 test1    0 3 Month   19 20:15 123 drwxr-xr-x 2 root  root  4096 3 Month   19 20:14 root[ [email protected] 11]# su - test2 [  [email protected] ~]$ cd /tmp/11/ [ [email protected] 11]$  Ls -l drwxrwxr-x 2 test1 test1 4096 3 Month   19 20:14 12  -rw-rw-r-- 1 test1 test1    0 3 Month   19 20:15  123 drwxr-xr-x 2 rOot  root  4096 3 Month   19 20:14 root [ [email  protected] 11]$ rm -rf 12 rm:  Unable to remove:  actions not allowed  [ [email  protected] 11]$ rm -rf 123 rm:  Unable to delete "123":  actions not allowed  [ [email  Protected] 11]$ touch 234.txt [ [email protected] 11]$ ls -l  drwxrwxr-x 2 test1 test1 4096 3 Month   19 20:14 12 - Rw-rw-r-- 1 test1 test1    0 3 Month   19 20:15 123  -rw-rw-r-- 1 test2 test2    0 3 Month   19 20:16  234.txt drwxr-xr-x 2 root  root  4096 3 Month   19 20:14  root

You can create a directory or file, but you cannot delete other users ' directories or files.

This article is from the "Model Student's Learning blog" blog, please be sure to keep this source http://8802265.blog.51cto.com/8792265/1622566

Permissions and special permissions for directories and files under Linux