RHCE Study Notes (6) Rights Management

When executing the LS command in Rhel, you can see the first letter to determine the type.

The common types are

D (Catalogue)

-(normal file)

C (device file character type)

B (device file, block file)

L (Soft connection, shortcut)

For example, directories and ordinary files

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/5C/wKioL1SY8ceR4ZVdAADMrkkhPa8939.jpg "style=" float: none; "title=" 1.PNG "alt=" Wkiol1sy8cer4zvdaadmrkkhpa8939.jpg "/>

Device files

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/5E/wKiom1SY8R-AaZovAABJjBHTsqs564.jpg "style=" float: none; "title=" 2.PNG "alt=" Wkiom1sy8r-aazovaabjjbhtsqs564.jpg "/>

Soft connection

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/5C/wKioL1SY8cqj5ajDAABnAy4ooZI544.jpg "style=" float: none; "title=" 3.PNG "alt=" Wkiol1sy8cqj5ajdaabnay4oozi544.jpg "/>

Device files, block files (hard disk)

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/5E/wKiom1SY8SPwQ0LBAABXm2TYFPo445.jpg "style=" float: none; "title=" 4.PNG "alt=" Wkiom1sy8spwq0lbaabxm2tyfpo445.jpg "/>

First look at how to change the owner of the file Chown,-R for recursive processing of all subdirectories and sub-files,-V for output detailed change results

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/5F/wKiom1SY_tyju1BoAACb5nCc26s598.jpg "style=" float: none; "title=" 5.PNG "alt=" Wkiom1sy_tyju1boaacb5ncc26s598.jpg "/>

Change the group of files or directories

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/5F/wKiom1SY_p7gMMBxAAB7QQaN8NU896.jpg "style=" float: none; "title=" 6.PNG "alt=" Wkiom1sy_p7gmmbxaab7qqan8nu896.jpg "/>

The specific permissions can be set by the intermediate 9-bit 2 binary values, which represent the U (owner), G (Group) and O (others) R (Read) W (write) x (execute) Right

You can use RWXRWXRWX to represent the permissions that you have, and if you do not have permissions, Mark-

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/57/5F/wKiom1SY_qCwsmWOAABOi9CKToA768.jpg "title=" 7.PNG " Style= "Float:none;" alt= "wkiom1sy_qcwsmwoaaboi9cktoa768.jpg"/>

Simple example, you can use u+ or G to add or remove permissions

A=u+g+o

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/5D/wKioL1SY_0vhOpH-AADKBDEClkU746.jpg "title=" 8.PNG " Style= "Float:none;" alt= "wkiol1sy_0vhoph-aadkbdeclku746.jpg"/>

It is important to note that for directory permissions, you must have at least Read and execute permissions to access it properly. If you only have X, you can only CD in, but not the LS content.

For example, the newly created XX directory, the default is 755 permissions

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/5F/wKiom1SY_qOQEAK3AABOdHh-MGU170.jpg "style=" float: none; "title=" 9.PNG "alt=" Wkiom1sy_qoqeak3aabodhh-mgu170.jpg "/>

After removing other users ' Read permissions

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/5D/wKioL1SY_0-RNd4qAABjssCx_30393.jpg "style=" float: none; "title=" 10.PNG "alt=" Wkiol1sy_0-rnd4qaabjsscx_30393.jpg "/>

BEANXYZ user can cd this directory, but cannot read content

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/5F/wKiom1SY_qeTGMP2AABhcGRVnH4485.jpg "style=" float: none; "title=" 11.PNG "alt=" Wkiom1sy_qetgmp2aabhcgrvnh4485.jpg "/>

Return to normal access.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/5F/wKiom1SY_qmQG0_RAABbJdhJbIY716.jpg "style=" float: none; "title=" 12.PNG "alt=" Wkiom1sy_qmqg0_raabbjdhjbiy716.jpg "/>

The file permissions created by default are 644, and the directory permissions are 755, which is what happens, which is caused by umask filtering.

The default permission for a file should be 666, and the directory is the default value of 777,umask 0022, and by the corresponding bit filtering, it becomes 644 and 755.

Document (666) 110umask (222) 010 010----------------------------------------------- 110 100 100 (644)

Catalogue (777) 111 111 111umask (222) 010 010------------------------------------------------ 111 101 101 (755)

Similar to given a required default permission, how to backward push back?

For example, I need to create the default file and directory permissions are 444, then my umask should be how much?

As shown below, for a file, the third bit per user itself is no permission, so whether or not filtered, is 0, for Umask, the third bit is 0 is 1 does not affect the result; Umask can be 333,323,222,223,232,332 and so on any combination

For a directory, the result is unique and can only be 333;

In summary, the choice of umask should be 333

File (666) 110umask (??? ) 011 011 011-----------------------------------------------100 100 100 (444)

Catalogue (777) 111 111 111umask (???) 011 011 011 (333)------------------------------------------------100 100 100 (444)

The permission settings also have two special attribute bits, s and t bits;

The s bit is located at the U-bit of the binary executable program, referred to as suid, this time the other person executes the program, with the same permissions as the owner;

For example, the user can change their own password through passwd, and the actual password is saved in/etc/shadow, the user executes passwd is actually through the owner root permissions to the shadow file has been modified

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/57/60/wKiom1SZCEaSSWvzAACdFBgpxyw322.jpg "style=" float: none; "title=" 13.PNG "alt=" Wkiom1szceasswvzaacdfbgpxyw322.jpg "/>

S bit is located in the directory of the G-bit, the abbreviation GUID, this time is the role of all newly created subdirectories and files will automatically inherit this group

For example, create a testgroup group to add to the test directory

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/57/5E/wKioL1SZCPLC_S9AAACnUUkYbIk152.jpg "style=" float: none; "title=" 14.PNG "alt=" Wkiol1szcplc_s9aaacnuukybik152.jpg "/>

Then modify the G-bit

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/57/60/wKiom1SZCEryHaeeAABod9NMLtw006.jpg "style=" float: none; "title=" 15.PNG "alt=" Wkiom1szceryhaeeaabod9nmltw006.jpg "/>

Create new files and directories

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/5E/wKioL1SZCPXSXk0iAABFjvRX26E297.jpg "style=" float: none; "title=" 16.PNG "alt=" Wkiol1szcpxsxk0iaabfjvrx26e297.jpg "/>

View Properties

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/5E/wKioL1SZCPfC_UsJAABzAEqkWFk023.jpg "style=" float: none; "title=" 17.PNG "alt=" Wkiol1szcpfc_usjaabzaeqkwfk023.jpg "/>

Finally there is a special attribute bit is the T-bit, he is generally located in the directory O location, lock file can not be deleted. Only Root and owner can be deleted. For example, the system comes with/tmp.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/60/wKiom1SZCE_BgRPqAABOpQqRIw0952.jpg "style=" float: none; "title=" 18.PNG "alt=" Wkiom1szce_bgrpqaabopqqriw0952.jpg "/>

Simple Memory SUID 4, SGID 2, Sbit 1

Therefore, if you set an executable file to-rwsr-xr-x, you can mark it as 4755

Finally look at the hidden special properties

Chattr can set some ad hoc properties, such as +a can only increase the non-reduced

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/57/60/wKiom1SZCyrSZ2u1AAEF4k3EoRI160.jpg "style=" float: none; "title=" 19.PNG "alt=" Wkiom1szcyrsz2u1aaef4k3eori160.jpg "/>

+i cannot make any changes to the file

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/60/wKiom1SZC0rxOEgKAACfSTJK43M299.jpg "style=" float: none; "title=" 20.PNG "alt=" Wkiom1szc0rxoegkaacfstjk43m299.jpg "/>

Lsattr can view special properties

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/57/60/wKiom1SZC2yw0d9hAABLZAX28OE409.jpg "style=" float: none; "title=" 21.PNG "alt=" Wkiom1szc2yw0d9haablzax28oe409.jpg "/>

This article is from the "Mapo Tofu" blog, please be sure to keep this source http://beanxyz.blog.51cto.com/5570417/1593816

RHCE Study Notes (6) Rights Management