First look at Linux file permissions 1. users and user groups in order to better understand file permissions, we need to first have the concepts of users and user groups. In Linux, any file has three types of permissions: User, Group, and Others. 1. a glimpse of Linux's file permissions 1. users and user groups in order to better understand file permissions, we need to first have the concepts of users and user groups. In Linux, any file has individual permissions for three identities: User, Group, and Others. 1. concepts of users and file owners: the user name you use to log on to the Linux host is a user. for example, root is a user, and many users exist in Linux. If you create a file on Linux, you are the owner of the file by default. 2. with the concept of user groups, users can differentiate the owners of different files, or define whether users can perform read/write or execute operations on files based on the object owner, why is there a user group concept? The reason is simple: some specified users (non-file owners) can access your files with certain permissions, while others cannot access your files. Setting user groups also makes it easy to manage such permissions. For example, if A team A is developing A project and you are A member of Team A, the documents or code you write and other members of the team must be able to read and write them, the team A can be added to A user group. The user group can read and write these files, while other development teams cannot, you cannot read or modify the code and documentation of your team. In addition, each user can have support for multiple user groups. 3. concepts of other users (Others) since a file has a user group, there must be some users who neither belong to this user group nor the file owner, for example, in the above example, the development team except Team A is another user of the file. 2. run the ls command in the main folder of the Linux file to get the following execution result: From the above result, seven columns of data appear on the screen, they represent: the file capacity of the owner User Group of the number of permission connections (B) modify the date file name 1. Describe the first column in detail-the permission can be seen that the first column is composed of 10 characters, as shown in: the first character represents the file type. The following characters are in a group of three and all are in the three combinations of "rwx" (r: read (readable), w: write (writable), x: execute (executable), whether it is the owner's permissions on files, the user group's permissions on files, or other users's permissions on files, are all rwx, this sequence will not change. if the sequence is readable, writable, or executable, the corresponding positions are r, w, and x respectively. Otherwise, the sequence is -. The first character indicates the file type, and the file types mainly include: [d]: Directory [-]: file [l]: connection file [B]: interface devices available for storage in the device file [c]: How does the serial port device in the device file understand the permissions? For example, if the first column is-rwxr-xr --, it indicates that the file is a common file and can be read, written, and executed by the file owner, it can only be read and executed, but cannot be written (modified). other users can only perform read operations. In addition to letters, permission settings can also be represented by numbers. for example, r: 4, w: 2, x: 1,-: 0 (which can be converted into binary data, and only the accumulated values of each group are displayed. in the preceding example, rwxr-xr -- can be expressed as 754. 2. explain in detail the difference between a directory and a file permission. in Linux, whether a file is executable has no absolute relationship with the suffix, it is determined by whether the file has the "x" permission. "W" indicates that you have the permission to write, edit, add, and modify the file content, but you do not have the right to delete the file itself. Rwx mainly targets file content. However, as we can see from the above file type, the file type may also be a directory, so writing and executing a directory is obviously meaningless. what does it mean? What is the difference between it and the common file type? We know that a file stores actual data. The main content of a directory is to record the file name list, and the file name is strongly associated with the directory. Therefore, for a directory, r indicates that you have the permission to read the directory structure list and can query the file name data under the Directory. for example, you can use the ls command to display the directory content list. For a directory, w can be said to be powerful. it indicates that you have the permission to change the directory structure, such as creating new directories and files, delete an existing file or directory (regardless of the permission of the file), rename the existing file or directory, and transfer the file and directory location in the directory. You may think that x is always strange for a directory, but it is very useful. The Directory x indicates whether the user can enter the directory to become a working directory, if you can use the cd command to switch to this directory. Note: If you have the r permission on a directory but do not have the x permission, you can use ls to view the file list under the Directory, but cannot enter the directory, you cannot operate any files in the directory, even if you have the rwx permission on the files in the directory. 3. special file permissions: SUID, SGID, and SBIT. when we execute the following ls command, we may see strange results: in the first column, we can see the file permission attributes, s and t described above. 1) SUID when the Mark s appears on the object owner's x permission, the second example above is called Set UID (SUID for short. Basically, SUID has the following restrictions and functions: a and SUID permissions are only valid for binary programs, and cannot be used in shell scripts or directories; b. The executor must have x executable permissions for the program. c. This permission is valid during the execution of the program. d. the executor will have the permissions of the owner of the program; the above example shows that the passwd program is owned by the root user and belongs to the root user group. but we know that for common users, they can still change their passwords. why? The reason is: 1. passwd is an executable binary program; 2. this executable file marks s on the x permission of the file owner, that is, SUID is set; 3. common users are other users (Others) for root users and root user groups. However, we can know from the file permissions that Others supports other users (Others) note that this is important for reading and executing Others, because if Others's permissions (the last three digits) are set to r --, then normal users will execute the passwd program, even if it indicates s on the x permission of the file owner. (Note: This executable permission must correspond to the role of the user and have the x permission in the corresponding permissions. in the preceding example, whether it is the file owner or user group, or Others has x permissions .) 4. when executing the passwd program, normal users will obtain the permissions of the owner of the passwd program, that is, the root permission for the program, rather than the permissions of Others or user groups; 5. However, this permission is only valid during the execution of the passwd program. after the program is executed, normal users no longer have this permission. 2) SGID, when s appears in x of the user group, it is called Set GID, that is, SGID. SGID can be set for files and directories. for files, SGID has the following restrictions and functions: a, SGID is useful for binary programs; B, program performer for this program, requires the permission of the slave x. c. the executor will be supported by the program user group during execution. File permissions and operations are basically the same as SUID, except that it does not obtain the permissions of the program owner, but the permissions of its user group. SGID can be used as a directory. for a directory, SGID has the following restrictions and functions: a. If a user has the r and x permissions on this directory, the user can access this directory; b. The valid user group in this directory will be changed to the user group in this directory. c. If the user has w permissions in this directory, the user group of the new files created by the user is the same as the user group in the directory. 3) SBITSBIT is only effective for directories. it applies to directories: When users have the w and x permissions for this directory, that is, they have the final permission, the user creates a file or directory under the Directory. only the user and the root user have the right to delete the file. 3. common commands used to modify file permissions include: chgrp: modify the user group to which the file belongs chown: modify the file owner chmod: modify the file permissions. the usage of these commands is not described here, for more information, see man. Note: The three special permissions of the file can also be expressed in mathematics. 4 is SUID, 2 is SGID, and 1 is SBIT, for example,-rwsr-xr-x. We know according to the previous calculation, it was originally set to 755. because it has special SUID permissions, it becomes 4755.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.