Linux Directory Rights Management

Permissions Introduction

in the Linux file system, two properties are assigned to files (or directories) in the system: access rights and file owners, referred to as "permissions" and "Attribution". Among them, access rights include read, write, executable three basic types, attribution includes the owner (the user account with the change file), belong to the group (with the change of the file group account).

When using the LS command with the "-l" option , details of the file or directory are displayed in a long format, including parameters such as permissions and attribution for the file.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/43/47/wKiom1PZlOHxJmUAAABtPjd-pJw020.jpg "title=" Image001.png "alt=" Wkiom1pzlohxjmuaaabtpjd-pjw020.jpg "/>

First Character: Indicates the type of the file, which can be D(directory),b(block device file),C(character device file) ,

"-"(ordinary file), Letter "|" (linked files).

2~ 4 characters: Represents the owner of the file's access rights to the file.

5~ 7 characters: Indicates the user's access rights to the file from the owner of the file.

section 8~ : Represents the access rights of any other user to the file.

In the representation of the owner , the group of users or other users access to the file, the main use of three different permissions characters:r,w,x are readable , writable, and executable.

when you need to set permissions for a file or directory, it is done primarily through the chmod command. When you set access rights for each type of user, you can use two forms of permission representation: Character and number. the R,w,x permission characters can be represented as octal digits 4,2, and1 to indicate that a combination of permissions is required to accumulate numbers.

Default Permissions

Each terminal has a umask property to determine the default permissions for new files and folders.

The general user's umask is 002, theroot user's default umask is 022

The default permission to create a directory is:777-umask

The default permission to create a file is:666-umask

For example, the normal user's permissions are:

Catalog:666-002=775

Files:666-002=644

Command umask View set umask value

umask+ value Modify umask Property

Special permissions

The permissions are a total of ten , the first is to store the default permissions

suld: The general setting of this permission is the software or executable file, so that users who do not have permission to use the software run as administrator.

Sgid : The main application in a folder is a department of data, so that the group becomes the group of this department, the aspect of the administrator control.

Sticky: The user establishes the file, other users who have Read permission can be deleted, setting sticky can prevent other users from deleting the files they have created.

Setup suid:chmodu+s file

Setting sgid:chmodg+s Directory

Setup sticky:chmodo+t file

As with normal files, special permissions can be represented with a number

Suid=4

sgid=2

Sticky=1

Set command chmod4644 file

Permissions	File	Directory
R	View File Contents	View directory contents (show subdirectories, file list)
W	Modify File Contents	Modify Directory contents (create new, delete, move files or subdirectories in a directory)
X	Execute the file (program or script)	Execute CD command to enter or eject the directory
Special permissions
Permissions	Impact on a file	Impact on the Directory
Suid	Executed as the user of the file, not the user who executed the file	No
Sgid	Execute as the file belongs to the group	Any new files created in this directory have the same group as the owning group for that directory
Sticky	No	Users who have write access to the directory can delete only the files they own and cannot delete files owned by other users

Command Introduction

Command format

Chmod [Ugoa ...] [+-=] [RWX] file or directory ...

Or

Chmod nnn file or directory

Ugoa represents the user class to which this permission setting is directed. u represents the ownerof the file, G represents the user in the master, O represents any other user, anda represents all users (sum of U,g,o ).

+-= represents an action action that sets permissions. + means to increase the appropriate permissions,- means to reduce the appropriate permissions, = to set only the corresponding permissions.

RWX is a combination of the rights and can also be split using, such as R,Rx

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/43/47/wKiom1PZlO7gBT2DAAEMurrZ5XI116.jpg "title=" Image003.png "alt=" Wkiom1pzlo7gbt2daaemurrz5xi116.jpg "/>

To set the attribution of directories and files

need to set the file or directory attribution, mainly through the Chown command. You can set only the owner or the genus Group, or you can set both the owner and the genus.

Command format

Chown owner [:[ genus ]] file or directory

At the same time, the user name and group name are separated by a semicolon ': ' When the owner and the group are set. If you only set up a group, you need to use the form "group name."

If you only need to set the directory or the owner of the file, directly to the user name for attribution, recursive modification of directory attribution can also use the '-r' option.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/43/47/wKiom1PZlPbC1BEgAAB9A_NrWAw272.jpg "title=" Image006.jpg "alt=" Wkiom1pzlpbc1begaab9a_nrwaw272.jpg "/>

in the Linux system, set the file access rights, attribution and file management common work content, many network services or application hardening work actually also contains the file permissions and attribution changes. Therefore, in the specific work should be carefully carried out, improper permission settings may lead to system failure, set up to bring some security risks.

This article from "Plum blossom fragrance from bitter cold" blog, please be sure to keep this source http://wangjunkang.blog.51cto.com/8809812/1533454