Getting started: Get a simple look at Linux file permissions
On Linux systems, the ls-l command can view file permissions, such as
[Email protected] test]$ Ls-l a
-rw-rw-r--. 1 zhaohuizhen zhaohuizhen 121 Oct 20:26 A
File a permission is in the first column, the first bit--a normal file that represents file a. The following 9 is the file permissions, rw-rw-r--, the first three files belong to the master permission, the middle three is a group of permissions, the last three to represent other user rights.
R Read permission W Write permission x Execute permission-no permissions.
1) Change permission Properties command chmod
Chmod can be used to change the permissions of a file or directory, but only the owner and Superuser root of the file have this permission. There are two ways to change the permissions of a file or directory by chmod: One is to set permissions by means of a permission letter and an operator expression, and the other is to set permissions by using a numeric method.
A digital permission method
chmod [Numeric combination] File name
-R to change the properties of all files in a directory
4 Read 2 Write 1 Execute 0 no permissions
B-character file notation
U Genus G Group O other users
+ Add-subtract = set
R Read W write X Execute
2) Change the file ownership relationship command Chown
When we want to change the genus of a file, the user we use must be a group of files and a member of the target group, or Superuser. Only super users can change the owner of the file.
chown [Options] [owner][:[Group]] File #: can be replaced by.
Use CHGRP to change the file group
Summary test: Linux plain file read and write execution permission description
Readable r: Indicates a permission to read the contents of a file
Writable W: Indicates permission to modify file contents
(Special note: Delete files, modify file name, new file permissions are controlled by the parent directory permissions, and the file itself permissions Independent)
Executable x: Represents the right to execute the file (the file itself can be executed, the normal user must also have R permissions, root privileges can also be executed, of course, the file itself needs to be able to execute. ）
Summary test: Description of Read and write execution permissions for Linux directories
Readable r: Represents the right to browse directories under files and directories, LS dir. (Can not enter the directory, that is, cd dir, if there is no X permission, the list is also problematic, ls-l dir List property will have a question mark, prompt does not have permission.) ）
Writable W: Indicates a permission to add, delete, or modify a file name within a directory (requires X permission mates)
Executable x: Indicates a permission to enter the directory, such as CD dir.
Linux file and Directory permissions comparison description:
R (read, reading permission):
For a file, it represents the right to read the contents of a file.
For a directory, it represents the permission to browse the directory (note that it is different from the permission to enter the directory), and the X permission mates.
X (Execute, execute permission):
For a file, it represents the Execute file permission. For executable script files, the normal user also needs R permission mate, the root user does not need r permission, and for executables, no r permission mate is required.
For a directory, the permission to enter the directory is indicated.
If the corresponding bit is "-", it means that there is no permission.
When a file or directory is deleted or moved, it is related only to the previous level of directory permissions for the file and to the file itself. For a file, writing a file modifies the file rather than deleting it, so the write file is related to the file's own properties.
Command for default permission assignment umask
Work, the general default permissions, the directory is 755, the file is 644. This is a relatively secure permission. Work as far as possible to let our files and directories reach the above default permissions.
In Linux systems, the default permissions for files are determined by umask. When you create a file, the default maximum permissions is 666, the maximum permission to create the text directory is 777, and the corresponding permissions are masked based on the umask value. You can view the default permission values for umask under different directories in the/etc/login.defs file. Home directory, default permissions Umask 077.
To change the default permissions for files and directories:
Umask 022 022
Set User ID bits: in s notation.
1) The user corresponding to the first three x-bit if there is, use small s to denote suid. When there is no X on the X-position, SUID is the uppercase S.
2) Set the user ID bit is to allow ordinary users to run as root or other user's rights only root or other users can run programs or commands, or program commands corresponding to files that do not have permission to operate, and so on.
For example, if you want a boy user to delete a file that was not authorized to delete.
b suid (suid modifies the executed command, not the file to be processed)
3) only valid for binary command programs and cannot be used on similar script files like Shell. Shell scripts only invoke binary command programs, so specific permissions also need to look at the binary command itself.
4) Binary command program needs to have executable permissions X
5) suid permissions are only valid during program execution.
6) Any user who executes the command can obtain permission to do so during the execution of the command program.
7) Suid is a double-edged sword, is a more dangerous function, a certain threat to the system security.
Linux System file permission system detailed