UNIX file security and permissions

Use the LS-l command, such as the following:
Total 74434
-Rwxrwxr-x 2 user DBA 39921 January 16 12:50 file1
Drwxrwxr-x 2 user DBA 4096 January 16 15:29 folder
Total 74434 indicates the space occupied by all files in the directory
2 indicates the number of hard links to the file
39921 indicates the length of the file, expressed in bytes, not K bytes
-Rwxrwxr-X indicates the read and write permissions of the file or directory. The first value indicates the file type (7 types)
D directory l Symbolic Link (pointing to another file) s socket file B Device File
C character device file P name MPs queue file-Common File
The first rwx indicates the file owner permission: R, W, X (execution)
The second rwx indicates the default group permissions of the file owner: R, W, X
Permissions used by the R-x System in Section 3: R, X
Note: If the attribute of a file is-r --------, the file owner can still write data to the file through redirection.

Chmod command: There are two types: Symbol mode and absolute mode:

Symbol mode format:
Chmod [Who] OPERATOR [Permission] Filename
Who meaning:
U file owner permission g same group user permission O other user permissions a all users
Operarot meaning:
+ Add permissions-cancel permissions = Set permissions
Permission meaning:
R read permission W write permission x execution permission s file owner and group set-ID
T sticky bits l lock the file, making it inaccessible to other users
If a "T" bit appears in a directory, it indicates that only the owner of the file in the directory can be deleted, even if users in the same group or grant the same permissions as the owner; if the "T" bit appears on the file, it indicates that the script or program will be placed in the SWAp zone (virtual storage) during execution)
For example, chmod U + x filename indicates that the owner adds the write permission.
Chmod U + x O-W filename if the original permission is-RW-r -- RW-, change it to-rwxr -- r --
Absolute mode:
Chmod [mode] filename mode consists of three Octal numbers, such as chmod 777 filename
Parameter R: for example, chmod-r 644/usr/* indicates that the file under the/usr directory and the file in the subdirectory are changed to 644 at a time.
The directory permission overwrites the File Permission, meaning that if the file can be written but its directory cannot be written, the file still cannot be written.

SUID/GUID command:
SUID means that if a user sets this permission for his or her shell script, other users will also have the corresponding permissions of their owner when executing this script. The same principle applies to guids. the user who executes the script will have the permission of the user in the user group to which the file belongs.
Setting Method: (use LS-L | grep '^... s' to view SUID-authorized files)
Chmod 4711 result RWS -- X use 4 to set SUID
Chmod 6711 result RWS -- s -- X uses 4 + 2 to set SUID and guid
Chmod 2711 result rwx -- s -- X use 2 to set guid
You can also use chmod U + S filename to set it. If it is S, it indicates that this permission bit is not set and has no practical significance.

Chown/chgrp command:
Chown-r-H owner [: Group] filename
Change the file owner.-R indicates all directories, and-h indicates that changing the symbolic link file does not affect the target file.
Chgrp-r-H group filename is used to change the file group
Id [user], group [user] shows the group to which the user belongs. If no user is added, view the user

Umask command:
Used to determine the default mode of file creation. You can write it to your. profile or. bash_profile.
Umask cancels the permission from the permission. During calculation, the directory is calculated as 777, and the file is calculated as 666, that is
After umask 002, the directory permission is rwxrwxr-X (775), and the File Permission is RW-r -- (664)

Symbolic Link-soft link:
Command Format: ln [-S] source_path target_path can be a directory or a file
Once the link is successfully created, the link directory will have 777 permissions, but the actual directory permissions remain unchanged.