(GO) Linux Rights Management (basic permissions, default permissions)

Source: Internet
Author: User
Tags parent directory file permissions

I. Basic file Permissions 1-1. Modification of basic permissions

-rw-r--r--
-The first "-" indicates the file type (-file, D directory, l soft link file)
-rw-r--r--
U owner G-owned group O others
where R reads, W writes, X executes

(1). chmod [option] Mode file name
-Options
. -R recursion
-mode
[Ugoa] [+-=] [RWX]
[mode=421]

#为所有者添加rw权限, the owning group removes the W permission
chmod U+RW, G-w test.txt

Number representation of the permission (number of binary turns)
R---4;  W----2; x----1;
If Rwxr-xr-x, the corresponding 7 5 5

1-2. The role of permissions on files

R: Read file contents (cat more head tail)
W: Edit, add, modify file contents (vi echo)
-but does not contain delete files, because the file name and files data are stored in different locations
X: Access to Directory
Attention:
For files: The highest privilege is X
For the directory: the highest privilege is W

Head: Default is to view the first 10 lines of the file
Tail: The last 10 lines of the file are viewed by default
-n Specifies how many rows to view
MORE: Pause when full page is displayed, press empty SPACEBAR to continue to display the next page, or press Q to stop the display.

(2). Chown: Modify the owner of the file
Format: Chown User name File name

(3). CHGRP: Modify the owning group of the file
Format: CHGRP Group name File name

Instance requirements
-Have a test directory
-Let TestUser have all the permissions
-Let the user group have permission to view
-everyone else is not allowed to view this directory

[Python] View plain copy
  1. # Have a test directory
  2. [Email protected]:~$ ll-d Test
  3. Drwxrwxr-x 3 Changwen changwen 4096 :test/
  4. # Add a testuser user
  5. [Email protected]:~$ sudo useradd testuser
  6. # Set the user's password
  7. [Email protected]:~$ sudo passwd testuser
  8. Enter New UNIX Password:
  9. Retype new UNIX Password:
  10. Passwd:password updated successfully
  11. # Add two users to a user group
  12. [Email protected]:~$ sudo useradd-g usergroup user1
  13. [Email protected]:~$ sudo useradd-g usergroup user2
  14. # Set the owner of the test directory: owning group
  15. [Email protected]:~$ sudo chown testuser:usergroup test
  16. [Email protected]:~$ ll-d Test
  17. Drwxrwxr-x 3 testuser usergroup 4096 :test/
  18. # Set permissions by instance requirement
  19. [Email protected]:~$ sudo chmod- test
  20. [Email protected]:~$ ll-d Test
  21. Drwxr-x--- 3 testuser usergroup 4096 :test/
Second, the file default permissions

(4). Unmak: View default Permissions
such as 0022
-First bit 0: File special permissions
-022: File default permissions
Temporary modification: umask 0002
Permanent modification: Vi/etc/profile

File default Permissions
1). Files cannot be created by default and must be manually assigned to execute permissions
2). So file default permissions up to 666
3). Default permissions need to be converted into letters and then subtracted
4). Default permissions after the file is established, 666 minus umask value
For example:
-File default maximum permission is 666, Umask value is 022
--rw-rw-rw-minus-----w--w-equals-rw-r--r--

Default Permissions for Directories
1). Directory default Permissions Max 777
2). Default permissions need to be converted into letters and then subtracted
3). Default permissions after the file is established, 777 minus umask value
For example:
-Directory default permissions Max 777, Umask value is 022
--rwxrwxrwx minus-----w--w-equals-rwxr-xr-x

Iii. Introduction to ACLs

ACLs are used to solve the problem of insufficient user identity

# See if partition ACL permissions are turned on
(5). DUPE2FS command is a command that queries the specified partition detail file system Information
Dupe2fs-h/dev/sda51
-H only displays information in the Super block, not disk block details

# temporarily turn on partition ACL permissions
Mount-o remount, ACL/
-Re-mount the root partition and mount the Add ACL permission

# permanently open partition ACL permissions (not recommended for modification)
Vi/etc/fstab
#加入acl
Then modify the UUID=C2CA6F57-B15C-43EA-BCA0-F239083D8BD2/EXT4 defalults ACL 1 1

# re-mount the file system or reboot the system for the changes to take effect
Mount-o remount/

3-1 Viewing and setting ACL permissions

# View ACL permissions
Getfacl file name

# Set ACL permissions
Setfacl option file name
-M Set ACL permissions
-X Deletes the specified ACL permissions
-B Remove All ACL permissions
-D Set Default ACL permissions
-K Remove Default ACL permissions
-R recursively Set ACL permissions

[Python] View plain copy
  1. [Email protected]:~$ mkdir av
  2. # Add owners and user groups, and set permissions on AV directory
  3. [Email protected]:~$ sudo useradd Tony
  4. [Email protected]:~$ sudo groupadd stu
  5. [Email protected]:~$ sudo chown tony:stu av
  6. # Set AV permissions
  7. [Email protected]:~$ sudo chmod 770 av
  8. # Add Lao Wang user and set password
  9. [Email protected]:~$ sudo useradd LW
  10. [Email protected]:~$ sudo passwd LW
  11. Enter New UNIX Password:
  12. Retype new UNIX Password:
  13. Passwd:password updated successfully
  14. # give R-x permissions to user LW, using "u: User name: Permissions" format
  15. [Email protected]:~$ sudo setfacl-m u:lw:rx/home/changwen/av
  16. # Assign ACL permissions to user group tgroup2. Using the "G: Group Name: Permissions" format
  17. Setfacl-m G:tgroupt2:rwx/home/changwen/av


You can see that the user LW does not belong to the user group, nor to other groups, which is ACL permissions

3-2. Maximum effective permission and deletion

Above Getfacl AV can see there's a mask
Mask: is used to specify the maximum effective permissions. If I give the user ACL permissions, it is necessary and mask permission "phase" to get the user's true permissions.

# Modify Maximum effective permissions
Setfacl-m M:rx file name
-Set mask permission to R-x. Using the "M: Permissions" format

Remove ACL permissions
# Remove ACL permissions for the specified user
Setfacl-x u: User name File name

# Remove ACL permissions for user groups
Setfacl-x g: Group name File name

# Remove all ACL permissions for a file
Setfacl-b file name

3-3. Default ACL permissions and recursive ACL permissions

1). Recursion is the parent directory when you set ACL permissions, all sub-files and subdirectories also have the same ACL permissions. Recursive permissions can only be assigned to directories and cannot be assigned to files.
setfacl-m u: User name: Permissions-r file name
-R If you do not add R, the file created under this directory does not have ACL permissions
But add R, there will be permission overflow
Therefore, it is recommended to use less ACL permissions

2). The default ACL permissions are that if the default ACL permissions are set for the directory, then all new child files in the parent directory inherit the ACL permissions of the parent directory.
Setfacl-m d:u: User name: Permission file name

(GO) Linux Rights Management (basic permissions, default permissions)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.