Incomplete parsing of Linux file permissions

Incomplete parsing of Linux file permissions this article focuses on issues related to Linux file permissions, such as users and user groups, file permissions, default file permissions, and special file permissions. Why does Linux require so many permission restrictions? In fact, these are not completely resolved to secure Linux file permissions.
This article focuses on issues related to Linux file permissions, such as users and user groups, file permissions, default file permissions, and special file permissions. Why does Linux require so many permission restrictions? In fact, this is for the sake of security! If your Linux system contains a love letter you wrote to your sweetheart, or an action blockbuster in an Asian island, you don't want anyone to flip it over ?! Let's take a look at what Linux file permissions are! 1. the file owner has three types of identities for accessing a File: The file owner, the user group to which the file belongs, and others outside the user group (others ). Because this article focuses on file permissions, these concepts are briefly described and not fully elaborated. 1.1 does the owner of the file have to explain it? Note that when a file is just created, the file owner is the user who created the file, but the file owner can be changed through chown! This will be introduced later. 1.2 User group where the user group (group) file is located. please refer to Baidu for the concept of user group! The relationship between user groups and users is like the relationship between your family and you. Note: The account of the file owner may not belong to this user group. 1.3 Other People (others) except the user group and file owner, other visitors are collectively referred to as others, that is, people outside your family! In addition to these three accounts, there is also the super account root, which is an omnipotent account! You can treat him as the village chief of your home village for the time being, and manage the families (groups) in this village. linux file permission concept 2.1Linux file permission concept three identities of files in Linux (owner, group, and others), knowing that each identity has three permissions (rwx) as described above, we can know that the visitor to a file has three identities: owner (user), group, and others. There are also three types of file permissions: readable, writable, and executable. Abbreviation: r, w, x, which is the abbreviation of read, write, and execute. Then sort and combine the nine permissions of a file (actually more! I will introduce it later !): Owner's permission r, w, x, group's permission rwx, and others's permission rwx. These permissions limit whether these three users have the readable, (or) writable, and (or) executable permissions on the file. 2.2 View Linux file permissions [plain] [root @ Cherish linux] # touch test --> create an empty file! [Root @ Cherish linux] # ls-al --> Display file attributes! Total usage 8 drwxr-xr-x. 2 root 4096 22:36 on May 25, December 11. dr-xr-x ---. 37 root 4096 December 11 22:32 .. -rw-r --. 1 root 0 December 11 22:36 test short note:-rw-r --. 1 root 0 December 11 22:36 test file type and permission I-node connections the user group to which the owner belongs file size file ctime or mtime file name we can see that the file has a lot of attributes (in fact there are many more !) The first column is introduced here, because they indicate the file permissions of the file! We extract the ten characters in the first column that indicate the file type and permissions for separate analysis. they can be divided into three groups:-rw-r -- the first group, the third group, the fourth group, and the first group, indicates the file type. [-] indicates a general file, [d] indicates a directory, and [l] indicates a link file. The second group contains three characters, indicating the permissions of the file owner. Are these three characters from left to right readable? Is it writable? Is it executable? When the corresponding letters of rwx appear, the corresponding permissions are granted. If yes, the corresponding permissions are not granted. For example, the permission of the test file owner is rw-, indicating that the file owner has the readable and writable permission on the file, but does not have the executable permission. The three characters in the third group indicate the permissions of the user group, in the same format as above. The test file only has the read permission. The third character in the fourth group represents the others permission in the same format. The test file only has the read permission. 3. how to change the file permissions and attributes 3. 1. chown [-R] dir/file: change the file owner. if-R is added, all files and directories in the subdirectory are updated. example: change the file owner of the test file from root to Cherish [plain] [root @ Cherish linux] # ll test-rw-r --. 1 root 0 December 11 22:36 test [root @ Cherish linux] # chown Cherish test [root @ Cherish linux] # ll test-rw-r --. 1 Cherish root 0 December 11 22:36 test chgrp [-R] dir/file change the user group to which the file belongs. add "-R" to update all files and directories in the subdirectory. example: change the user group of the test file from root to Ch Erish [plain] [root @ Cherish linux] # ll test-rw-r --. 1 Cherish root 0 December 11 22:36 test [root @ Cherish linux] # chgrp Cherish test [root @ Cherish linux] # ll test-rw-r --. 1 Cherish 0 December 11 22:36 test 3. 2. change file permissions (chmod) (1) numeric permissions use numbers to represent each permission, so that three permissions (r, w, x) can be quantified as numbers, the following table lists the numbers of permissions for each identity (owner, group, others. For example, if the file owner Cherish of the file test has the permission to the file rw-that is, the file is readable and writable, then the quantization is 4 (r) + 2 (w) = 6, according to this algorithm, the file test has the following permissions: owner = rw-= 4 + 2 = 6 group = r -- = 4 + 0 + 0 = 4 others = r -- = 4 + 0 + 0 = 4, we can use a three-digit number to indicate the permissions of a file! For example, the permission for the test file is 644! In this way, we can easily use numbers to set the permissions of a file. For example, if we want to share the file test with everyone, we can set the permission of the file to rwxrwxrwx, and calculate the number permission to 777, then we can do this: chomd [-R] abc dir/file abc represents the three-digit permission! [Plain] [root @ Cherish linux] # chomd [-R] abc dir/file [root @ Cherish linux] # ll test-rw-r --. 1 Cherish 0 December 11 22:36 test [root @ Cherish linux] # chmod 777 test [root @ Cherish linux] # ll test-rwxrwxrwx. 1 Cherish 0 December 11 22:36 test we found that after the command chmod 777 test was executed, the test permission of the file actually changed to rwxrwxrwx. is it very convenient! (2) the numeric permission of the symbolic type is concise but not intuitive. Linux provides us with another intuitive method for setting the symbolic type permission! You can see from the previous introduction that the file has three identities: owner (that is, user), group, and others. We use u, g, and o to represent three identities respectively, a represents three identities at the same time, r, w, and x represents three permissions, and +,-, and = represents the actions for adding, removing, and setting some or some permissions respectively. Then we can use these character combinations to flexibly and intuitively set file permissions! The figure below actually stole laruence and hoped that he would not be angry! Chmod ugoa + (add)-(remove) = (set) rwx dir/file below we will give a few examples! Set the file permission of the test file to rwxrw-r -- [plain] [root @ Cherish linux] # chmod u = rwx, g = rw, o = r test [root @ Cherish linux] # ll test-rwxrw-r --. 1 root 0 December 12 09:39 test will remove the r permission of the others test file! [Plain] [root @ Cherish linux] # chmod o-r test [root @ Cherish linux] # ll test-rwxrw ----. 1 root 0 09:39, January 1, December 12 test. we can see that the r permission of others test has actually disappeared! We will then grant the x permission of the test file to the identity used: [plain] [root @ Cherish linux] # chmod a + x test [root @ Cherish linux] # ll test-rwxrwx -- x. 1 root 0 December 12 09:39 test this command is useful when setting permissions for executable files! There are other flexible settings, such as [plain] [root @ Cherish linux] # chmod u = --- test [root @ Cherish linux] # ll test ---- rwx -- x. 1 root 0 December 12 11:41 test [root @ Cherish linux] # chmod g = test [root @ Cherish linux] # ll test --------- x. 1 root 0 December 12 11:41 test 4. the default permission of the file and the default permission mask of file 4.1 all have a default permission when creating the file and directory. If the file is created, the default permission is rw-rw. if the directory is created, the default permission is rwxrwxrwx. we can create a file to see: [plain] [root @ Cherish linux] # touch test1 [root @ Cherish linux] # ll test1-rw-r --. 1 root 0 December 12 10:09 test1 [root @ Cherish linux] # mkdir testdir [root @ Cherish linux] # ll-d testdir drwxr-xr-x. 2 root 4096 December 12 10:09 testdir what? Why isn't the default permission assigned? Are you kidding me? Don't worry. there is another umask problem! We know that to obtain the CIDR block of an ip address, you must combine the ip address and the netmask. This is similar to the ip subnet mask. the default file permission also has a permission mask (unmask). The default permission can only be obtained after unmask processing, let's take a look at this unmask! 4.2 file permission mask (unmask) [plain] [root @ Cherish linux] # umask --> mask number representation. we only pay attention to the last three digits. we will talk about it after the first digit! 0022 [root @ Cherish linux] # umask-S --> mask character representation (Symbolic) u = rwx, g = rx, o = rx note, umask does not provide true default permissions. the default file permissions must be processed by umaks! Umask is to block some of the default permissions. 4.2.1 Digital form mask the digital form mask tells us the permissions to be removed. For example, the above 022 (currently only focus on the last three digits) indicates that the default permissions of files must be removed from group and others (because the number of w permissions indicates 2 !): File: default permission (rw-rw)-permission mask (---- w -- w-) = true default permission (rw-r --) understand? The directory is also processed in the same way. please calculate it by yourself. Here we can also use a method similar to binary or (rw-rw) | (---- w -- w-) = (110110110) | (000010010) = 110100100 = rw-r -- 4.2.2 is the character form mask. after reading the numeric form mask, can the reader guess the meaning of the character form mask? What is the meaning of the mask of the symmetric state? the default permission should be retained. Is it a bit dizzy? It doesn't matter. let's take an example to understand it. For example, the owner (user) permission in the character mask is u = rwx, which means that the user in the default permission is retained if the r permission exists; otherwise, the user is not retained. The default permission of the user of the file is rw-. rw is retained based on the mask. rw is not retained because the user does not have the x permission. Then the final default permission of the file user is rw-. do you understand? If you still don't understand it, come with a binary phase! File: rw-rw) & (rwxr-x-r-x) = 110110110 & 111101101 = 110100100 = rw-r -- now I understand it! 4.2.3. modifying umask is simple. you can directly connect the modified value to the end of umask. this value can be in numeric or character form! [Plain] [root @ Cherish linux] # umask 077 [root @ Cherish linux] # umask 0077 [root @ Cherish linux] # umask u = rwx, g = rwx, o = rwx [root @ Cherish linux] # umask 0000 [root @ Cherish linux] # umask-S u = rwx, g = rwx, o = rwx there is an interesting phenomenon at the end, let readers think for themselves! [Plain] [root @ Cherish linux] # chmod + x test [root @ Cherish linux] # ll test-rwxr-xr-x. 1 root 0 December 12 11:46 test [root @ Cherish linux] # chmod + w test [root @ Cherish linux] # ll test-rwxr-xr-x. 1 root 0 December 12 11:46 test [root @ Cherish linux] # chmod a + w test [root @ Cherish linux] # ll test-rwxrwxrwx. 1 root 0 December 12 11:46 test 5. the significance of file permissions refers to so many issues related to file permissions. What exactly does these permissions mean? Next, let's analyze it. 5.1 The meaning of the file permission on the file does not need to be explained too much. you can understand, read, write, and execute the file. That's enough. 5.2 The significance of file permissions on directories is very important! Be sure to understand it carefully! So what is the significance of r w x to the directory? R: for a directory, if you have the r permission, you can use ls to view the list of file names under the Directory, but not the details of the file w: with w permissions, you can change the internal structure of a directory. that is to say, you can delete, add, move, and rename files. x: if you have x permissions, you can use cd to access the directory as your working directory. in this directory, you can access and modify files with permissions, the premise is that you know the file name of this file. Do you understand ?! Here are some examples. I used the root account to create four new files and assigned the others identity r, rx, w, and wx permissions. Then log in with the cherish account to see what operations can be performed on these files with the cherish identity! [Plain] [cherish @ Cherish ~] $ Ll-d/tmp/tesdir _ * dr -- r --. 3 root 4096 14:05/tmp/tesdir_r # only grant permissions to others r dr-xr-x. 3 root 4096 December 12 14:05/tmp/tesdir_rx # grant the rx permission d-w ----- w -. 3 root 4096 December 12 14:05/tmp/tesdir_w # grant w permissions d-wx -- x-wx. 3 root 4096 December 12 14:10/tmp/tesdir_wx # grant wx permission [cherish @ Cherish ~] $ Ll/tmp/tesdir_r --> You can only view the file name. for details, you cannot view the file name! Ls: Cannot access/tmp/tesdir_r/testfile: The permission is insufficient. The total usage is 0 d ?????????????? Testfile [cherish @ Cherish ~] $ Ll/tmp/tesdir_rx/--> You can view the details at last! Of course, you can also use cd to access this file! Total Usage 4 drwxr-xr-x. 2 root 4096 14:05 testfile [cherish @ Cherish ~] $ Mkdir/tmp/tesdir_w/chenbin --> It is not enough to have w permissions. you must have x permissions to modify the structure in the directory! Remember! Mkdir: The Directory cannot be created "/tmp/tesdir_w/chenbin": the permission is insufficient. [cherish @ Cherish ~] $ Mkdir/tmp/tesdir_wx/chenbin --> can be created! [Cherish @ Cherish ~] $ Cd/tmp/tesdir_r/tesdir_rx/[cherish @ Cherish ~] $ Cd/tmp/tesdir_r-bash: cd:/tmp/tesdir_r! But I tried to learn more and found that Linux is really powerful! After learning this, you don't need to use a poor "hidden file" or the next Shenma file encryption software to hide some files, just like in windows. In Linux, you only need one or two commands. is it very powerful ?!