Introduction to Centos user permission management

Source: Internet
Author: User

1. Concepts of users and groups
1. Understand the multi-user and multi-task features of linux
Linux is a real and complete multi-user multi-task operating system. Multi-user multi-task means that multiple users can be created on the system, multiple users can log on to the same system at the same time to execute different tasks without affecting each other. For example, a linux server has four users, they are root, www, ftp, and mysql. At the same time, root users may be viewing system logs, managing and maintaining the system, and www users may be modifying their Webpage Programs, ftp users may upload software to the server, and mysql users may execute their own SQL queries. Each user does not interfere with each other and performs his/her work in an orderly manner. However, each user cannot gain unauthorized access, for example, www users cannot perform SQL query operations for mysql users, and ftp users cannot modify Webpage Programs for www users. Therefore, different users have different permissions, each user completes different tasks within the permitted range of permissions. linux implements the multi-user and multi-task running mechanism through permission division and management.
2. User Role classification in linux
In linux, users are defined based on roles. There are three roles:
Guest Super User: has the highest management permission on the system. The default is root user.
Users: users can only access and modify files in their own directories, and have the permission to log on to the system, such as www users and ftp users mentioned above.
Guest Virtual users: Also known as "pseudo" users. The biggest feature of such users is that they cannot log on to the system. They exist mainly to facilitate system management, meet the requirements of the corresponding system process for the file owner. For example, the default bin, adm, and nobody users in the system. Generally, the running web Service uses the nobody user by default, but the nobody user cannot log on to the system.
3. Concepts of users and groups
We know that Linux is a multi-user multi-task time-sharing operating system. To use system resources, you must apply for an account from the system administrator and then enter the system through this account. This account and user is a concept. By establishing users with different attributes, on the one hand, users can reasonably use and control system resources, and on the other hand, users can also organize files, provides security protection for user files.
Each user uses a unique user name and password. When logging on to the system, the user name and password can only be entered into the system and its home directory.
A user group is a logical set of users with the same features. Sometimes we need to allow multiple users to have the same permissions, such as viewing and modifying the permissions of a file, one method is to grant File Access Authorization to multiple users separately. If there are 10 users, 10 authorization is required. Obviously, this method is not reasonable; another way is to create a group that has the permission to view and modify the file, and then put all users who need to access the file into the group, all users have the same permissions as the group. This is a user group. Grouping users is a way to manage users and control access permissions in Linux. By defining user groups, the management work is greatly simplified.
4. Relationship between users and groups:
The relationships between users and user groups include one-to-one, one-to-multiple, multiple-to-one, and multiple-to-many. This relationship is shown as follows:


One-to-one: a user can exist in a group or be a unique member in the group.
Distinct one to multiple: a user can exist in multiple user groups. This user has the permissions of multiple groups.
Allow multiple to one: multiple users can exist in a group, and these users have the same permissions as the group.
Multiple-to-multiple: multiple users can exist in multiple groups. It is actually an extension of the above three mappings.

Overview of user configuration files
1. configuration files related to users and groups
(1)/etc/passwd file
The system user configuration file is the most important file in user management. This file records some basic attributes of each user in Linux and is readable to all users. Each record in/etc/passwd corresponds to one user, and each record in each row is separated by a colon. Its format and meaning are as follows:
User name: Password: User ID: Group ID: annotation Description: main directory: default shell
Below are some outputs of the/etc/passwd file:
[Root @ localhost ~] # More/etc/passwd
Root: x: 0: 0: root:/bin/bash
Bin: x: 1: 1: bin:/sbin/nologin
Daemon: x: 2: 2: daemon:/sbin/nologin
Adm: x: 3: 4: adm:/var/adm:/sbin/nologin
Lp: x: 4: 7: lp:/var/spool/lpd:/sbin/nologin
The detailed meanings of each field are as follows:
Guest user name: A string representing the user account.
Secure Password: stores the encrypted user password. Although this field only stores the encrypted string of the user password, it is not plain text, but the/etc/passwd file is readable to all users, therefore, this is still a security risk. Therefore, many Linux versions now use the shadow technology to store the encrypted user password in the/etc/shadow file, the password field in the/etc/passwd file stores only one special character, for example, "x" or.
Unique User ID: indicates the UID of a user. each user has a UID and is unique. Generally, the UID value ranges from 0 ~ 65535,0 is the identification number of the Super User root, 1 ~ 99 is retained by the system and used as the management account. The identification number of a common user starts from 100. In Linux, the UID of a common user starts from 500 by default. UID is a identifier for determining user permissions in linux. The role and permission of a user are implemented by UID. Therefore, it is very dangerous for multiple users to share a UID, system permissions and management confusion may occur. For example, if the UID of a common user is set to 0, this common user has the root user permission, which is an extremely dangerous operation. Therefore, try to maintain the uniqueness of the user UID.
Consumer group ID: it is the group's GID, similar to the user's UID. This field records the user group to which the user belongs. It corresponds to a record in the/etc/group file.
Annotation Description: a field is a description of a user, such as the user's address, phone number, and name.
Primary Main Directory: the default directory after the user logs on to the system. It can also be called the user's main directory, Home Directory, root directory, and so on.
Butler default shell: it is the default command interpreter used after the user logs on to the system. shell is the interface between the user and the Linux kernel. Any operations performed by the user are passed to the system kernel through shell. Common shells in linux include sh, bash, and csh. The administrator can set different shells for each user according to their habits.
(2)/etc/shadow file
The/etc/passwd file is accessible to all users, which leads to leakage of users' passwords, in linux, the user's password information is separated from/etc/passwd and separately stored in a file. The file is/etc/shadow, which only has the read permission of the root user, this ensures the security of the user password.
The following describes the format of the/etc/shadow file content:
Username: encrypted password: last modification time: minimum interval: maximum interval: warning time: inactive time: expiration time: reserved field
For example, some outputs of the/etc/shadow file are as follows:
[Root @ localhost ~] # More/etc/shadow
Root: $1 $ Uvip. QJI $ GteCsLrSSfpnMs. VCOvbs/: 14169: 0: 99999: 7 :::
Bin: *: 13934: 0: 99999: 7 :::
Daemon: *: 13934: 0: 99999: 7 :::
Adm: *: 13934: 0: 99999: 7 :::
The detailed meanings of each field are as follows:
Login User name: it has the same meaning as the user name in the/etc/passwd file.
Encrypt password: stores the encrypted user password string. If this field is "*" or "!", And "x" characters, the corresponding user cannot log on to the system.
Last modification time of the token: indicates the number of days from a certain time point to the last password change interval of the user. You can use passwd to modify the user's password and view the changes in this field in/etc/shadow.
Minimum interval: The minimum interval between two password changes.
Maximum interval: indicates the maximum interval between two password changes. This setting enhances the Administrator's timeliness of managing users.
Warning time: indicates the number of days from when the system warns the user to when the password is officially invalid.
Unavailable time: this field indicates how many days after the user's password is voided, the system will disable this user, that is, the system will not allow this user to log on, nor will the user be prompted to expire, it is completely disabled.
Expiration time: indicates the user's account survival time. If the specified time is exceeded, the account becomes invalid and the user cannot log on to the system. If the field value is blank, the account is permanently available.
Reserved field: reserved field of linux. It is currently blank for future development of linux.
(3)/etc/group file
User Group configuration file. All user group information is stored in this file.
The following describes the format of the/etc/group file:
Group Name: Password: Group ID: group user list
For example, some outputs of/etc/group are as follows:
[Root @ localhost ~] # More/etc/group
Root: x: 0: root
Bin: x: 1: root, bin, daemon
Daemon: x: 2: root, bin, daemon
The meanings of each field in/etc/group are as follows:
Group Name: name of the user group, which consists of letters or numbers. Same as the username in/etc/passwd, the group name cannot be repeated.
Secret password: stores the password string encrypted by the user group. The password is set in the/etc/gshadow file by default, and "x" is used here, in linux, the default user group does not have a password. You can use gpasswd to add a password to the user group.
Consumer group ID: GID, which corresponds to the group ID in/etc/passwd.
Users in the Users Group: all users in the group are displayed. Multiple users are separated by commas.
2./etc/login. defs File
Defines the default settings when creating a user, such as specifying the user's UID and GID range, the user's expiration time, whether to create the user's main directory, and so on.
The/etc/login. defs file under rhel5 is as follows:
MAIL_DIR/var/spool/mail
When creating a user, create a user mail file in the directory/var/spool/mail.
PASS_MAX_DAYS 99999
# Specify the maximum number of days the password remains valid
PASS_MIN_DAYS 0
Indicates the number of days since the last password change before the user is allowed to change the password
PASS_MIN_LEN 5
Minimum Password Length
PASS_WARN_AGE 7
Indicates the number of days before the password expires when the system starts to notify the user that the password is about to expire.
UID_MIN 500
The minimum UID is 500. That is, when a user is added, the UID starts from 500.
UID_MAX 60000
The maximum UID is 60000.
GID_MIN 500
Specify the minimum GID as 500, that is, when a group is added, the GID of the group starts from 500.
GID_MAX 60000
Specify a maximum GID of 60000
CREATE_HOME yes
This option specifies whether to create the user's home directory. yes indicates creation, and no indicates creation.
3./etc/default/useradd file
When we create a user using the useradd command without adding any parameters, the user's default home directory is usually located in/home, and the default shell is/bin/bash. Why, you can see the contents of the/etc/default/useradd file.
[Root @ localhost ~] # More/etc/default/useradd
# Useradd defaults file
GROUP = 100
HOME =/home # This option stores the home Directory of the new user in the/HOME directory.
INACTIVE =-1 # indicates whether to enable account expiration and disable;-1 indicates not enable
EXPIRE = # This item indicates the Account expiration date. If this item is not set, it indicates that the account is not enabled.
SHELL =/bin/bash # This option specifies the default shell type of the new user.
SKEL =/etc/skel # This item is used to specify the source of the default file in the user's main directory. That is to say, all files in the new user's main directory are copied from this directory.
CREATE_MAIL_SPOOL = no
The/etc/default/useradd file defines some default attributes of the new user, such as the user's home directory and shell. By changing this file, you can change the default attribute values of the new user.
There are two ways to change this file. One is to change the file by using a text editor, and the other is to change the file by using the useradd command. Here we will introduce the second method:
After adding the "-D" parameter to the Useradd command, you can modify the configuration file/etc/default/useradd. The general format is:
Useradd-D [-g group] [-B base] [-s shell] [-f inactive] [-e expire]
The meanings of each option are as follows:
-G default_group
Indicates the start group name or GID of the new user. The group name must be an existing user group name, And the GID must also be an existing user group GID. Corresponds to the "GROUP" line in the/etc/default/useradd file.
Defaults-B default_home
Specify the upper-level directory of the new user's home directory, that is, all new users will create their own home directories under this directory. Corresponds to the HOME line in the/etc/default/useradd file.
S-s default_shell
Specify the default shell used by the new user, which corresponds to the "SHELL" line in the/etc/default/useradd file.
Defaults-f default_inactive
Specifies how long the user account will be permanently suspended after expiration, which corresponds to the "INACTIVE" line in the/etc/default/useradd file.
Upload-e default_expire_date
Specifies the expiration time of the user account. Corresponds to the "EXPIRE" line in the/etc/default/useradd file.
Example:
When useradd-D is not added with any parameters, the current settings of the/etc/default/useradd file are displayed.
[Root @ localhost ~] # Useradd-D
GROUP = 100
HOME =/home
INACTIVE =-1
EXPIRE =
SHELL =/bin/bash
SKEL =/etc/skel
If you want to modify the default shell to/bin/csh when adding a user, you can do this:
[Root @ localhost ~] # Useradd-D-s/bin/csh
[Root @ localhost ~] # Useradd-D
GROUP = 100
HOME =/home
INACTIVE =-1
EXPIRE =
SHELL =/bin/csh
SKEL =/etc/skel
4./etc/skel directory
After you create a new user, you will see a similar in the new user's home directory. bash_profile ,. bashrc ,. bash_logout and other files. How can I set these files if I want new users to have their own configuration files under the main directory by default?
The/etc/skel directory solves this problem. The/etc/skel directory defines the default configuration file of the new user in the main directory, change the content in the/etc/skel directory to change the configuration file information of the default home directory of the new user.

User management tools

1. Add, switch, and delete user group commands groupadd/newgrp/groupdel
1. groupadd command
Creates a user group. Syntax format:
Groupadd [-g-o] gid group
The specific meanings of each option are as follows:
-G: Specifies the GID of the new user group. The GID must be unique and cannot be the same as the GID of other user groups.
-O: generally used together with the-g option, indicating that the GID of the new user group can be the same as the GID of the existing user group in the system.
For example:
Create a linuxfans user group and a fanslinux user group with GID 1020 and 1030 respectively.
[Root @ localhost ~] # Groupadd-g 1020 linuxfans
[Root @ localhost ~] # Groupadd-g 1030 fanslinux
[Root @ localhost ~] # More/etc/group | grep linuxfans
Linuxfans: x: 1020:
[Root @ localhost ~] # More/etc/group | grep fanslinux
Fanslinux: x: 1030:
2. newgrp command
If a user belongs to multiple user groups at the same time, you can switch between user groups to have permissions for other user groups. newgrp is mainly used to switch between multiple user groups. The syntax format is:
Newgrp <user group>
Example: The following example describes how to use newgrp:
First, three user groups group1, group2, and group3.
[Root @ localhost ~] # Groupadd group1
[Root @ localhost ~] # Groupadd group2
[Root @ localhost ~] # Groupadd group3
A user user1 is created, and the main user group of user1 is specified as group1, and the additional user groups are group2 and group3.
[Root @ localhost ~] # Useradd-g group1-G group2, group3 user1
[Root @ localhost ~] # More/etc/group | grep user1
Group2: x: 501: user1
Group3: x: 502: user1
The following describes how to set a password for user1.
[Root @ localhost ~] # Passwd user1
Changing password for user user1.
New UNIX password:
Retype new UNIX password:
Passwd: all authentication tokens updated successfully.
The following are a series of operations performed by switching to the user group of user1 through newgrp, from which we can see the role of newgrp.
[Root @ localhost ~] # Su-user1
[User1 @ localhost ~] $ Whoami
User1
[User1 @ localhost ~] $ Mkdir usermetadata Doc
[User1 @ localhost ~] $ Newgrp group2
[User1 @ localhost ~] $ Mkdir user2_doc
[User1 @ localhost ~] $ Newgrp group3
[User1 @ localhost ~] $ Mkdir user3_doc
[User1 @ localhost ~] $ Ll
Total 12
Drwxr-xr-x 2 user1 group1 4096 Oct 24 usermetadata Doc
Drwxr-xr-x 2 user1 group2 4096 Oct 24 user2_doc
Drwxr-xr-x 2 user1 group3 4096 Oct 24 user3_doc
[User1 @ localhost ~] $
3. groupdel command
Deletes a user group. Syntax format:
Groupdel [group name]
You can use the groupdel command to delete a user group from the system. If the user group still contains some users, you must delete these users before deleting the user group.
For example, delete the linuxfans user group.
[Root @ localhost ~] # Groupdel linuxfans
2. Add, modify, and delete user commands useradd/usermod/userdel
1. useradd user creation process
When useradd creates a user without any parameters, the system first reads the add user configuration file/etc/login. defs and/etc/default/useradd, add users according to the rules defined in the two configuration files, and then add users and user group records to the/etc/passwd and/etc/group files, at the same time, the encrypted files corresponding to/etc/passwd and/etc/group will also generate records automatically, and then the system will automatically create the user's main directory under the directory set in the/etc/default/useradd file, finally, copy all the files in the/etc/skel directory to the new user's home directory, so that a new user can be created.
2. useradd syntax
The common format of the useradd syntax is:
Useradd [-u uid [-o] [-g group] [-G group,...]
[-D home] [-s shell] [-c comment]
[-F inactive] [-e expire] name
The specific meanings of each option are as follows:
Unique-u uid: the user ID, which must be unique.
Logon-g group: Specifies the default group to which the new user logs on, or the primary group. This group must already exist.
Additional-G group: Specifies the additional group for the new user. This group must already exist. An additional group is relative to the primary group. When a user is a member of multiple groups at the same time, the default logon group is the primary group, while other groups are called additional groups.
Upload-d home: Specify the default home directory of the new user. If not specified, the system will create the home Directory of the user under the directory specified in the/etc/default/useradd file.
Executor-s shell: Specifies the default shell used by the new user. If this parameter is not specified, the system uses the shell defined in the/etc/default/useradd file as the default shell for the new user.
Remark-c comment: description of the new user.
Duration-f inactive: Specifies how long the account will be permanently suspended after expiration. When the value is 0, the account is immediately suspended. If the value is-1, this function is disabled. The default value is-1.
Expiration-e expire: Specifies the expiration time of the user's account. The date format is MM/DD/YY.
Registrant name: Specifies the username to be created.
3. usermod syntax
Usermod is used to modify the attributes of a user's account. The syntax is as follows:
Usermod [-u uid [-o] [-g group] [-G group,...]
[-D main directory [-m] [-s shell] [-c comment] [-l new name]
[-F expiration date] [-e expiration date] [-L |-U] Name
The specific meanings of each option are as follows:
Unique-u uid: Specifies the new UID value of the user. This value must be a unique ID value unless the-o option is used.
Modify-g group: Modify the name of the group to which the user belongs. The user group name must already exist.
Modify-G group: Modify the additional group to which the user belongs.
Modify-d main directory: Modify the main directory when a user logs on.
Modify-s shell: the default shell used after the user logs on to the system
Modify-c annotation: Modify the user's annotation information.
-L new name: Change the user account to the new name.
Expiration-f Expiry date: the number of days after which the account expires.
Expiration-e: Add or modify the expiration time of the user account.
Locking-L: the user password is locked to make the password invalid.
Unlock-U: Unlock the password.
Registrant Name: the System user who wants to modify the attributes.
4. userdel usage syntax
Userdel is used to delete a user. If the "-r" parameter is specified, not only the user is deleted, but also the user's home directory and all files in the directory are deleted. Syntax format:
Userdel [-r] [User Account]
5. Application Example
1) Add a user named mylinux, specify the user group as fanslinux, the user group as linuxfans, and specify the user's default home directory as/opt/mylinux.
[Root @ localhost ~] # Useradd-g fanslinux-G linuxfans-d/opt/mylinux
[Root @ localhost ~] # More/etc/passwd | grep mylinux
Mylinux: x: 523: 1030:/opt/mylinux:/bin/bash
[Root @ localhost ~] # More/etc/group | grep mylinux
Linuxfans: x: 1020: mylinux
2) Add a user test_user and specify UID as 686. The default shell is/bin/csh, so that it belongs to the user groups linuxfans and fanslinux, and add the user description,
[Root @ localhost ~] # Useradd-u 686-s/bin/csh-G linuxfans, fanslinux-c "This is test user" test_user
[Root @ localhost ~] # More/etc/passwd | grep test_user
Test_user: x: 686: 686: This is test user:/home/test_user:/bin/csh
[Root @ localhost ~] # More/etc/group | grep test_user
Fanslinux: x: 1030: test_user
Linuxfans: x: 1020: mylinux, test_user
Test_user: x: 686:
3) modify the main user group of user test_user to the new group test_group1, and change the additional group of test_user to linuxfans and root. Finally, modify the default logon shell of test_user to/bin/bash.
[Root @ localhost ~] # Groupadd test_group1 # Add a new user group
[Root @ localhost ~] # More/etc/group | grep test_group1 # display the information of the New User group
Test_group1: x: 1031:
[Root @ localhost ~] # Usermod-g test_group1-G linuxfans, root-s/bin/bash test_user
[Root @ localhost ~] # More/etc/passwd | grep test_user # The output shows that the user's attributes have been changed.
Test_user: x: 686: 1031: This is test user:/home/test_user:/bin/bash
[Root @ localhost ~] # More/etc/group | grep test_user # according to the output, the attributes of the user group are also changed simultaneously.
Root: x: 0: root, test_user
Linuxfans: x: 1020: mylinux, test_user
Test_user: x: 686:
4) how to lock and unlock the User Password
Next, set the password for test_user and mylinux users.
[Root @ localhost ~] # Passwd test_user
Changing password for user test_user.
New UNIX password:
Retype new UNIX password:
Passwd: all authentication tokens updated successfully.
[Root @ localhost ~] # Passwd mylinux
Changing password for user mylinux.
New UNIX password:
Retype new UNIX password:
Passwd: all authentication tokens updated successfully.
The following operations are performed to switch to the mylinux user through the su command, and then switch to the test_user user again under mylinux. The switching user here is to illustrate the problem: switching from a Super User root to a common user does not require a common user password, and the system does not verify the password. However, password verification is required for switching between common users.
[Root @ localhost ~] # Su-mylinux # Switch to mylinux using the su command
[Mylinux @ localhost ~] $ Whoami # Use the whoami command to view the current user
Mylinux
[Mylinux @ localhost ~] $ Su-test_user # switch from mylinux user to test_user user and enter the password
Password:
[Mylinux @ localhost ~] $ Whoami # Switch to test_user
Test_user
Next, run usermod under the root user to lock the password of test_user and test whether test_user can log on again. We can see from the following that after the password is locked, a logon failure occurs.
[Root @ localhost ~] # Usermod-L test_user # Lock the password of the user test_user
[Root @ localhost ~] # Su-mylinux
[Mylinux @ localhost ~] $ Whoami
Mylinux
[Mylinux @ localhost ~] $ Su-test_user # The entered password is correct, but the system prompts that the password is incorrect because it is locked.
Password:
Su: incorrect password
[Mylinux @ localhost ~] $ Whoami
Mylinux
At last, the password of test_user is unlocked and the logon is normal.
[Root @ localhost ~] # Usermod-U test_user # unlock the password
[Root @ localhost ~] # Su-mylinux
[Mylinux @ localhost ~] $ Whoami
Mylinux
[Mylinux @ localhost ~] $ Su-test_user
Password:
[Test_user @ localhost ~] $ Whoami # After the password is locked, the test_user user can log on to the system.
Test_user

File and permission settings

The so-called File Permission refers to the access permissions to files, including reading, writing, deleting, and executing files. In linux, each user has different permissions, A common user can only perform write operations in his/her own home directory, while a common user can only perform search and read operations outside the home directory. How can I handle the relationship between file permissions and users, is the focus of this section.
1. view the permission attributes of a file
You can use the ls command to view the permission information of the file and the directory. The ls command without any parameters only displays the file name, you can use "ls-al" to display the permission information of a file or directory. See the following output:
[Root @ localhost oracle] # ls-al
Total 92
Drwxr-xr-x 3 oracle oinstall 4096 Oct 30 2006 admin
Drwxr-xr-x 2 oracle oinstall 4096 Oct 23 bin
-Rwxr-xr-x 1 root 3939 Mar 20 2008. createtablespace. pl
Drwxr-xr-x 3 oracle oinstall 4096 Oct 30 2006 flash_recovery_area
Drwxr-xr-x 2 oracle oinstall 4096 Jun 25 install
Drwx ------ 2 oracle oinstall 16384 Jun 25 lost + found
Drwxr-xr -- 3 oracle oinstall 4096 Oct 30 2008 oradata
Drwxr-xr-x 6 oracle oinstall 4096 Oct 30 2006 oraInventory
Drwxr-xr-x 3 oracle dba 4096 Oct 28 2006 product
To give a more detailed description of the meaning of each attribute in the above output, the meaning of each column in The oradata document is listed:

The following example describes the meaning of each column.
1. The first column displays the document type and execution permission, which consists of ten characters and is divided into four parts. The oradata permission of the document is broken down below, as shown in

Next, we will explain each part as follows:
Documentation type section:
"D" indicates a directory; "l" indicates a soft link; and "-" indicates a file; if it is "c", it indicates the serial port character device file; if it is "B", it indicates the block device file that can be stored. Oradata is a directory.
In the next three parts, the three characters are a group, each of which indicates that "r" indicates read-only, that is, read; "w" indicates writable, that is, write; "x" indicates executable, that is, execute; "-" indicates that this permission is not available, that is, it is null.
Login User:
The second part sets the document owner's (user) permissions. "rwx" indicates that the user has all the permissions to read, write, and execute the oradata directory.
Consumer Group:
The third part is to set the permissions of the user group to which the document belongs. "r-x" indicates that the user group has read and execute permissions on the oradata directory, but has no write permission.
Others part:
The fourth part is the setting of other user permissions other than the document owner. "r --" indicates that other users or user groups have only the read permission on the oradata directory.
The operation permission of the document can be specified and changed. You can use the chmod command to change the permission of the file or directory, which will be described in the following section.
2. The second column shows the number of links to the document. The number of links is the concept of hard links, that is, how many files direct to the same index node. For example:
[Root @ localhost ~] # Ls-al
-Rw-r -- 1 root 60151 Oct 25 0:01 install. log
[Root @ localhost ~] # Ln install. log install. log1
[Root @ localhost ~] # Ls-al install. log
-Rw-r -- 2 root 60151 Oct 25 0:01 install. log
[Root @ localhost ~] # Ln install. log install. log2
[Root @ localhost ~] # Ls-al install. log
-Rw-r -- 3 root 60151 Oct 25 0:01 install. log
From the above we can see that the original number of links in the install. log file is 1, and then two hard links are performed. The number of connections in the install. log file is 3, which indicates the number of connections.
3. the third column shows the user and user group to which the document belongs, that is, the user and user group to which the document belongs, for example, the oradata directory above, the user to which the document belongs is oracle, the Group is the oinstall group. Users and groups to which the file belongs can be changed. You can use the chown command to modify the user attributes of the document.
4. the fourth column displays the document size. The default display unit is bytes. However, you can also modify the display unit by using command parameters, for example, you can combine "ls-sh" to display the document size in a user-friendly manner. For directories, only the default block size of the file system is usually displayed.
5. the fifth column shows the last modification date of the document, which is usually displayed by month, day, hour, and minute. If the modification time of the document is far away, it is displayed by month, day, and year.
6. the document name is displayed in column 6. "The file that begins with". "is a hidden directory. Only the"-a "option of the ls command can be used to hide a document.
For example, the above. createtablespace. pl file is a hidden file.
2. Use chown to change the owner and group
Chown refers to the change owner, which is mainly used to change the owner of a file or directory. The owner includes users and user groups. In fact, chown is a series of settings for users and user groups of the file.
The general syntax used by chown is:
[Root @ localhost ~] # Chown [-R] user name file or directory
[Root @ localhost ~] # Chown [-R] User name: User Group name file or directory
Parameter description:
-R: Perform recursive permission changes, that is, update all files and subdirectories in the directory to the specified user group permissions. It is often used to change a directory.
Note: before performing the operation, make sure that the specified user and user group exist in the system.
Example 1: Modify the user of the hidden file ". createtablespace. pl" to oracle and the user group to oinstall as follows:
[Root @ localhost ~] # Chown oracle: oinstall. createtablespace. pl
[Root @ localhost ~] # Ls-al. createtablespace. pl
-Rwxr-xr-x 1 oracle oinstall 3939 Mar 20 2008 createtablespace. pl
Note: Make sure that the oracle user and oinstall group already exist.
Example 2: Modify the oradata directory and all files in the directory to the root user, and the user group to the dba group,
[Root @ localhost ~] # Chown-R root: dba oradata
Drwxr-xr -- 3 root dba 4096 Oct 30 2006 oradata
3. Use chmod to change Access Permissions
Chmod is used to change the access permissions of files or directories. This command can be used in two ways. One is the character setting method that contains letters and operator expressions, and the other is the number setting method that contains numbers.
1. Character setting method
Syntax:
Chmod [who] [+ |-| =] [mode] File Name
The meanings of the options in the command are as follows:
Operator who indicates the operation object, which can be any one of the following letters or their combination.
 U indicates "user", that is, the owner of a file or directory.
A group is the user group to which a file or directory belongs.
 O indicates "Other (others) Users ".
Region a indicates "all (all) Users ". It is the default value of the system.
The following table lists the meanings of the operator symbols:
"+" Indicates adding a permission.
"-" Indicates canceling a permission.
Authorization "=" indicates that the given permissions are granted and all previous permissions of the document are revoked.
Execution mode indicates the executable permissions, including "r" (read-only), "w" (writable), and "x" (executable), and their combinations.
The delimiter file name can be a list of files separated by spaces. Wildcards are supported.
2. Example
Modify the install. log file so that the owner has all permissions. the user group and other users have read-only permissions:
[Root @ localhost ~] # Ls-al install. log
-Rw ------ 1 root 60151 Oct 17 install. log
[Root @ localhost ~] # Chmod u = rwx, g + r, o + r install. log
[Root @ localhost ~] # Ls-al install. log
-Rwxr -- r -- 1 root 60151 Oct 17 16:11 install. log
Modify the permissions of the/etc/fstab file so that the owner has the read and write permissions. the user group and other users do not have any permissions:
[Root @ localhost ~] # Ll/etc/fstab
-Rwxr -- r -- 1 root 1150 Oct 23/etc/fstab
[Root @ localhost ~] # Chmod u-x, g-r, o-r/etc/fstab
[Root @ localhost ~] # Ll/etc/fstab
-Rw ------- 1 root 1150 Oct 23/etc/fstab
3. digit setting
First, let's take a look at the meaning of the attribute represented by numbers. 0 indicates that you do not have any permissions. 1 indicates that you have executable permissions, which have the same meaning as "x" in the preceding character notation. 2 indicates that you have the write permission. 4 indicates that you have the read permission and r permission.
If you want the owner of a file to have the read and write permissions, you can use the 4 (readable) + 2 (writable) = 6 (readable and writable) method, the number 6 indicates that you have the read and write permissions.
Syntax:
Chmod [combination of numbers with Master permissions] [combination of numbers with user group permissions] [combination of numbers with other user permissions] File Name
Demonstrate the implementation principle of the number setting method:


Analysis of the meaning of the number setting method
It can be clearly seen that the meaning of the "755" combination, the first "7" shows the permissions of the file owner, through 4 (r) + 2 (w) + 1 (x) = 7 (rwx. The second "5" shows the permissions of the group to which the file belongs, which is obtained through 4 (r) + 0 (-) + 1 (x) = 5 (rx, similarly, the last "5" has a similar meaning.
Example:
A file named mysqltuner. the default permission of pl is 600, that is, "-rw -------", indicating that only the owner (User) of this file has read and write permissions, and other users (Others) and Group) you are not authorized to access this file.
First, modify the permission of this file to 644, that is, "-rw-r --", indicating that the owner of this file (User) has read and write permissions, while other users (Others) and Group only have the read permission. The operation is as follows:
[Linux1 @ localhost ~] $ Ls-al mysqltuner. pl
-Rw ------- 1 linux1 linux1 38063 Oct 26 mysqltuner. pl
[Linux1 @ localhost ~] $ Chmod 644 mysqltuner. pl
[Linux1 @ localhost ~] $ Ls-al mysqltuner. pl
-Rw-r -- 1 linux1 linux1 38063 Oct 26 mysqltuner. pl
Then modify mysqltuner. the permission of the pl file is 755, that is, "-rwxr-xr-x", indicating that the owner (User) of the file has read and write permissions, while that of other users (Others) and Group have read and execute permissions on this file.
[Linux1 @ localhost ~] $ Chmod 755 mysqltuner. pl
[Linux1 @ localhost ~] $ Ls-al mysqltuner. pl
-Rwxr-xr-x 1 linux1 linux1 38063 Oct 26 mysqltuner. pl

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.