Knowledge of Linux Rights Management

Source: Internet
Author: User
Tags readable file permissions

Linux/gnu There is a widespread word is "All Linux is a file", the system is the kernel to create a series of processes to invoke the file to complete the tasks assigned by the user. And the LINUX/GNU system as a multi-user multitasking operating system, how to manage the individual users and the tasks they create, is a software engineering, his architecture design can refer to our social structure, after all, our society before the development of software engineering for thousands of years, It was not until the 50 's that the hardware base of software engineering developed, and its dependence was met by nature (of course, in software systems we could be less constrained by unnecessary social rules, more idealized). Software engineering in the long-term interests of all users, the highest goal is a stable and efficient non-downtime crash, to prevent the failure of an uncontrolled collapse to achieve restart, this situation, the most injured is the general public. In society, we each natural person is a citizen, has his own family, the family members constitute a basic user group, each family and the formation of a larger level of the country, each country and the formation of a global village (this is a single family from the dimension of interpretation of user and user group concept). Of course, we also have our own occupation, work in different positions, for the sustainable development of the system to contribute their own power, we are part of the company's user group, so a single user can belong to more than one user group: In a single user group, A user who creates a file that is assigned to his or her own resources by a system administrator or a parent group administrator has all the permissions (r,w,x) that he or she can set for other users and group members other than their own. The main points are as follows: The concept of 1.Linux file permissions in each LINUX/GNU release, login system, execute "ls-al" command!, you will see the following:! [] (http://i2.51cto.com/images/blog/201807/28/7061e301016211f4f71d42719cb653cf.png?x-oss-process=image/ watermark,size_16,text_qduxq1rp5y2a5a6i,color_ffffff,t_100,g_se,x_10,y_10,shadow_90,type_zmfuz3pozw5nagvpdgk=) The first column in the main diagram, the first column has 10 characters, can be divided into 4 groups. The first group is the first character, followed by a group of three characters. 1). The first character represents the type of the file if "D" is a directory (for example, the second two lines in the), and if "-" is a file, for example, 4 lines in the middle, or "L" is a linked file, or "B" means the storage interface device in the device file;"C" is indicated as a serial port device in the device file, such as a keyboard, mouse. 2). The latter three groups are combinations of "r,w,x" 3 parameters, "R" stands for readable (read), "W" stands for writable or modified (write), "X" stands for executable (excute). The location of the three permissions does not change, and if there is no permission, a minus sign "-" appears. The first group is "Permissions for file owners", for example, ". CSHRC" file, the owner of the directory can read and write but not executable; the second group is "permissions for the same user group", with the same file as an example, which is readable and non-writable (modified) and not executable for other users in the same group; Other non-user rights ", in the same file as an example, the directory for non-users of the group is also readable and non-writable (modified) and not executable; *linux file permission settings for the system's data security has a great effect, such as your own home you do not want the thief to take away your property, even if the acquaintance to the home, You wouldn't let him change the furniture. There are also files about system services that are usually only available to the root user to read or write, such as/etc/shadow, a file that stores account management information, because it records all of the user accounts in your system, and of course it is not allowed to be read by anyone (otherwise the password will be stolen to bury the security risk). So the permissions of the file will be "-RW-------", only root can be read. 2. File default permissions and change the properties and permissions of the file as needed, citizens or users can flexibly change their own file attributes or create new files, such as joining (creating) another group, like changing jobs or getting married to form a new family. Under the Liunx system, for user-friendly creation, a default permission is set on the new file. For example, ordinary files will not give execution permissions (x), for security reasons, to prevent the download of unknown files (computer viruses) automatically executed, the directory file will give the executive permission, user access to view, but do not write (W) permission to avoid the directory is changed. A file has a lot of properties and permissions, first introduced a few commonly used with user groups, owners, various identities of the modification of the command: 1. Chgrp:change Group, change the user group of users, 2). Chown:change owner, change the file owner; 3). Chmod:change mode, change permissions, 1). Number type change, Linux file basic permissions are 9, respectively, owner,group,others three identities of the respective R, W, x permissions. We use numbers to represent each of the rights: R=4,w=2,x=1, the various identities of the respective three permissions of the score accumulation, you can get a representative of the file permissions three digits, such as 777, that the file for the owner, the group, other users are openThe R,w,x permission is placed. 2). symbol type change; we can use U,g,o to represent three kinds of identity permissions, in addition to a (all) for all identities, read and write execution of the permissions can be written r, W, X, then the following example can be represented: U=rwx,g=rx,ug=rx,a=rx. 3. There are always some things in the special privilege system that cannot be qualified with basic permissions, some are necessary for security reasons, such as other users ' access to/USER/BIN/PASSWD, or the self-discipline requirements of public spaces, such as the directory where the system holds temporary files in/tmp. What access does a user have to files created by other users? Special permissions are suid,sgid,sbit:1). SUID 2). SGID 3). The Sbit:sticky Bit sbit is only valid for the directory, primarily in the/tmp directory, or in other workgroup shared files directories. The main functions of sbit are: 1). The current user has w,x permissions on this directory, that is, the permission to write (modify), and 2). After the current user creates a file or directory under this directory, only himself and Root have the right to modify the file. This is the same as social public space, the original user has permission to other users of the file to be censored, but to avoid some users of other users of malicious operations, to maintain the maximum benefit of all users, we need to the public space users create files to protect, and set sbit permissions. Suid/sgid/sbit permission settings refer to the way in which permissions were modified before, also divided into digital and character: 1). Digitally digitally change permissions in a combination of "three numbers", if you add a number to the front of three digits, the first number can represent these permissions; 4 is suid,2 for sgid,1 for Sbit 2). Character suid for U+s,sgid g+s,sbit for o+t above is I have a simple understanding of Linux file Rights Management, I hope to help you.

Knowledge of Rights management for Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.