Linux Basic 3 (file permissions)

File permissions 1, normal permissions

(Login user's permission to read and write the file or directory)
Normal permissions are not valid for administrator users

There are 4 types of users in both files and directories
U owner: file, directory Creator
G belongs to group: file, directory belongs to user group
o Other users: The user is neither the creator of the file, the directory, nor the user group in which the file or directory belongs
A All users: Collectively, the above 3 categories of users

4 2 1 0
R W X-
Type of file or directory permission read, write, execute no permissions

View permissions for a file/directory

ll file name ll directory /-D directory name

Permission List link number owner belongs to group size datetime filename/directory

Permission list (consisting of 10 characters)
The first column of characters indicates the file type

1 - text file 2D directory 3L link file 4s socket file 5b Block file 6P pipe file 7 C character file

The remaining 9 columns of characters per 3 are listed as a component of 3 groups
The first group represents owner permissions
The second group represents the owning group permissions
The third group represents other user rights

In each set of permissions

W permission display bit third column x permission display bit

* If the display position is a character-indicates that there is no permission
On the permissions file on the directory
R read the file list in the contents of the Browse directory
Cat head tail more less LS

W Write Edit file contents Create or delete files or directories
Vim Touch RM mkdir RmDir
CP MV

X execute can run file can enter directory
./File Name CD
/testdir/a.sh

* To allow users to write permission to the directory to open X permissions at the same time
* Once the user has W permissions on the directory, the full permissions to the sub-files in this directory

Set the syntax format for a permission command-chmod

chmod -r permission list file name/directory name

The list of permissions is represented by numbers

754 Ugo

Letter Representation

w X-+-a= set the specified permissions + Add permissions on the basis of the original permission-remove the permissions on the basis of the original permissions

Instance

chmod  the file name chmod 754 Directory name chmod u-x filename/directory name/ file name chmod u=rx,g=r,o=r directory name/ file name chmod a=r directory name/ file name  chmod /teadir 

MKDIR-M 700 Directory Name//permission to specify directory when creating directory,
If you do not specify the default permissions for the permission system settings

To view the default permissions when creating a file

Umask-s
Umask
General user Privileged User
Files 644 644
Table of Contents 775 755

2. Special privileges

SUID, SGID, Set stikcy
Alpha-Numeric
SUID s 4
SGID s 2
Set Sticky T 1

The SUID permission bit can only be set on a binary file (usually a system command)
When a user runs a file that has the SUID permission bit set, it has the permissions of the file owner
SUID permissions are only valid during execution.
The user must have EXECUTE permission on the file itself to use the file's suid permissions.

U x
Use the letter S to indicate that the execution bit of the file owner is occupied
When S is lowercase, the file owner has execute permissions on the file
When s uppercase, the owner of the file does not have permission to execute the file
The corresponding digital permission is the number 4

chmod U+s/usr/sbin/useradd
chmod u-s/usr/sbin/useradd

SGID can be set either on a file or on a directory, usually on a directory.
Set on file, when the user executes the file, owns the permissions of the group to which the file belongs
Set on the directory, sub-files created under the directory, subdirectories inherit the parent directory of the owning group.

Use the letter S to indicate that the execution permission bit of the group that occupies the file or directory belongs to
When s lowercase, the file's owning group user has execute permissions on the directory
When s uppercase, the file's owning group user does not have execute permissions on the directory
The corresponding digital permission is the number 2

chmod G+s/usr/sbin/useradd
chmod g-s/usr/sbin/useradd

Set stikcy Sticky bit (anti-delete bit)
Can only be set on the directory.
When you set the T permission bit to the directory, the files in the directory can only be deleted by the owner of the file.
Cannot be moved, renamed, edited (but can be copied) by another user
This permission is not valid for administrator users.

Use the letter T to indicate that another user is occupying the directory to perform the permission bit display
When T is lowercase, other users have execute permissions on the directory
When T is capitalized, other users do not have permission to execute the directory
The corresponding digital permission is the number 1
Suid Sgid Set-sticky
4 2 1
s S t
U-x G-x O-x

1755 Rwxr-xr-t

7777 RWSRWSRWT

mkdir  /dir10useradd u10useradd u12useradd u3useradd U2

Let the system user U2 the/dir10 directory with full permissions.
Only allow the system user U2 to have full permissions to the/dir10 directory.
Only allow system users U2, U3 to/dir10 directory has full permissions.

3. File access Control List

-Facl
Dumpe2fs/dev/sda2 | grep--color ACL

Getfacl Directory Name/file name

Getfacl/dir10

Set a user or group of users to access to a file or directory independently, without changing their permissions.

SETFACL options [parameters]: User type: Permission list file name/directory name

Options
-M setting Facl permissions
-X Delete Facl permissions (one at a time)
-B Remove all ACL permissions for a directory or file
-K Remove default ACL permissions for a directory
-R Recursive settings
Setfacl-r-M U:u100:rwx/dir10

Parameters
M set permissions for Acl_mask code

ACL Permission mask: control permissions for ACL users
The default Acl_mask value is rwx
The final permission of the authorized user's ACL is the right after the authorization permission and the Acl_mask code logical operation

Setfacl-m M:r/dir10

D Set default ACL permissions for the directory
Setfacl-m D:U:U1:RWX/DIR6

User Type U set access rights for a user
G Set access rights for a user group

Permission list R W x

Mkdir-m 755/DIR6

Allow system user U2 to have rwx permissions on all files in the/DIR6 directory

4. Hidden Permissions for files

View hidden properties of a file
Lsattr file name

Set up
Chattr +-=a|i| A file name

The contents of the I file cannot be edited (nor can the administrator)
A can only add new content to the file in Append mode
A does not update the file access time

Practice

I. Basic authority and attribution

1, long format display/etc/passwd and/boot, respectively say their corresponding permissions 2, in the form of character permissions to change the desktop (including the file) permissions to 770  3, change the desktop (including the files) permission to 7554echo Hello World in digital permission form . Set allow to execute the script 5, view the umask value, what it means 6, create a/opt/studir directory with permission of 755. Change the/opt/studir directory owner to student, the owning group is users7, andchange all files and subdirectory owners in the/opt/Studir directory including directory to stu01 8. Delete the accounts and groups created in the experiment

Second, additional permissions control

1, long format Display/tmp and/usr/bin/passwdto view their permissions2, create a regular account Tom, find out where the mkdir command is, copy it to/under bin renamed Smkdir, set suid permissions for it3, Tom landed using mkdir to create/tmp/test1 directory, viewing its permissions4, Tom landed using Smkdir to create/tmp/test2 directory, viewing its permissions5, delete the Smkdir command6, find out where the CP command is, copy it to/changed to GCP under Bin, set Sgid permissions for it7, log in with Tom's account, and create a/tmp/file1 file using the CP command. Create/tmp/using the GCP commandfile2 file, view these 2 file Permissions section differences. 8, delete the GCP command, Tom account9, create User01,user02 account, GROUP01 group. /software directory, use User01 to create Test01,user02 in this directory to create test02, view its permissionsTen, change the software directory owner to root, the owning group is GROUP01, allow everyone to have read, write, execute permissions on this directory, and create files and directories in this directory automatically inherit software group One, delete user01,user02 account, GROUP01 Group, and/Software Directory A, view the current disk partition, and see if the root partition supports ACLs -, view/root ACL permissions, create an account jack,jack can enter/root? Why -, use ACL permissions to set Jack to enter/Root the, create the/data directory, set the/new files and directories under the data directory, Jack has read, write, execute permissions -ClearACL permissions for data -, delete the/data directory with the Jack Account Linux Foundation 3 (User/Group management, RPM,Yum, source installation software)

Linux Basic 3 (file permissions)