Linux Basic Concepts-----Linux Permissions

Permission object:

Owner: U

Genus Group: G

Other people: O

Everyone: A

Linux Basic permissions

READ: The read identity is: R octal ID: 4

Write: The Write ID is: w octal ID: 2

Execution: Execution is identified as: x Octal ID: 1

Special permissions

Setuid: Only valid for files (executable binaries), performing octal performance as the owner of a file: 4

[Email protected] tmp]# ls-l/usr/bin/passwd

-rwsr-xr-x. 1 root root 30768 Feb 2012/usr/bin/passwd

passwd command, ordinary users do not have permission to execute, but each user can use passwd to modify their own password, because passwd command on the SETUID,PASSWD command is the owner of root, so ordinary users in the execution of passwd command, Execute the change command using the root identity.

Setgid: Only valid for directory octal performance is: 2

Files created by any user in a directory belong to the group to which the directory creator belongs.

Sticky (sticky bit): This permission can be understood as anti-delete permission octal performance is: 1

If a file or directory does not want permission to be deleted by the user to delete, set permissions, even if the user has 777 permissions, can not delete the file or directory

##################################################################

If you want to setthese special permissions for setuid, setgid, sticky (sticky bits), add a group of octal in front of the original 3 set of 8 decimal digits

You can set specific permissions on a directory or file, such as 4644,2755,1700

##############################################################

This paragraph is reproduced: original address: http://www.cnblogs.com/qlwy/archive/2011/06/26/2121919.html

After you set these flags, you can use ls-l to view them. If these flags are present, they are displayed in the original execution flag position. Such as

rwsrw-r--indicates a setuid flag.

rwxrwsrw-indicates a setgid flag.

RWXRW-RWT indicates a sticky flag.

So where did the original execution sign x go? The system specifies that if there is an X on the bit, these special flags are shown as lowercase letters (s, s, T). Otherwise, it is shown in uppercase letters (s, S, T)

################################################################

Impact of basic permissions on directories and files

File

READ: Can view the contents of a file

Write: Can change the contents of the file or delete the file (delete the file in addition to the file has write permission, but also need to have write permission to the directory where the file is located)

Execute: The file can be launched into a process (Linux system default, the file does not have permission to execute)

Directory

READ: You can view a list of files within a directory, such as LS, but you cannot use the LS-L option

Write: In the directory to create a file, you can delete the directory itself (delete files inside the directory, need to see the specific permissions of the file)

Execute: Can enter the directory, such as Ls-l or CD in

######################################################################################

Ugo Traditional permissions (RWX): Only one user, one group and others

Extension of Acl:ugo Permissions

Permissions are free to control each user's rights to the same file or directory.

such as: The text group has Tom and Jak two users,/tmp directory has a file called AA, belong to the main group is root, other people do not have any permissions, the need is: Tom has read and write permissions to the file, Jak to the file only reading permissions, and traditional Ugo permissions can not be done.

######################################################################################

[[email protected] ~]# getfacl AA

# FILE:AA

# Owner:root

# Group:root

user::rw-

group::r--

other::r--

#########################################

Here is the requirement implementation process

[Email protected] ~]# setfacl-m U:TOM:RW AA

[Email protected] ~]# setfacl-m u:jak:r AA

[[email protected] ~]# getfacl AA

# FILE:AA

# Owner:root

# Group:root

user::rw-

user:tom:rw-

user:jak:r--

group::r--

mask::rw-

other::r--

############################################

[[email protected] tmp]$ echo Tom >> AA

[[email protected] tmp]$ cat AA

Tom

[[email protected] tmp]$ echo jak >> AA

-bash:aa:permission denied

[[email protected] tmp]$ cat AA

Tom

############################################

Setfacl setting ACL permission bits

Getfacl View ACL permission bits

Command specific other use methods and other relevant explanations, please man or Google

This article is from the "Hanging Swords" blog, make sure to keep this source http://sublime.blog.51cto.com/8856101/1434127