Linux command (shell) from entry to proficient study Note 1: file security and permissions

Source: Internet
Author: User
1. ls-l command: the first bit indicates the file type: d directory. L symbolic link (pointing to another file ). S socket file. Block B device files. C character device file. P name the MPs queue file. -Common files, or more accurately, do not belong to the above types of files... information & nbsp
1. ls-l command: the first bit indicates the file type:
D directory.
L symbolic link (pointing to another file ).
S socket file.
Block B device files.
C character device file.
P name the MPs queue file.
-Common files, or more accurately, do not belong to the above types of files.
The next nine consecutive digits indicate the read and write permissions of the file:
R w x: file owner permission, which is the first three
R-x: The user permissions in the same group are three in the middle.
R-x: other user permissions. this is the last three. permission Directory of the newly created File (folder): You can see that the permission of the newly created directory myshell is: rwx r-x, that is: onwer users have read, write, and execute permissions, while group and other users have read and execute permissions. File: you can see that the permission of the newly created file myfile is rw-r --. When a file is created, it is not granted the execution permission for security reasons. File permission modification: # chmod 777 myfile // grant all permissions to the file to all users. # Chmod a-x myfile // revoke the execution permissions of all users (note that there is no space before a-x and-x ). # Chmod u + x, go-w myfile // grant the file owner the execution permission and revoke the write permission of other users. 3. two modes of the chmod command: Symbol mode and absolute mode. symbol mode: # u: file Owner # g: same group of users # o: Other users #: all users + add permissions-revoke permissions such: chmod a-x myfile // deprive all users of the file execution permission chmod og-w myfilechmod g + w myfilechmod u + x myfilechmod go + x myfchmod u + x, o-w myfile absolute mode: 004 readable 002 writable 001 executable 000 no permission chmod 750 myfile add permission to file myfile: 7 = 4 + 2 + 1 (subject-readable, write, and executed) 5 = 4 + 1 (same group users can read and execute) 0 = 0 (other users do not have any permissions) if you run the following command on a directory: chmod 740 * table Grant the 740 permission to all files in the directory, but the permission is still the default rw-r -- 4. the permission of a directory means that: read permission: you can list the file write permission in the directory: you can create or delete the file execution permission in the directory: the permission to search for or enter the directory will overwrite the permission of the files in the directory. For example, if the directory docs has the following permissions, and the file pay permission is: users in the admin group cannot edit the file, because the directory to which it belongs does not have this permission. This file can be read by any user. However, because the directory where the file is located does not grant execution permissions to the users in the admin group, users in this group cannot access this directory, they will get an error message with limited access. 5. suid and guid (understanding) suid means that if a user sets this permission for his or her own shell script, other users will also have the corresponding permissions of their owner when executing this script. For example, if the file myfile has 741 permissions, to set suid for it, you only need to add 4 before the permission number (the guid is added to 2, and both are set to 4 + 2 = 6 ),
6. the/etc/passwd file lists the legal user-related information of the system. 7. chown and chkgchown: the owner and administrator of the file can use this command to change the ownership of the file. after the change, the original owner cannot revoke the permission, you must seek help from the administrator. For example, change the owner of myfile from root to zhy (zhy must be valid in/etc/passwd ). Chgrp: change the group to which the file belongs. For example, change the group to which myfile belongs from root to zhy. (# Groups: View all the members in the group where the current logon user is located. # Id: view the information of the currently logged on user # whoami: view the current user logged on to the system. # Groups zhy: view the group of zhy users and group members. User group features provide great convenience for system administrators in system management, but security is also worth noting. for example, a user has the most important content for system management, it is best to allow users to have independent user groups, or set the permissions of files under the user to be completely private. In addition, the root user group should not be easily added to normal users .) 8. the umask command has a default permission for the files created by a user after logging on to the system. this permission can be configured by the administrator or configured by the umask command after the user logs on, this configuration is valid until you exit the shell or use another umask command. Generally, the umask command is set in the/etc/profile File. every user will reference this file during logon. Therefore, if you want to change the umask of all users, you can add corresponding entries to the file. If you want to permanently set your umask value, place it in the. profile or. bash_profile file under your $ home directory. Umask value and weight: run the: # umask command to view the current umask value (the last three digits): You can see that the current umaks value is 022. you can see through the table above, umask has the file permission of 644 and directory permission of 755. If the preceding table is not available, another calculation method is as follows: 777: rwx rwx022: ----w-obtain the directory permission if no matching bit exists in the preceding two rows: replace rwx r-x with a value of 755 (Directory permission), and replace the bitwise of x in the preceding result (rwx r-x) -, is the file permission: rw-r -- change to the value is: 644 (file permission) if you want to change the umask value of the system, you can do this: # umask 007 example: you can see, the file permission has indeed been changed. 9. a symbolic link is a pointer to a file. in my understanding, it is a shortcut in a window:
. Profile is/usr/local/menus/sales. profile shortcut, which is very convenient. for example, if we have multiple users, for example, 50, we can create one for them. the profile File points to the same sales. profile file. we will modify a sales. profile. modify the profile. Command format for creating symbolic links: # ln [-s] source_path target_pathsource_path is the file to be pointed to. target_path is a pointer (shortcut) example: # ln-s/usr/opt/monitor/regstar/reg. log/var/adm/logs/monitor. log usually performs this operation on the newly installed system. create a link to the/tmp directory in the/var directory, because some applications think that the/var/tmp directory exists (but it does not actually exist), some applications save some temporary files in this directory. To place all temporary files in one place, you can use the ln command to create a link to the/tmp directory under the/var Directory: # ln-s/tmp/var/tmp
In the future, if an application tries to put some temporary files under/var/tmp, it is actually stored in the/tmp directory, because/var/tmp is just a symbolic link.
 
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.