Linux file ACL and compression archiving

Extension flag of file permission management:-rwsrwxrwxSUID: When a file carries a suid, the file is added with executable permissions by default, and all users have temporary administrator permissions to execute the file. Flag:-rwxrwsrwxSGID: When a directory file carries a sgid, all users create a file in this directory...

 

Expansion of file permission management

Flag:-rwsrwxrwx

SUID: When a file has a suid, the file is assigned executable permissions by default, and all users have temporary administrator permissions to execute the file.

 

Flag:-rwxrwsrwx

SGID: When a directory file contains an sgid, all users create a file group under this directory as the BASIC group of this directory.

 

Flag:-rwxrwxrwt

Sticky: When a directory file contains sticky, all users cannot delete files whose owner is not their own.

 

Practical application:

There are two normal users, redhat and gentoo, who want to allow both of them to access the develop folder and both sides can modify the files created by each other but cannot delete them.

 

Solution:

1. create a file develop

Mkdir develop

Create a new devgrp group and change the basic group of develop to this group.

Groupadd devgrp

Chown: devgrp develop

Change the folder permission to-rwxrws-T

Chomod 3770 develop # First 3 indicates that the owner group of the files created by the dual-User is devgrp, so that they can have homogeneous group permissions to modify the files of the other user and cannot delete the files.

2. add an additional group devgrp to the dual-account

Usermod-aG devgrp redhat

Usermod-aG devgrp gentoo

 

 

System default permission umask concept

When different users create a file, the file permission is set by default:

Directory file = 777-umask

Common file = 666-umask

If the calculation result is an odd number, add one and use it as the final permission (to prevent execution permission generation)

 

File access control list

 

The purpose is to give normal users the permission to access their own file rules.

Add an acl:

Setfacl-m u: user name: permission file # Add file permissions to the specified user

Setfacl-m g: Group name: permission file # Add file permissions to the specified group

Eg:

# Setfacl-m u: student: wrx redhat. c

Drwxrwxr-x + 2 root 4096 Aug 2 redhat. c

The "+" number is added after the permission.

 

Acl view:

Run the getfacl command to view the file access control list.

[Root @ server28 tmp] # getfacl redhat. c

# File: redhat. c

# Owner: root

# Group: root

User: rwx

User: student: rwx

Group: r-x

Mask: rwx

Other: r-x

 

Delete an acl:

[Root @ server28 tmp] # setfacl-x u: student redhat. c/

Delete the acl of the corresponding user on the file

[Root @ server28 tmp] # getfacl redhat. c

# File: redhat. c

# Owner: root

# Group: root

User: rwx

Group: r-x

Mask: r-x

Other: r-x

 

Delete All ACLS:

[Root @ server28 tmp] # setfacl-B redhat. c/

[Root @ server28 tmp] # getfacl redhat. c

# File: redhat. c

# Owner: root

# Group: root

User: rwx

Group: r-x

Other: r-x

Note: the acl mask has been deleted.

 

The so-called mask is similar to the subnet mask, and has all its acl permissions, which can only be less than or equal to its permissions.

 

Acl mask settings:

[Root @ server28 redhat. c] # setfacl-m: rx test

[Root @ server28 redhat. c] # getfacl test

# File: test

# Owner: root

# Group: root

User: rw-

User: redhat: rwx # valid tive: r-x at this time, the system has automatically indicated that the message is affected by the mask.

Group: r --

Mask: r-x

Other: r --

 

Default acl:

The default acl is only valid for directory files, indicating that all files created in the directory inherit the acl of the Directory.

[Root @ server28 tmp] # setfacl-m d: u: redhat: rwx redhat. c/

[Root @ server28 tmp] # getfacl redhat. c/

# File: redhat. c

# Owner: root

# Group: root

User: rwx

Group: r-x

Other: r-x

Default: user: rwx # this row indicates the default permission.

Default: user: redhat: rwx

Default: group: r-x

Default: mask: rwx

Default: other: r-x

 

Common centralized compression and archiving programs

Gzip option file

Gzip compressed file and delete source file

Option:

-D decompression

-N specifies the compression ratio (1-9)

Zcat can view the file content without any pressure

ZIP File extension:. gz

 

Bzip2 option to compress the source file of the target File (multiple files are allowed)

Bzip2 option File (meaning compressing this file to the current directory)

Option

-D decompression

-K compression retains the source file

View the compressed package content when bzcat is not pressed

ZIP File suffix:. bz2

 

Note: Neither gzip nor bzip2 supports document compression.

 

Tar option to compress the source file of the target File (multiple subdirectories are allowed)

Common compression formats

Tar zcvf MYFILE.tar.gz source ..

Z for gzip compression

C. create a compressed file

V shows the compression process

F followed by the file name

 

Tar jcvf MYFILE.tar.bz2 source ..

J. perform bzip2 compression

 

Extract

Tar xf compressed package [-C destination path]

If-C is not added, the current directory is used by default.

 

Note: When tar is compressed, the original file is retained and the folder is archived and compressed.

 

 

This article is from "Welcome Amigo !" Blog