Expansion of File Permission Management
Flag:-rwsrwxrwx
SUID: When a file has a suid, the file is assigned executable permissions by default, and all users have temporary administrator permissions to execute the file.
Flag:-rwxrwsrwx
SGID: When a directory file contains an sgid, all users create a file group under this directory as the basic group of this directory.
Flag:-rwxrwxrwt
Sticky: When a directory file contains sticky, all users cannot delete files whose owner is not their own.
Practical application:
There are two normal users, redhat and gentoo, who want to allow both of them to access the develop folder and both sides can modify the files created by each other but cannot delete them.
Solution:
1. Create a file develop
Mkdir develop
Create a new devgrp group and change the basic group of develop to this group.
Groupadd devgrp
Chown: devgrp develop
Change the folder permission to-rwxrws-T
Chomod 3770 develop # first 3 indicates that the owner Group of the files created by the dual-user is devgrp, so that they can have homogeneous group permissions to modify the files of the other user and cannot delete the files.
2. add an additional group devgrp to the dual-account
Usermod-aG devgrp redhat
Usermod-aG devgrp gentoo
System default permission umask Concept
When different users create a file, the File Permission is set by default:
Directory file = 777-umask
Common file = 666-umask
If the calculation result is an odd number, add one and use it as the final permission (to prevent execution permission generation)
File access control list
The purpose is to give normal users the permission to access their own file rules.
Add an acl:
Setfacl-m u: User name: Permission file # Add file permissions to the specified user
Setfacl-m g: group name: Permission file # Add file permissions to the specified group
Eg:
# Setfacl-m u: student: wrx redhat. c
Drwxrwxr-x + 2 root 4096 Aug 2 redhat. c
The "+" number is added after the permission.
Acl View:
Run the getfacl command to view the File Access Control List.
[Root @ server28 tmp] # getfacl redhat. c
# File: redhat. c
# Owner: root
# Group: root
User: rwx
User: student: rwx
Group: r-x
Mask: rwx
Other: r-x
Delete an acl:
[Root @ server28 tmp] # setfacl-x u: student redhat. c/
Delete the acl of the corresponding user on the file
[Root @ server28 tmp] # getfacl redhat. c
# File: redhat. c
# Owner: root
# Group: root
User: rwx
Group: r-x
Mask: r-x
Other: r-x
Delete all ACLs:
[Root @ server28 tmp] # setfacl-B redhat. c/
[Root @ server28 tmp] # getfacl redhat. c
# File: redhat. c
# Owner: root
# Group: root
User: rwx
Group: r-x
Other: r-x
Note: The acl mask has been deleted.
The so-called mask is similar to the subnet mask, and has all its acl permissions, which can only be less than or equal to its permissions.
Acl mask settings:
[Root @ server28 redhat. c] # setfacl-m: rx test
[Root @ server28 redhat. c] # getfacl test
# File: test
# Owner: root
# Group: root
User: rw-
User: redhat: rwx # valid tive: r-x at this time, the system has automatically indicated that the message is affected by the mask.
Group: r --
Mask: r-x
Other: r --
Default acl:
The default acl is only valid for directory files, indicating that all files created in the directory inherit the acl of the directory.
[Root @ server28 tmp] # setfacl-m d: u: redhat: rwx redhat. c/
[Root @ server28 tmp] # getfacl redhat. c/
# File: redhat. c
# Owner: root
# Group: root
User: rwx
Group: r-x
Other: r-x
Default: user: rwx # This row indicates the default permission.
Default: user: redhat: rwx
Default: group: r-x
Default: mask: rwx
Default: other: r-x
Common centralized compression and archiving programs
Gzip option File
Gzip compressed file and delete source file
Option:
-D Decompression
-N specifies the compression ratio (1-9)
Zcat can view the file content without any pressure
ZIP file extension:. gz
Bzip2 option to compress the source file of the target file (multiple files are allowed)
Bzip2 option file (meaning compressing this file to the current directory)
Option
-D Decompression
-K compression retains the source file
View the compressed Package content when bzcat is not pressed
ZIP file Suffix:. bz2
Note: neither gzip nor bzip2 supports document compression.
Tar option to compress the source file of the target file (multiple subdirectories are allowed)
Common compression formats
Tar zcvf MYFILE.tar.gz source ..
Z for gzip Compression
C. Create a compressed file
V shows the compression process
F followed by the file name
Tar jcvf MYFILE.tar.bz2 source ..
J. Perform bzip2 Compression
Extract
Tar xf compressed package [-C Destination path]
If-C is not added, the current directory is used by default.
Note: When tar is compressed, the original file is retained and the folder is archived and compressed.
This article is from "Welcome Amigo !" Blog