1, the Linux file attributes;
The properties of a Linux file or directory mainly include: The node of the file or directory, the type, the permission mode, the number of links, the users and user groups, the time of the most recent visit or modification;
[Root@localhost ~]# Ls-lih
Total 104K
2408949-rwxr-xr-x 1 root 7 04-21 12:47 lsfile.sh
2408830 drwxr-xr-x 2 root 4.0K 04-21 12:46 mkuml-2004.07.17
2408260 drwxr-xr-x 2 root 4.0K 04-21 22:15 Mydir
2408258 lrwxrwxrwx 1 root 7 04-21 22:16 sun001.txt-> sun.txt
2408263-rw-r--r--2 root 04-20 14:17 sun002.txt
2408263-rw-r--r--2 root 04-20 14:17 sun.txt
Explain:
First column: Inode; second column: File types and Permissions; The third column: The number of hard links; fourth column: owner;
Column Fifth: The group to which you belong; column sixth: file or directory size; seventh and eighth columns: last accessed or modified; Nineth column: file name or directory name
We take lsfile.sh as an example:
2408949-rwxr-xr-x 1 root 7 04-21 12:47 lsfile.sh
The value of the inode is: 2408949
File type: File type is-, indicates that this is a normal file; For the type of file, refer to: Linux file types and file extensions
File permissions: File permissions are rwxr-xr-x, means that the file is the main readable, writable, executable, file attribution of the user group can be read executable, other users can read executable;
Number of hard Links: lsfile.sh This file does not have a hard link, because the value is 1, is his own;
File owner: Which is the file to which users, it is attributed to root, that is, the first root;
File group: That is to say, for this file, it belongs to which user group, where is the root group;
File size: File size is 7 bytes;
Access can be modified: The time here is the last access time, the last access and file was modified or created time, sometimes not consistent;
Of course the attributes of the document are not just those, these are some of our most common attributes. We have to say more important, such as the types of documents, permissions, the number of hard links ...
2, about the inode;
An inode is an index node that is translated into Chinese. Partition of each storage device or storage device (storage device is hard disk, floppy disk, u disk ...) After being formatted as a file system, there should be two parts, one for the inode and the other for the Block,block to store the data. The inode is the information that is used to store the data, including the file size, the owner, the attribution user group, the read and write permissions, and so on. The Inode indexes information for each file, so there is a value for the inode. The operating system according to the instruction, can through the Inode value the quickest to find the corresponding file.
A metaphor, such as a book, a storage device or partition is the equivalent of this book, block is equivalent to every page in the book, the Inode is equivalent to this book in front of the directory, a book has a lot of content, if you want to find a part of the content, we can first check the directory, through the directory to find the fastest we want to see the content. Although not very appropriate, but still relatively image.
When we use LS to view a directory or file, if you add the-i parameter, we can see the inode node, such as the example we mentioned earlier;
[Root@localhost ~]# Ls-li lsfile.sh
2408949-rwxr-xr-x 1 root 7 04-21 12:47 lsfile.sh
The inode value of the lsfile.sh is 2408949; View the inode of a file or directory through the-i parameter of the LS command.
2.1 Inode The same file is a hard link file;
In the Linux file system, the file with the same inode value is a hard link file, that is, different file names, the inode may be the same, an inode value can correspond to multiple files. It's not difficult to understand the link file, so take a look at the example. In Linux, linked files are created through the LN tool.
2.2 Create hard links, hard links and source file relationships;
Syntax for creating file hard links in Ln:
# ln Source file target file
Here's an example, in this case, we're going to create its hard link sun002.txt for sun.txt. Then look at the changes in the properties of Sun.txt and Sun002.txt;
[Root@localhost ~]# Ls-li sun.txt Note: View the properties of the Sun.txt;
2408263-rw-r--r--1 root 04-22 21:02 sun.txt Note: This is the Sun.txt attribute;
[root@localhost ~]# ln sun.txt sun002.txt Note: We created the Sun.txt hard link file through ln) sun002.txt
[Root@localhost ~]# Ls-li sun* Note: Let's make a list of sun.txt and Sun002.txt
2408263-rw-r--r--2 root 04-22 21:02 sun002.txt
2408263-rw-r--r--2 root 04-22 21:02 sun.txt
We can see Sun.txt the number of links is 1 (that is, the value after-rw-r--r--) without creating a hard link file sun002.txt, which creates a hard link sun002.txt when created, this value becomes 2. In other words, each time we create a new hard link file for Sun.txt, the number of hard links will increase by 1.
Inode values the same file, their relationship is hard linked to each other. When we modify the contents of one of the files, the contents of each file that is hard linked are also changed. If we delete a file that is a hard link relationship, the other files are not affected. For example, after we delete the sun.txt, we can still see the contents of Sun002.txt, and sun002.txt still exist.
It can be so understood that each of the files that are hard linked relationships, they seem to be clones, their properties are almost exactly the same; In the following example, we delete the sun.txt, and then we see if Sun002.txt can see its contents.
[Root@localhost ~]# RM-RF Sun.txt
[Root@localhost ~]# more Sun002.txt
Note: Hard links cannot be created for directories, only files can create hard links.
2.3 The creation of soft links, and the relationship between the soft link and the source file;
The syntax for creating soft links (also known as symbolic links);
# ln-s source file or directory destination file or directory
Soft link is also called symbolic link, he and hard link is different, soft link file is only a mark of its source file. When we delete the source file, the linked file cannot exist independently, although the file name is still preserved, but we cannot view the contents of the soft link file.
[Root@localhost ~]# Ls-li Linuxsir001.txt
2408274-rw-r--r--1 root 04-22 21:53 linuxsir001.txt
[Root@localhost ~]# ln-s linuxsir001.txt linuxsir002.txt
[Root@localhost ~]# Ls-li linuxsir001.txt linuxsir002.txt
2408274-rw-r--r--1 root 04-22 21:53 linuxsir001.txt
2408795 lrwxrwxrwx 1 root 04-22 21:54 linuxsir002.txt->
Explain
For the above example, first we look at the properties of the linuxsir001.txt, such as the inode, the type of file they belong to, the time of creation or modification ... Let's make a comparison:
First, compare nodes: Two files of different nodes;
The second two files belong to different kinds of linuxsir001.txt is-, that is, ordinary documents, and Linuxsir002.txt is L, it is a linked file;
The third two files read and write permissions different linuxsir001.txt is rw-r--r--, and Linuxsir002.txt Read and write permission is rwxrwxrwx
The number of hard links in the third two is the same; it's 1.
The owner and the user group of the four two files are the same;
The time of modification (or access, creation) is different;
We also noticed that the linuxsir002.txt is followed by a tag, which means that linuxsir002.txt is a linuxsir001.txt soft link file.
It is worth noting that when we modify the contents of the linked file, it means that we are modifying the contents of the source file. Of course the properties of the source file will also change, and the properties of the linked file will not change. When we delete the source file, the link file only has a filename, because the source file is lost, so the soft link file does not exist. This point is different from the hard link;
[Root@localhost ~]# rm-rf linuxsir001.txt Note: Delete linuxsir001.txt
[Root@localhost ~]# Ls-li linuxsir002.txt Note: View the properties of the linuxsir002;
2408795 lrwxrwxrwx 1 root 04-22 21:54 linuxsir002.txt->
[Root@localhost ~]# More linuxsir002.txt Note: View the contents of the Linuxsir002.txt;
Linuxsir002.txt: No file or directory Note: Get prompt, Linuxsir002.txt does not exist.
The above example tells us that if a linked file loses its source, it means that he no longer exists;
We can see the soft link file, is actually just a mark of the source file, when the source file is lost, he also exists. Soft link files only occupy the inode to store information such as soft link file attributes, but the file store points to the source file.
Software links that can be used for files or directories. Whether it's a soft link or a hard link, you can delete it with RM. The RM tools are generic.
3. type of file;
When displaying the properties of a file or directory using the long format of the LS instruction;
[Root@localhost ~]# Ls-lih
Total 104K
2408949-rwxr-xr-x 1 root 7 04-21 12:47 lsfile.sh
2408830 drwxr-xr-x 2 root 4.0K 04-21 12:46 mkuml-2004.07.17
2408260 drwxr-xr-x 2 root 4.0K 04-21 22:15 Mydir
2408258 lrwxrwxrwx 1 root 7 04-21 22:16 sun001.txt-> sun.txt
2408263-rw-r--r--2 root 04-20 14:17 sun002.txt
2408263-rw-r--r--2 root 04-20 14:17 sun.txt
Let's take a look at the lsfile.sh line, which has a field-rwxr-xr-x. This field includes two information, one is the file type, the other is the permissions of the file; The file type is the first character, and the lsfile.sh file belongs to the kind of file. The same mkuml-2004.07.17 this paragraph is drwxr-xr-x, it belongs to the type of file should be D;sun001.txt file, the corresponding lrwxrwxrwx,sun001.txt of the type of file belong to-L.
We can know that Linux files can be divided into such as ordinary files, directories, symbolic link files, characters and block device files, sets of interface files.
For more information, please refer to "Linux file type and file extension"
4, the authority of the document;
Linux files or directory permissions are associated with users and user groups, so understanding this part of the content, you first need to understand the Linux user management knowledge. Refer to: Linux User (user) and group Management Overview. If you are a novice, to the documentation of this document also understand, this is really important for you to understand this article;
Each file or directory has a set of 9 permission bits, each of which is divided into one group, each of which is a sovereign limit (three locations), a user group permission bit (three locations), and other user privilege bits (three locations). For example Rwxr-xr-x, we can count the 9 locations, and it is these 9 permission bits that control the permissions of the file owner, the user group, and other users.
4.1 On the level of authority;
The permission bits for a Linux file or directory are controlled by 9 permission bits. Each three-bit is a group of file owners (ower) read, write, execute, user Group (group) read, write, execute, and (other) the reading, writing, execution of other users;
File owner: Read R, write W, execute X
User groups: Read R, write W, execute X
Other users: Read R, write W, execute X
If the permission bit is unreadable, not writable, and not executable, it is represented by-.
Read, write, and execute permissions for normal files can be understood in this way:
Readable: means that we can view the reading;
Writable: means that you can modify or delete (although the permission to delete or modify is controlled by the permissions on the parent directory);
Executable: means that if the file can be run, such as a binary file (such as a command), or a script (to use the scripting language interpreter to interpret the run).
Like what:
[Root@localhost ~]# ls-l lsfile.sh
-rwxr-xr-x 1 root 7 04-21 12:47 lsfile.sh
The first character in the first field-rwxr-xr-x is-, which means that lsfile.sh is a normal file;
The lsfile.sh permission is rwxr-xr-x. Represents the lsfile.sh file, the file's owner root, with rwx (readable, writable, executable) permissions, user group root, with r-x (readable, writable) permissions, other users have r-x (readable, writable) permissions. These 9 permissions are connected together as Rwxr-xr-x, that is, lsfile.sh files, the file owner root has readable, writable, executable permissions, all users under the user group root have read executable permissions, and other users have read executable permissions.
View the properties of the file with the Ls-l file, and view the directory's properties as the ls-d directory.
4.2 Commands to change permissions chmod
chmod is a command to change file or directory permissions, but only the owner of the file and the Superuser user root have this permission. There are two ways to change the permissions of a file or directory by chmod, one is through the syntax of the octal system, the other is through mnemonic grammar;
Example:
[Root@localhost ~]# Touch linuxsir007.txt Note: Create Linuxsir007.txt file;
[Root@localhost ~]# Touch linuxsir008.txt Note: Create Linuxsir008.txt file;
[Root@localhost ~]# ls-lh linuxsir007.txt linuxsir008.txt Note: View linuxsir007.txt and Linuxsir008.txt file properties;
-rw-r--r--1 root 0 04-23 20:11 linuxsir007.txt Note: linuxsir007.txt file attributes;
-rw-r--r--1 root 0 04-23 20:11 linuxsir008.txt Note: linuxsir008.txt file attributes;
[Root@localhost ~]# chmod 755 linuxsir007.txt Note: Change octal permissions through linuxsir007.txt syntax;
[Root@localhost ~]# chmod u+x,og+x linuxsir008.txt Note: Change the permissions of Linuxsir008.txt by mnemonic grammar;
[Root@localhost ~]# ls-lh linuxsir007.txt linuxsir008.txt Note: View linuxsir007.txt and Linuxsir008.txt file properties;
-rwxr-xr-x 1 root 0 04-23 20:11 linuxsir007.txt
-rwxr-xr-x 1 root 0 04-23 20:11 linuxsir008.txt
The example above is an example that demonstrates changing permissions through two syntaxes of chmod, and what I want to illustrate is that both approaches achieve the same goal.
This process is:
First: Create Linuxsir007.txt and linuxsir008.txt two files;
Second: View the properties of two files; their permissions are all the same, they are rw-r--r--, which means that the file is readable and readable by the file, and the user group that the file belongs to can read and read by other users;
Third: Change the Linuxsir007.txt's authority through the chmod octal grammar, and change the Linuxsir008.txt's authority through the chmod mnemonic grammar; We use two methods to change the Linuxsir007.txt and Linuxsir008.txt files, by chmod the two different syntax to make two file permissions to achieve the same. In the octal syntax, we used 755, and in mnemonic grammar we used u+x,og+x. Although using two different syntax, but to achieve the same purpose, the final result, we can see two files are rwxr-xr-x permissions. That is, the owner of the file has read-writable executable permissions on the file, the user group to which the file belongs has readable executable permissions, and other users have the ability to read executable.
This leads us to the two methods of changing file or directory permissions through the chmod tool: chmod octal syntax, chmod mnemonic grammar;
4.21 Change the permissions of a file or directory by chmod octal syntax;
As we have already said, the file or directory has a total of 9 locations, the file owner, the group that the file belongs to occupies three bits and other users occupy three locations. Look at an example:
-rwxr-xr-x 1 root 0 04-23 20:11 linuxsir007.txt
Description
is a sovereign limit: Occupy three positions, the order of three places is read R, write W, perform x. If there is no permission, then-. In this example, we see RWX, which means that the owner has permission in three positions of power, that is, readable writable executable;
Group permission bit: occupies three positions, the order of three places is read R, write W, execute x. If there is no permission, then-. In this example, what we see is r-x, where it is written--that means no write permission, the group to which the file belongs has a readable executable, but no permission to write.
Other user permission bits: Occupy three locations, three locations in the order of read R, write W, execute x, if there is no permission, then-. In this example, we look at the other user's permission bit is R-x, in the written position is-, indicates that does not have the Write permission, the file attribution group has the readable executable to the file, but does not have the Write permission.
A numerical description of the octal grammar of chmod;
R 4
W 2
X 1
-0
The owner's permission is expressed in numbers: the sum of the numbers of the three permission bits of the owner. For example in the above example of the owner of the authority is rwx, that is, 4+2+1, should be 7;
The permissions of a group are expressed in numbers: the sum of the added number of that permission digit of the group. For example in the above example of the r-x, that is, 4+0+1, should be 5;
Other user's rights digital expression: the sum of the number of other user permission bits added. For example in the above example is r-x, namely 4+0+1, should be 5;
[Root@localhost ~]# ls-l Sun.txt
-rwxr-xr-x 2 root 04-22 21:02 sun.txt Note: To view the properties of the sun.txt, we see that the Sun.txt's permission bit is rwxr-xr-x, with the octal number indicated to be 755;
[Root@localhost ~]# chmod 644 sun.txt Note: We change its permissions for the owner can read and write, group readable, other users can read, that is, the rw-r--r--, with a digital representation is 644;
[Root@localhost ~]# ls-l Sun.txt
-rw-r--r--2 root 04-22 21:02 sun.txt Note: Is the goal achieved? Yes!
Each three-bit permission code (is the owner, group, other user) combination, there are 8 possible;
Octal Digital Permissions
0---
1--x
2-w-
3-wx
4 r--
5 R-x
6 rw-
7 rwx
Note: We can combine permissions based on the number list above, for example, I want the owner to have rwx (the corresponding number is 7), the group has--x (the corresponding number is 1), other users have---(the corresponding number is 0), so we combine the permissions of each group is Rwx--x---(the corresponding number is 710).
[Root@localhost ~]# ls-l Sun.txt
-rw-r--r--2 root 04-22 21:02 sun.txt
[Root@localhost ~]# chmod 710 Sun.txt
[Root@localhost ~]# ls-l Sun.txt
-rwx--x---2 root 04-22 21:02 sun.txt
If we want to change just the permissions to open the directory, no arguments are added. If you want to change all files or subdirectories below the directory, you should add the-r parameter;
[Root@localhost ~]# ls-ld testdir/
Drwxr-xr-x 3 root root 4096 04-24 11:01 testdir/
[Root@localhost ~]# LS-LR testdir/
Total 4
-rw-r--r--1 root 0 04-24 11:01 sir01.txt
Drwxr-xr-x 2 root root 4096 04-24 11:01 Linuxsir
We only change the permissions of the TestDir, so that it has a primary readable writable, group-readable, other users can read, that is, rw-r--r--, with octal arithmetic should be 644.
[Root@localhost ~]# ls-ld testdir/Note: We look at the TestDir directory permissions are rwxr--r--;
Drwxr-xr-x 3 root root 4096 04-24 11:01 testdir/
[Root@localhost ~]# chmod 644 testdir/
[Root@localhost ~]# ls-ld testdir/
drw-r--r--3 root root 4096 04-24 11:01 testdir/Note: change success;
[Root@localhost ~]# LS-LR testdir/Note: Do we look at the subdirectories under the TestDir directory change?
Try changing the TestDir and its subdirectories and file permissions are changed to rw-r--r--permissions. We need to use the-R parameter;
[Root@localhost ~]# chmod-r 644 testdir/Note: We change all files or subdirectories under TestDir permissions are rw-r--r--
[Root@localhost ~]# ls-ld testdir/
drw-r--r--3 root root 4096 04-24 11:01 testdir/
[Root@localhost ~]# LS-LR testdir/
Total 4
-rw-r--r--1 root 0 04-24 11:01 sir01.txt
drw-r--r--2 root root 4096 04-24 11:01 Linuxsir
It's worth noting that chmod changes all. File in a directory, be careful. For example, we want to change the testdir of all. File permissions for rwxr--r--, but we do not want to change the permissions of the TestDir directory. The following example operation is wrong.
[Root@localhost ~]# ls-ld testdir/
drw-r--r--3 root root 4096 04-24 11:01 testdir/
[Root@localhost ~]# LS-LR testdir/
Total 4
-rw-r--r--1 root 0 04-24 11:01 sir01.txt
drw-r--r--2 root root 4096 04-24 11:01 Linuxsir
[Root@localhost ~]# chmod-r 755 testdir/.* Note: This action will change the permissions of the TestDir directory to rwxr--r--
[Root@localhost ~]# ls-ld testdir/
Drwxr-xr-x 3 root root 4096 04-24 11:01 testdir/
So when you want to change all the. File permissions in a directory, and you want to retain the original permissions for the directory, do not use the. * wildcard character. As for what should be done, I think we all understand. such as the following match;
[Root@localhost ~]# chmod-r 644 testdir/. [a-z]*
The above example chmod matches all files beginning with. A To. Z.
4.22 Change the permissions of a file or directory by chmod the mnemonic grammar;
Chmod's mnemonic syntax is relatively simple, and when it comes to file or directory permissions, it is done in the form of a more intuitive character; in mnemonic grammar, the definition of related letters;
User or user group definition:
U represents the Owner
G Stands for genus Group
O on behalf of other users
A represents the owner, group and other users, that is, the above three users (or groups) of all;
Permission Definition Letter:
R represents Read permission;
W represents write permission;
x represents executive authority;
Permission increase or decrease character:
-delegate minus the relevant authority;
+ representative to increase relevant authority;
Example one:
[Root@localhost ~]# ls-l Linuxsir007.txt
-rwxr-xr-x 1 root 0 04-23 20:11 linuxsir007.txt
[Root@localhost ~]# chmod ugo-x linuxsir007.txt Note: The owner, user group and other users of the implementation of the rights are lost;
[Root@localhost ~]# ls-l Linuxsir007.txt
-rw-r--r--1 root 0 04-23 20:11 linuxsir007.txt
Example two:
[Root@localhost ~]# ls-l Linuxsir007.txt
-rw-r--r--1 root 0 04-23 20:11 linuxsir007.txt
[Root@localhost ~]# chmod u+x linuxsir007.txt Note: Increase execution permissions for the owner of a file
[Root@localhost ~]# ls-l Linuxsir007.txt
-rwxr--r--1 root 0 04-23 20:11 linuxsir007.txt
Example three:
[Root@localhost ~]# ls-l Linuxsir007.txt
-rwxr--r--1 root 0 04-23 20:11 linuxsir007.txt
[Root@localhost ~]# chmod u-x,go+rw linuxsir007.txt Note: minus the file is the main right to execute the document, to increase the group and other users of the document can read and write right;
[Root@localhost ~]# ls-l Linuxsir007.txt
-rw-rw-rw-1 root root 0 04-23 20:11 linuxsir007.txt
Use mnemonic grammar more flexible, combined more convenient;
U=r+x adds read and write permission to the file owner;
Ug=rwx,o=r add read, write, execute permissions to the owner and group, and set read permissions for other users.
A+x to the owner, group and other users of the file to add execution rights;
G=u makes the group and the owner and the permissions of the file the same;
For the setting of directory permissions, use the-R parameter;
As with the Octal method, if we have the same attributes for a directory and its subdirectories and files, we can use the-r argument;
[Root@localhost ~]# chmod-r a+rwx testdir/
[Root@localhost ~]# LS-LR testdir/
Total 4
-rwxrwxrwx 1 root 0 04-24 11:01 sir01.txt
DRWXRWXRWX 2 root root 4096 04-24 11:01 Linuxsir
4.3 Command umask for default permission assignment;
Umask defines the default permissions for a user to create a file or directory by using an octal value. Umask represents a prohibited permission. But the files and directories are a little different.
For a file, the Umask setting is assumed to have octal 666 permissions on the file, and the file's permissions are 666 minus the umask's mask value;
For a directory, the Umask setting is to assume that the file has octal 777 permissions, and the directory octal permission 777 subtracts the Umask mask value;
Example one:
[Root@localhost ~]# umask 066
[Root@localhost ~]# mkdir testdir003
[Root@localhost ~]# ls-ld testdir003/
Drwx--x--x 2 root root 4096 04-24 15:01 testdir003/
[Root@localhost ~]# Ls-lh Sun998.txt
-RW-------1 root 0 04-25 15:57 sun998.txt
Example two:
The permissions of the system user's home directory are specified in the configuration file, such as the/etc/login.defs file used in Fedora;
One such paragraph is:
Create_home Yes
UMASK 077
It means that when we create a user, the value of his home directory umask is 077. How do we understand this 077? When the user adds, the system automatically creates the user's home directory in/home and sets its permissions to 777-077=700, that is, the rwx------; Do we look at the home directory of a user under/home?
[Root@localhost ~]# ls-ld ~beinan
DRWX------Beinan Beinan 4096 04-24 15:08/home/beinan
Umask are generally placed in the user-related shell configuration file, such as the user's home directory of the. bashrc or. Profile, can also be placed in a global user profile, such as/etc/login.defs, can also be placed in the shell global configuration file, such as/ Etc/profile or/ETC/BASHRC or/ETC/CSH.CSHRC;
Umask is placed in the related configuration file, so that when an administrator creates a user, the system automatically configures the default permission code for the user when the file or directory is created.
5, setuid and setgid position;
This part of the content as an understanding, look on the line;
5.1 setuid and Setgid's commentary;
Setuid and setgid bits are programs or commands that allow ordinary users to run only the root account in the root user's role. For example, we use ordinary users to run the passwd command to change their password, in fact, the final change is the/etc/passwd file. We know that the/etc/passwd file is a user-managed profile, and only users with root permissions can change it.
[Root@localhost ~]# ls-l/etc/passwd
-rw-r--r--1 root root 2379 04-21 13:18/etc/passwd
As a common user if you modify your password by modifying the/etc/passwd is certainly not complete task, but it can be modified by a command. The answer is yes, as an ordinary user can modify their password by passwd. This is due to the permissions of the passwd command. Let's take a look;
[Root@localhost ~]# ls-l/usr/bin/passwd
-r-s--x--x 1 root root 21944 02-12 16:15/usr/bin/passwd
Because the/usr/bin/passwd file has been set setuid permission bit (that is, r-s--x--x in the s), so ordinary users can temporarily become root, indirectly modify the/etc/passwd to modify their own password permissions.
We have mentioned this in the "control of super rights in Linux systems." We know that Linux user management is very strict, different users have different permissions, in order to complete only root users to complete the work, we have to elevate the rights of ordinary users, the most common method is Su or sudo. Although Setuid and setgid is also let ordinary users beyond their own ordinary permissions to reach the root of the method, but I do not recommend that you use, because it can bring security risks to the system!!
Note: setuid and setgid will face the risk, so as little as possible, to understand the understanding can be ~ ~ ~
Examples of 5.2 setuid and setgid applications;
We want an ordinary user Beinan to have the root user has the Super RM deletion privilege, what else can we do besides using SU or sudo to temporarily switch to the root identity operation???
[root@localhost ~] #cd/home Note: Enter/home directory
[Root@localhost home]# Touch beinantest.txt Note: Create a test file;
[Root@localhost home]# ls-l beinantest.txt Note: View file properties;
-rw-r--r--1 root 0 04-24 18:03 beinantest.txt Note: file properties;
[Root@localhost home]# su beinan NOTE: switch to normal user Beinan
[Beinan@localhost home]$ rm-rf beinantest.txt Note: delete beinantest.txt files as normal user;
RM: Cannot delete "Beinantest.txt": Insufficient permissions
So how do we get Beinan, the average user, to have the root super RM removal capability?
[Root@localhost ~]# ls-l/bin/rm
-rwxr-xr-x 1 root root 93876 02-11 14:43/bin/rm
[Root@localhost ~]# chmod 4755/bin/rm Note: Set RM permission to 4755, set the setuid bit.
[Root@localhost ~]# ls-l/bin/rm
-rwsr-xr-x 1 root root 43980 02-11 14:43/bin/rm
[Root@localhost ~]# cd/home/
[Root@localhost home]# su beinan NOTE: Switch to Beinan user identity;
[Root@localhost home]$ ls-l beinantest.txt Note: View file properties;
-rw-r--r--1 root 0 04-24 18:03 beinantest.txt Note: file properties;
[Beinan@localhost home]$ rm-rf beinantest.txt Note: delete beinantest.txt file;
We just set the RM setuid bit so that ordinary users have super root deletion super Power on the RM directive.
With this example, we should be able to understand the application of setuid and Setgid bits, as mentioned above, so that ordinary users can go beyond their capabilities and allow ordinary users to execute commands that only root can execute. At this point, we want to differentiate with Su and sudo. See also the SU and sudo documentation: "Super privilege Control in Linux systems"
5.3 Setuid and setgid method of setting;
The first method: Octal method:
Setuid bit is set with octal 4000,setgid occupies 2000 of the octal system, for example, we mentioned earlier chmod 4755/BIN/RM is the set of setuid bit;
As for the Setuid setting method, just add a number to the front of the octal method that sets the file or directory permission bit by chmod, which is 4. Like what:
[Root@localhost ~]# chmod 4755/bin/rm Note: Set RM permission to 4755, set the setuid bit.
As the Setgid bit occupies 2000 bits of octal, we give an example below;
[Root@localhost ~]# cd/home/
[Root@localhost home]# mkdir Slackdir
[Root@localhost home]# ls-ld slackdir/
Drwxr-xr-x 2 root root 4096 04-24 18:25 slackdir/
[Root@localhost home]# chmod 2755 slackdir/
[Root@localhost home]# ls-ld slackdir/
Drwxr-sr-x 2 root root 4096 04-24 18:25 slackdir/
We see slackdir This directory, after changing the permissions, the directory to the user group of the three permission bits are r-s. If we see a lowercase s, the user group bit that the file belongs to has Execute permission x. Because we used 2755, this means that the owner of the document has read and write executable rights, the user group belonging to have read executable permission, and set the setuid, so the user group that the file belonged to has R-x, now add the setgid bit, put the X into S. If the user group to which the file belongs does not have permission to execute, the permission should be S. This principle is also true of the uppercase s and lowercase s in the setuid bit. See the example below;
[Root@localhost home]# chmod 2740 slackdir/
[Root@localhost home]# ls-ld slackdir/
Drwxr-s---2 root root 4096 04-24 18:25 slackdir/
This example is because the group that the directory Slackdir belongs to does not have execute permissions, and it was originally displayed on the execution permission bit--because of the setuid, it is displayed as S.
How do we run a command if we have a primary readable writable executable for a file, a group that belongs to a readable executable, another user can read the executable, and the setuid and setgid bits are set at the same time?
[Root@localhost ~]# Touch Gooddoc.txt
[Root@localhost ~]# ls-l Gooddoc.txt
-rw-r--r--1 root 0 04-24 18:47 gooddoc.txt
[Root@localhost ~]# chmod 6755 gooddoc.txt
[Root@localhost ~]# ls-l Gooddoc.txt
-rwsr-sr-x 1 root 0 04-24 18:47 gooddoc.txt
So, setting setuid and setgid at the same time adds the value of setuid and Setgid two octets (4000+2000=6000) and then adds the three-bit value of the file or directory's permission bit (the example above is 755) and then runs through the chmod. So the above example uses 6755.
The second method: through mnemonic grammar;
Or the use of chmod mnemonic grammar, through the u+s or u-s to increase or decrease setuid bit, the same, we can through the G+s or g-s to setgid bit;
[Root@localhost ~]# Touch mydoc.txt Note: Create a file;
[Root@localhost ~]# ls-l Mydoc.txt
-rw-r--r--1 root 0 04-24 19:00 mydoc.txt
[Root@localhost ~]# chmod u+s mydoc.txt
[Root@localhost ~]# ls-l Mydoc.txt
-rwsr--r--1 root 0 04-24 19:00 mydoc.txt
We can also use the file command to view the setuid and setgid bits, and of course file can be used to view the types of files;
Like what:
[Root@localhost ~]# file/usr/bin/passwd
6, paste position and set method;
The understanding of the paste bit, we still first look at an example;
[Root@localhost ~]# ls-ld/tmp/
DRWXRWXRWT root root 4096 04-24 18:36/tmp/
We see the/TMP permission bit the last letter is T. This is where the paste bit is set.
The settings for the paste bit can be set with octal 1000 bits. Like what
[Root@localhost ~]# mkdir Googledir
[Root@localhost ~]# ls-ld googledir/
Drwxr-xr-x 2 root root 4096 04-24 21:59 googledir/
[Root@localhost ~]# chmod 1755 googledir/
[Root@localhost ~]# ls-ld googledir/
Drwxr-xr-t 2 root root 4096 04-24 21:59 googledir/
You can also set it by using the chmod mnemonic syntax. Use the o+t to set the sticky position, use O-t to cancel the pasting bit;
[Root@localhost ~]# ls-ld googledir/
Drwxr-xr-x 2 root root 4096 04-24 21:59 googledir/
[Root@localhost ~]# chmod o+t googledir/
[Root@localhost ~]# ls-ld googledir/
Drwxr-xr-t 2 root root 4096 04-24 21:59 googledir/
The paste bit is now rarely used, but for the/tmp directory, the entire system temporary files are stored, or a little meaning. A directory is open to all of its permissions, and if the rwxrwxrwx is set, no other user can delete the directory unless the owner and root of the directory have permission to delete it. The purpose is generally to open the permissions of a folder, and then to share files, like the/tmp directory.
Advice is best not to use!
7, the ownership of the document or directory relationship;
The ownership of a file or directory is the primary definition of which user is owned by the file and which user group belongs to.
[Root@localhost ~]# ls-ld Dony.txt
-rw-rw-rw-1 root root 0 04-24 15:05 dony.txt
The above example shows that dony.txt this file, its owner is root, the group of attribution is the root group, and the root user has the permissions rw-,root the user group has the right to rw-.
Sometimes we may not understand why Linux has to set the owner and group of files, why do I have to set permissions for owners, groups, and other users? As we have said in previous documents, Linux is a multi-user operating system, and file security is extremely important for Linux, and Linux security is mainly expressed in user management and permissions (user permissions and file permissions) management.
7.1 Change the chown of the document as a relational tool;
When we want to change a group of files, the user we use must be the owner of the file and be a member of the target group, or Superuser. Only Superuser can change the owner of the file.
Chown Syntax:
#chown [Options] ... Owner [: [Group]] file ...
For example: Change the owner of Example.txt document to linuxsirorg user;
[Root@localhost ~]# ls-l Example.txt
-rw-r--r--1 root 0 04-24 22:37 example.txt
[Root@localhost ~]# ls-l Example.txt
-rw-r--r--1 linuxsirorg Root 0 04-24 22:37 example.txt
[Root@localhost ~]# chown beinan:root example.txt
[Root@localhost ~]# ls-l Example.txt
-rw-r--r--1 beinan Root 0 04-24 22:37 example.txt
The new owner and the new genus of chown should be connected by a. Or: A connection, one of which may be null. If the owner is empty, it should be: a group; if the group is empty, then you need not. Or:.
[Root@localhost ~]# ls-l Sun.txt
-rwxr-xr-x 2 root 04-22 21:02 sun.txt
[Root@localhost ~]# chown Beinan sun.txt Note: Change the owner of Sun.txt documents to Beinan;
[Root@localhost ~]# ls-l Sun.txt
-rwxr-xr-x 2 Beinan root 04-22 21:02 sun.txt
[Root@localhost ~]# Chown:beinan sun.txt Note: Change the group of Sun.txt documents to Beinan
[Root@localhost ~]# ls-l Sun.txt
-rwxr-xr-x 2 Beinan Beinan 04-22 21:02 sun.txt
[Root@localhost ~]# chown root:linuxsir sun.txt Note: Change the owner of Sun.txt to root and change the reorganization to Linuxsir user group;
[Root@localhost ~]# ls-l Sun.txt
-rwxr-xr-x 2 root linuxsir 04-22 21:02 sun.txt
The Chown also provides the-R parameter, which is extremely useful for the directory change owner and the group, and we can change all the files in a directory to the new owner or group by adding the-R parameter;
[Root@localhost ~]# ls-ld mydir/Note: View the properties of the Mydir directory
Drwxr-xr-x 2 root root 4096 04-25 09:08 mydir/Note: We found that the owner of this directory is root and the group is root group;
[Root@localhost ~]# LS-LR mydir/Note: We look at what files are in the Mydir directory and their owners and groups;
Total 8
-rwxr-xr-x 2 Beinan linuxsir 04-22 21:02 sun.txt
-rwxr-xr-x 2 Beinan linuxsir 04-22 21:02 sun002.txt
lrwxrwxrwx 1 root 7 04-21 22:16 sun001.txt-> sun.txt
-rw-r--r--1 linuxsirorg Root 0 04-24 22:37 example.txt
-rw-rw-rw-1 Beinan Root 0 04-24 15:05 dony.txt
[Root@localhost ~]# chown-r Beinan:linuxsir mydir/Note: We modify MYDIR and its subordinate directories and all files to new users and user groups;
[Root@localhost ~]# ls-ld mydir/
Drwxr-xr-x 2 Beinan linuxsir 4096 04-25 09:08 mydir/
[Root@localhost ~]# LS-LR mydir/
Total 8
-rwxr-xr-x 2 Beinan linuxsir 04-22 21:02 sun.txt
-rwxr-xr-x 2 Beinan linuxsir 04-22 21:02 sun002.txt
lrwxrwxrwx 1 Beinan linuxsir 7 04-21 22:16 sun001.txt-> sun.txt
-rw-r--r--1 Beinan linuxsir 0 04-24 22:37 example.txt
-rw-rw-rw-1 Beinan linuxsir 0 04-24 15:05 dony.txt
It is worth noting that Chown and chmod are similar, and we change the owner and group of all. File in a directory with care. For example, we want to change the TestDir and all of the. File's owners and reorganizations. The following example operation is wrong.
[Root@localhost ~]# ls-ld/root/Note: View the properties of the/root directory, mainly to see his owners and groups;
Drwxr-xr-x root root 4096 04-25 09:20/root/Note: Owner is root, group is root group;
[Root@localhost ~]# ls-ld/root/testdir/Note: View the owners and groups of the/root/testdir directory;
Drwxr-xr-x 2 root root 4096 04-25 09:20/root/testdir/Note: Owner is root, group is root group;
[Root@localhost ~]# chown-r beinan:beinan/root/testdir/.* Note: Change all files in the/root/testdir directory that begin with. (Note: Suppose we think so)
[Root@localhost ~]# ls-ld/root/Note: View the properties of the/root;
Drwxr-xr-x Beinan Beinan 4096 04-25 09:20/root/Note: See, the TestDir Group of owners and groups in the directory/root also changed.
[Root@localhost ~]# ls-ld/root/testdir/Note: View TestDir
Drwxr-xr-x 2 Beinan beinan 4096 04-25 09:20/root/testdir/
So when we use. * To match the file, there may be a chown error, which will be changed along with the ownership of the parent directory group.
7.2 Change the document of the Group tool CHGRP;
Grammar:
chgrp [parameter options] ... Group File ...
Its users are similar to chown, except that it is used only to change the group of files or directories; the-r parameter is used for all files in the directory and directory to change the genus. This is the same with Chown. Simple to two examples;
Example one:
[Root@localhost ~]# ls-l Sun.txt
-rw-r--r--1 root 0 04-25 09:38 sun.txt
[Root@localhost ~]# chgrp Beinan sun.txt Note: The Sun.txt group was changed Beinan;
[Root@localhost ~]# ls-l Sun.txt
-rw-r--r--1 root beinan 0 04-25 09:38 sun.txt
Example two:
[Root@localhost ~]# ls-ld mydir/
Drwxr-xr-x 2 root root 4096 04-25 09:08 mydir/
[Root@localhost ~]# LS-LR mydir/
Total 8
-rwxr-xr-x 2 root 04-22 21:02 sun.txt
-rwxr-xr-x 2 root 04-22 21:02 sun002.txt
lrwxrwxrwx 1 root 7 04-21 22:16 sun001.txt-> sun.txt
-rw-r--r--1 root 0 04-24 22:37 example.txt
-rw-rw-rw-1 root root 0 04-24 15:05 dony.txt
[Root@localhost ~]# chgrp-r linuxsir mydir/Note: Changes to Mydir and all of the following files and subdirectories of the group is Linuxsir;
[Root@localhost ~]# ls-ld mydir/
Drwxr-xr-x 2 root linuxsir 4096 04-25 09:08 mydir/
[Root@localhost ~]# LS-LR mydir/
Total 8
-rwxr-xr-x 2 root linuxsir 04-22 21:02 sun.txt
-rwxr-xr-x 2 root linuxsir 04-22 21:02 sun002.txt
lrwxrwxrwx 1 root linuxsir 7 04-21 22:16 sun001.txt-> sun.txt
-rw-r--r--1 root linuxsir 0 04-24 22:37 example.txt
-rw-rw-rw-1 root Linuxsir 0 04-24 15:05 dony.txt
7.3 The special circumstances of the document and the group;
[Root@localhost ~]# Ls-lh Sungood.txt
-rw-r--r--1 501 502 04-25 13:45 Sungood.txt
Is the above example a bit strange? Because his owner and group are all a number; This occurs because the user is not present in the system and can only be displayed in digital form. Sometimes we delete the user, but do not delete its home directory, in which case, its home directory of the owners and groups will also become a number;
[Root@localhost ~]# Userdel Linuxsir
[Root@localhost ~]# Ls-ld/home/linuxsir
DRWX------501 502 4096 03-27 02:28/home/linuxsir
8. Factors affecting the reading and writing of documents;
The reason why this part of the content is listed, because this part of the content is based on our user management and file permissions on the basis of understanding. For example, a document read, write, implementation, it will be affected by which aspects.
A file can be read, subject to its owner, group and other user permissions, but also the permissions of its parent directory. Let's give an example;
[Root@localhost ~]# cd/home Note: enter/home directory;
[Root@localhost home]# mkdir redhatdir Note: Create a directory Redhatdir
[Root@localhost home]# Touch redhatdir/test.txt Note: Create a file Test.txt
[Root@localhost home]# chmod redhatdir/Note: Modify the permissions of the Redhatdir, is the main readable writable executable, the group and other users do not have permissions;
[Root@localhost home]# ls-ld redhatdir/Note: View the properties of the Redhatdir;
drwx------2 root root 4096 04-25 13:01 redhatdir/
[Root@localhost home]# LS-LR redhatdir/Note: View the properties of the Test.txt file;
Total 0
-rw-r--r--1 root 0 04-25 13:02 test.txt
[Root@localhost home]# su beinan Note: We switch to normal user Beinan
[Beinan@localhost home]$ CD redhatdir/Note: Enter the Redhatdir directory to Beinan user identity.
bash:cd:redhatdir/: Not enough permissions
[Beinan@localhost home]$ more Redhatdir/test.txt
Redhatdir/test.txt: Not enough permissions
Explanation: We use this example to see why Test.txt has the right to read on other users ' power r--, but we can't see its content with ordinary users yet? This is because his parent directory does not have read permission from other users. We are not redhatdir directory of other users Read permission to open, so that ordinary users Beinan can read the content of Test.txt??
[Root@localhost home]# chmod 704 redhatdir/
[Root@localhost home]# ls-ld redhatdir/
DRWX---r--2 root 4096 04-25 13:02 Redhatdir
[Root@localhost home]# su Beinan
[Beinan@localhost home]$ CD redhatdir/
bash:cd:redhatdir/: Not enough permissions
It seems that if the permissions of the group are not set, only the owner's permissions and other users ' Read permissions in the Redhatdir directory are not accessible to other users; we should open the read, write, and execute of the owner of the Redhatdir of the Test.txt parent directory. You also have to open the Read and Execute permissions for the group of the parent directory, and the read and execute permissions of other users are open, that is, to have Rwxr-xr-x permissions so that other users of the file can access it.
[Root@localhost home]# chmod 755 redhatdir/
[Root@localhost home]# more Redhatdir/test.txt
As if this piece is not very clear, if you do not understand, a lot of chmod practice, there is no difficulty.
In fact, the ultimate goal of assigning permissions to files is to let the owner of the file have what permissions, so that users under the group have what permissions, so that other users have what permissions. File permissions are associated with user management, so it's important to understand user management.
9. The time when the document was modified or visited;
[Root@localhost ~]# ls-l adduml02.sh
-rwxr-xr-x 1 root root 545 04-21 22:26 adduml02.sh
When we look at the properties of a file, we find its time tag, such as the 04-21 22:26 above. This time does not mean that when a file is created, it represents the time when the file was accessed or modified. The time to modify the file is better understood, such as we can use the editor to modify the text file, and then save, so that the time of the file changed.
Of course, there are other tools that do not modify the contents of the file, only the time to modify the file, this can be called access time. For example, touch tools can achieve this goal.
[Root@localhost ~]# ls-l adduml02.sh
-rwxr-xr-x 1 root root 545 04-21 22:26 adduml02.sh
[Root@localhost ~]# Touch adduml02.sh Note: Update file access time becomes the current system time;
[Root@localhost ~]# ls-l adduml02.sh
-rwxr-xr-x 1 root root 545 04-25 11:21 adduml02.sh
For more on touch use, see: Man Touch or Touch--help
10, file attributes and file system attributes of the relationship;
The characteristics of the file system determine the definition and modification of the file attributes, such as we use the chattr to lock a file is not modifiable or can not be deleted when the chattr of the +i parameters should be used; This is valid in the ext2 and ext3 file systems, but it has no effect on the ReiserFS file system;
[Root@localhost ~]# chattr +i lsfile.sh
[Root@localhost ~]# lsattr lsfile.sh
----I--------lsfile.sh
[Root@localhost ~]# RM-RF lsfile.sh
RM: Unable to delete "lsfile.sh": Operation not allowed
Note: If the lsfile.sh can be modified to be deleted, the-I parameter should be used;
For example, in the ext3 or ext2 file system, we want a file to append content, but not delete it. You should use the chattr +a parameter.
If you are using the Ext3 file system and want to see Chattr's help, please man chattr.