Linux file permissions and directory configuration

Source: Internet
Author: User
Tags memcached

I. Linux file attributes and permissions
1. File/Directory Properties view
(1) File Properties view
[[email protected] ~]# ls-l file
-Rw-r--r--. 1 root root 0 November 23:55 file
Type file permissions Connection number file owner file All group size last modified time name
(2) View directory properties
[Email protected] ~]# LS-LD test
D rwxr-xr-x. 2 root root 6 November 23:56 test
Type permissions Connection number directory owner directory all group sub-file attribute size directory content change directory name

Note: 1. The first character of a file name is "." Files are hidden files and viewed with "Ls-al"
2. The size of the file, in units B.
3. Display the full time format with "Ls-l--full-time".

(3) Meaning of file permission

A. Meaning of the document

R: Readable permission to view file contents using commands like Cat

W: can edit and delete files

X: You can run this file

B. Implications for the directory

R: You can view the contents of the file in the directory, such as LS

W: You can create a file or directory in this directory, but you must have permissions for X.

X: You can use the CD command to cut into this directory or use Ls-l to view the details of the files in that directory.


2. Changing file attributes and Permissions
(1) User group to which the file belongs

The CHGRP command is used to change the group to which the file or directory belongs.

Command structure:
CHGRP (-R) user group name/gid file/directory # #改变文件/directory belongs to user group

CHGRP (-R)--reference= filename to modify the file name # #将要修改的文件的所属组改为和前者文件一致的所属组, the previous file is the referenced file, and the latter file is the modified one.

note: The changed group name must exist within the/etc/group file, otherwise an error is displayed.
[[email protected] ~]# chgrp test file
Chgrp:invalid group: ' Test '                       # # The test user group does not exist
[[email protected] ~]# ls-l test.txt
-rw-r--r--1 root root 0 August    4 10 : Test.txt
[[email protected] ~]# chgrp + test.txt         # #以gid为参数修改, 38 is the GID for NTP.
[[email protected] ~]# ls-l test.txt
-rw-r--r--1 root ntp 0 August    4 10:36 test.tx T

[Email protected] ~]# ls-l file.sh
-rw-r--r--1 root root 0 August 4 10:37 file.sh
[Email protected] ~]# chgrp--reference=/root/test.txt file.sh
[Email protected] ~]# ls-l file.sh
-rw-r--r--1 root ntp 0 August 4 10:37 file.sh

(2) Change file permissions

chmod: Not everyone can use Chown to change file permissions, except root, the rest of the user can only change the owner of the file or directory.
Note: When copying a file/directory to a user, the properties and permissions of the file/directory will not change after copying, you need to change the file owner and the owning group with Chown.

chmod has four ways of changing: empowering, authorizing, octal changes, referencing file changes.

Change parameter:-O (Other): Change permissions for other users

-G (Group): Change group permissions

-U (user): Change owner permissions

A (All): Change all user rights (change all of the above three)

Command structure:

chmod permissions File/Directory # #改变文件/directory Permissions

A. Empowerment notation

Use "=" to make the right change, directly replace the original permissions of the file, change to the specified permissions.

[Email protected] ~]# chmod u=rwx file.sh
[Email protected] ~]# ls-l file.sh
-rwxr--r--1 root NTP 0 August 4 10:37 file.sh

B. Authorized representation

Use "+" "-" to make authorization changes, meaning to increase or decrease permissions on the original permissions

[Email protected] ~]# chmod u-w,g-r,o-r file.sh
[Email protected] ~]# ls-l file.sh
-r-x------1 root NTP 0 August 4 10:37 file.sh

C. Eight binary notation

Use octal such as: "777" directly to the directory or file permission changes.

[Email protected] ~]# chmod 644 file.sh
[Email protected] ~]# ls-l file.sh
-rw-r--r--1 root NTP 0 August 4 10:37 file.sh

D. Reference to document notation

Use the option "--reference= file" to make the change, meaning that permission changes are made to the currently specified file, referring to the permissions of the specified file, and the result is consistent with the permissions of the referenced file.

[Email protected] ~]# ls-l test.txt
-rwxr-xr-x 1 root NTP 0 August 4 10:36 test.txt
[Email protected] ~]# ls-l file.sh
-rw-r--r--1 root NTP 0 August 4 10:37 file.sh
[Email protected] ~]# chmod--reference=/root/test.txt file.sh
[Email protected] ~]# ls-l file.sh
-rwxr-xr-x 1 root NTP 0 August 4 10:37 file.sh

Note: The first and second types can only be changed for one class of users, and the third and fourth cannot change a class of users individually.
Note: The changed username/group name must exist within the/etc/passwd and/etc/group files, otherwise an error is displayed.


(3) Change of document belongs to the main genus Group

Chown is used to modify the owner and owner of a file or directory, the root user can make changes to all files or directories belonging to the host group, the ordinary user only can change the owner's own files or directories, the command can also use the reference file modification method.

Command structure:

Chown (-R) main name: Group name File/directory # #改变属主属组

Chown (-R)--reference= referenced file file

[Email protected] ~]# chown apache:memcached file.sh
[Email protected] ~]# ls-l file.sh
-rwxr-xr-x 1 Apache memcached 0 August 4 10:37 file.sh


[Email protected] ~]# ls-l test.txt
-rwxr-xr-x 1 root NTP 0 August 4 10:36 test.txt
[Email protected] ~]# chown--reference=/root/test.txt file.sh
[Email protected] ~]# ls-l file.sh
-rwxr-xr-x 1 root NTP 0 August 4 10:37 file.sh

Note: If you also need to modify the same generic group of files and directories under the directory file for the directory change, you can use the "-r" parameter to represent the recursively modified file in the directory.

A. If you only modify the genus Group of a file, you can use the colon + genus group name to indicate that only the genus Group is modified, and the principal is unchanged.

B. If only the owner is modified, the user name can be written directly, and the group will be unchanged.


3. The meaning of File/directory permissions
(1) files are used to record data, including generic text files, database content files, binary executables, and so on.
    #若文件给 "w" permission, you should give the "R" permission. Whether the file can be executed is determined by the presence of an "X" permission.
    #文件具备 "w" permissions, you Can "write, edit, add, modify" The contents of the file, the ordinary user can not delete the file, the deletion of the file is determined by the "W" permission of the directory. The
(2) directory is the data, the main content is the list of record file names.
    #若目录给 "r" permission, you should give "X" permission. The "W" permission cannot be given casually.
    #目录 "w" Permissions with "new, delete, rename, transfer" files/directories, etc.
    #目录 "x" permission on behalf of the user to enter the directory.

4. Default permissions for Files
(1) View of default permissions
Umask (anti-mask)                                   # #默认用户在新建文件或目录后的权限默认值. (the default is to subtract the permissions.)
[[email protected] ~]# umask
0022                                    # #默认权限为777 -022=755. (for table of contents)

Note: The value of umask is four bits by default, representing: Setuid/setgid/sticky bit (sticky), master permission, group permission, other user's permission. Valid values are after three bits, and in bash, the first bit must be 0.


the Umask value of the system Superuser root is 0022, while the remaining user's Umask value is 0002. The user creates a "file", default does not execute the permission "x", so the default value is 666, the directory defaults to 777, when the directory or file is created, Need to subtract the corresponding Umask value is the final permission of the directory or file. So root creates a directory permission of 755, with a file permission of 644. The remaining user creates a directory permission of 775 and the file permission is 664.


Why does the system have to pass the Umask value to create a file or directory.

Because the system defaults to creating files or directories with permissions of 666 and 777, it is unsafe to introduce umask values to control user permissions when creating files or directories.

(-RW-RW-RW)-(-----w--w-) ===>-rw-r--r--# #文件
(DRWXRWXRWX)-(d----w--w-) ==>drwxr-xr-x # #目录
(2) Default permission settings
How to set Umask
[Email protected] ~]# umask 002 # #设置默认权限为002
[Email protected] ~]# mkdir Yang
[Email protected] ~]# Ls-ld Yang
Drwxrwxr-x. 2 root root 6 Nov 05:22 Yang
(3) Setting of umask configuration file
VIM/ETC/BASHRC # #71行是普通用户的更改, 73 is a change for super users
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then # #如果UID不在199之内, and the user group name and user name are the same
Umask 002 # #则该用户是普通用户, Umask is 0002,
Else
Umask 022 # #反之为系统用户, umask value is 0022
Fi
Vim/etc/profile # #60行是普通用户的更改, 62 is a change for super users
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then
Umask 002
Else
Umask 022
Fi
Source/etc/bashrc/etc/profile # #让更改立即生效
Note: Two files must be changed in a consistent.

5. Special Permissions
Stickyid # # #强制位
O+t # # #只针对目录, when a directory has T permissions, the files in this directory can only be deleted by the owner of the file
T=1
chmod o+t Directory
chmod 1777 Catalogue
[Email protected] mnt]# mkdir test Yang
[Email protected] mnt]# chmod 777 test
[Email protected] mnt]# chmod 1777 Yang
[Email protected] mnt]# ls-ld test Yang
Drwxrwxrwx. 2 root root 6 Nov-Test
DRWXRWXRWT. 2 root root 4096 Nov 07:59 Yang
[[email protected] mnt]# Touch test/file{1..2}
[[email protected] mnt]# Touch yang/file{1..2}
[Email protected] mnt]# su-student
Last Login:mon Nov 07:56:10 EST. On PTS/1
[Email protected] ~]$ cd/mnt
[Email protected] mnt]$ RM-FR test/file*
[Email protected] mnt]$ RM-FR yang/file*
Rm:cannot remove ' yang/file1 ': Operation not permitted
Rm:cannot remove ' yang/file2 ': Operation not permitted
[[email protected] mnt]$ ls test/
[[email protected] mnt]$ ls yang/
File1 file2


Sgid # # #粘制位
G+s # #针对目录, files created in the directory are automatically attributed to the group in which the directory is located, and for binary files, the program that is logged within the file does not have a relationship with the performer's group identity at execution time, but rather as the identity of all the groups in the binary file.
chmod g+s File|directory
chmod 2777 File|directory
[Email protected] mnt]# mkdir test
[Email protected] mnt]# CHGRP student test
[Email protected] mnt]# chmod 2765 test
[Email protected] mnt]# LS-LD test
Drwxrwsr-x. 2 Root student 6 Nov 07:34 test
[Email protected] mnt]# Touch/mnt/test/file
[Email protected] mnt]# ls-l/mnt/test/file
-rw-r--r--. 1 root student 0 Nov 07:34/mnt/test/file


SUID # # #冒险位
U+s # # #针对文件, file record actions are performed as file owners at execution time, regardless of who originated it.
chmod u+s File
chmod 4777 File
[Email protected] mnt]# Cp/bin/touch.
[Email protected] mnt]# chmod 4755 Touch
[Email protected] mnt]# ls-l
Total 64
-rwsr-xr-x. 1 root root 62432 Nov 07:35 Touch
[Email protected] mnt]# ls-l
Total 64
-rwsr-xr-x. 1 root root 62432 Nov 07:35 Touch
[[email protected] ~]$/mnt/touch file
[email protected] ~]$ Touch file1
[Email protected] ~]$ ls-l
-rw-rw-r--. 1 root student 0 Nov 07:37 file
-rw-rw-r--. 1 Student Student 0 Nov 07:40 file

########################################################


Two. linux file type, extension and directory configuration

1. File type, extension
(1) File type
Normal file: The first character is [-].
Plain text file (ASCII)
Binary binary (binary) file
Data Format File
Table of Contents (directory): The first property is [d].
Link file: The first property is [L].
Device and device files: typically concentrated in the/dev directory
Block (biock) device file: Stores data, provides system random access to the interface device, the first property is [b]. Typically a host hardware device.
Character (character) device file: Device with serial interface, the first property is [C]. It is usually an external device.
Sockets (Sockets): Data interface files, data connections that are used on the network. The first property is [s]. This type of file is typically visible in the/var/run directory.
Pipe (Fifo,pipe):
FIFO: Resolves errors caused by multiple programs accessing a file at the same time. The first property is [P].

(2) File extension
Note: There is no executable data in a file and cannot be executed even with the "X" permission.
*.sh: script or batch file. The file was written in shell with the extension *.sh.
*z,*.tar,*.tar.gz,*.zip,*.tgz: Files that have been packaged and compressed.
*.html,*.php: web-related files, page files with HTML syntax and PHP syntax, respectively. html files can be opened directly using the browser, and the. php file can be browsed through the client's browser.

(3) Linux file length limit
Default Ext2,ext3,ext4,xfs file System
Single File/directory: Maximum file name allowable amount is 255 characters
Full path name and directory (/) full file name is 4,096 characters.

2. Directory Configuration
(1) Catalogue
/# #根目录. Files that are stored with the boot system. /etc./bin./dev./lib./sbin should be placed in a partition with the root directory, and similar/usr/local can be located separately in another partition
/bin # #在单用户维护模式下能够操作的命令. Some of the commands under/bin can be used by root and general users, mainly with Cat,chmod,chown,date,mv,mkdir,cp,bash and other commonly used commands.
/sbin # #系统管理命令存放位置, you can only have superuser execution. Most commands ordinary users generally do not have permission to execute, similar to/sbin/ifconfig, ordinary users with absolute path can also be performed to view the current system network configuration.
/Boot # #启动分区, responsible for system startup. The kernel file (vmlinuz) and the Grub System Boot Manager (/boot/grub) are located in this directory for the kernel files that are required for Linux boot and boot system programs.
/dev # #存放设备与设备接口管理文件, accessing a file in this directory is equivalent to accessing a hardware device, often with/dev/null,/dev/zero,/dev/tty,/dev/ip*,/dev/hd*,/dev/sd*.
/etc # #存放大多数系统配置文件, the executable file cannot be placed as a directory read by the default profile when the software starts. /etc/fstab: Store system partition mount information,/ETC/INIT.D: Default startup script for all services. /etc/xinetd.d:super Daemon (Super Daemon) manages the configuration files directory for each service. /ETC/X11: Configuration file for x Windows, Xorg.conf:XServer profile.
/Home # #普通用户的家目录,
/lib # #32位系统库文件存放位置, mainly store the function library used when booting up, and the function library that will be called under/bin or/sbin command. /lib/modules: Storing kernel-related modules (drivers)
/LIB64 # #64位系统库文件存放位置
/media # #系统临时设备挂载点. Storage of floppy disks, CDs, DVDs and other devices.
/MNT # #系统临时设备挂载点
/run # #系统临时设备挂载点
/OPT # #第三方软件安装位置. Store third-party software and install additional software on its own.
/proc # #虚拟文件系统 to store running information of the system, such as process information, kernel information, network information, etc. This directory is stored in memory and does not actually occupy disk space. such as/proc/cpuinfo storage of information about the CPU.
/root # #超级用户家目录
/srv,/var # #系统数据, log file
/sys # #系统管理, mostly about the kernel
/tmp # #系统临时文件存放位置, accessible to anyone. The temporary files generated by the system software or the user running the program are stored here. This directory data needs to be purged periodically.
/usr # #系统用户相关信息数据及用户自定义软件存放位置.

(2) System file path
Absolute path
The file is in the real place of the system and the file name begins with "/", for example:/usr/share/doc.
Relative path
The file relative to the current location of the name of a shorthand, the name does not start with/, and the name will automatically add the value of the PWD display

Linux file permissions and directory configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.