Linux file Special permissions and ACLs-----CentOS 6.X

Acl,sticky,suid,sgid,umask Learning and use

umask

Umask Primary role is to define user-created files or directory default permissions

Umask Default value is 0022 generally only look after four bits because the first bit represents a special permission Sticky, Suid,sgid.

The default permission for a user-created directory is 777, and the file has a permission of 666 because the directory must have an X-permission bit

[[email protected] ~]# umask view default umask

0022

[Email protected] ~]# mkdir test

[Email protected] ~]# ll-d test

Drwxr-xr-x 2 root root 4096 Sep 03:02test Test directory permission is 777-022=755

[[email protected] ~]# Touch txt

[[email protected] ~]# LL txt

-rw-r--r--1 root root 0 Sep 03:03 txt file permissions 666-022=644

Custom Umask

[Email protected] tom]# umask 0033 This modification only works in the current shell

[Email protected] tom]# umask

0033

to be umask permanently valid, you must write it to the configuration file

/etc/profile--/etc/profile.d/*.sh--> ~/.bash_profile--and ~/.BASHRC--/ETC/BASHRC

SUID

Suid the permission bit on the X -bit, if the file currently has x permission is s otherwise is s

Suid is the role of the user in the execution of the program, the owner of the process is no longer the initiator himself, but the owner of this program file

take the/etc/shadow file as an example

[Email protected] tmp]$ Ll/etc/shadow

----------1 root root 1628 June 16:50/etc/shadow

Root user Action

[[email protected] tmp]# cp/bin/cat./ Avoid damaging the system cat so copy the cat program to the current directory

[[email protected] tmp]# ll cat View pre-Modify Permissions

-rwxr-xr-x 1 root root 48568 Sep 03:35cat

[[email protected] tmp]# chmod u+s cat Add s permissions

[email protected] tmp]# ll Cat

-rwsr-xr-x 1 root root 48568 Sep 03:35cat

Standard user

[Email protected] tmp]$./cat/etc/shadow

root:$6$yw5e.cdtzgwaen9/$LaEv 1zx2rr1t2ky21ndcem0obroe7baqbsqd2bcnhqc9ca2if/wkqm6ufztzeeucphzbpkwzrqdz3hhb9jzei /:16146:0:99999:7:::

Bin:*:15628:0:99999:7:::

Daemon:*:15628:0:99999:7:::

Adm:*:15628:0:99999:7:::

Cancel Methods of SUID

[Email protected] tmp]# chmod u-s Cat

[email protected] tmp]# ll Cat

-rwxr-xr-x 1 root root 48568 Sep 03:35cat

You can also add or remove this permission bit with a decimal number

SUID SGID Sticky form a set of permission bits represented as

SUID 4

SGID 2

Sticky 1

[Email protected] tmp]# chmod 7644 Cat

[email protected] tmp]# ll Cat

-rwsr-sr-t 1 root root 48568 Sep 03:35cat

SGID and sticky permission bits

SGID

The group has s permission, when executing this program, the group of its process is no longer the basic group that the runner belongs to, but the group of this program file.

[[email protected] tmp]# groupadd admin Add a test group

[[email protected] tmp]# usermod-a-g admin Job

[[email protected] tmp]# usermod-a-G admin Tom adds these two users to the admin Group

[[email protected] tmp]# chown:admin test Change the owning group of the directory

[[email protected] tmp]# chmod g+ws test add GUID

[[email protected] tmp]# ll test/-d View directory permissions

drwxr-sr-x 2root admin 4096 Sep 05:01 test/

[[email protected] test]$ Touch Tom creates a Tom file with a tom user

[email protected] test]$ LL

Total 0

-rw-rw-r--1 Tom admin 0 Sep 05:18 Tom

[email protected] test]$ LL

Total 4

-rw-rw-r--1 Job Admin 4 Sep 05:32 Job

-rw-rw-r--1 Tom admin 0 Sep 05:18 Tom

Verify

[[email protected] test]$ echo "Tom" >job add Tom characters to the job creation file without error

[[email protected] test]$ Cat job means that there are Tom characters in the GUID effective file

Tom

[[email protected] test]$ RM-RF Job Delete Job file with Tom user

[email protected] test]$ LL

Total 0

-rw-rw-r--1 Tom admin 0 Sep 05:18 Tom

Sticky

sticky bits, attached to other permissions, behave as t

Act as a file in a public folder that other users can read and write but cannot delete other people's files only the owner has permission to delete

Based on the above environment

[Email protected] tmp]# chmod o+t test/

[Email protected] tmp]# ll-d test/

Drwxrwsr-t 2 root root 4096 Sep 06:05test/

[[email protected] test]$ echo "Job" >tom

[email protected] test]$ cat Tom

Job

[Email protected] test]$ RM-RF Tom

Rm:cannot remove ' tom ': Operation notpermitted cannot delete files from other users

ACL

Access Control list Add an individual user or group operation permissions on a file

Setfacl

[email protected] ~]$ LL

Total 4

DRWX------2 Job Job 4096 Sep 06:20 Mic

[[email protected] ~]$ setfacl-m U:TOM:RW mic Set what permissions a user has on the file

Getfacl

[[email protected] ~]$ getfacl mic/ View ACL for this file

# file:mic/

# Owner:job

# Group:job

User::rwx

user:tom:rw-

Group::---

mask::rw-

Other::---

[[email protected] ~]$ Setfacl-xu:tom mic Cancel all permissions for this user

[Email protected] ~]$ Getfacl mic/

# file:mic/

# Owner:job

# Group:job

User::rwx

Group::---

Mask::---

Other::---

[email protected] ~]$ setfacl-mg:admin:rwx mic/ Setting the group's ACL

[Email protected] ~]$ Getfacl mic/

# file:mic/

# Owner:job

# Group:job

User::rwx

Group::---

Group:admin:rwx

Mask::rwx

[[email protected] ~]$ setfacl-xg:admin mic cancels the group's ACL

This document: http://down.51cto.com/data/1878394

This article is from the "lovefish" blog, make sure to keep this source http://mictiger.blog.51cto.com/4854014/1559541

Linux file Special permissions and ACLs-----CentOS 6.X