Linux File System permission collation

Source: Internet
Author: User

Linux File System permission collation

Programs used:

Chmod setfacl getfacl stat chattr lsattr
Chmod: Set File Permissions
Setfacl: access control list)
Getfacl: view the access control list
Stat: displays inode content (a | m | c) time content
Chattr: sets the list file attribute system of the second extended file.
Lsattr: view the list file attribute system of the second extension file
Setuid: Make the file have the same x permissions as the file owner
Setgid: Make the folder have the same x permissions as the file group
Sticky: Make files unavailable

Test:

  1. [Root @ nagios test] # touch setuid setgid sticky
  2. [Root @ nagios test] # chown-R nagios. nagios ./
  3. [Root @ nagios test] # chmod u + s setuid & chmod g + s setgid & chmod o + t sticky
  4. [Root @ nagios test] # ll
  5. Total 0
  6. -Rw-r-Sr -- 1 nagios 0 Mar 2800: 41 setgid
  7. -RwSr -- r -- 1 nagios 0 Mar 2800: 41 setuid
  8. -Rw-r -- r-T 1 nagios 0 Mar 2800: 41 sticky
  9. [Root @ nagios test] # su hello
  10. [Hello @ nagios test] $ pwd
  11. /Root/test
  12. [Hello @ nagios test] $ echo hello> setuid
  13. Bash: setuid: Permission denied
  14. [Hello @ nagios test] $ sh setuid
  15. Hello
  16. [Nagios @ nagios test] $ exit
  17. Exit
  18. [Root @ nagios test] # chmod o + w sticky
  19. [Root @ nagios test] # su hello
  20. [Hello @ nagios test] $ ll sticky
  21. -Rw-rwT 1 nagios 0 Mar 2800: 45 sticky
  22. [Hello @ nagios test] $ rm sticky
  23. Rm: cannot remove 'sticky': Permission denied
  24. [Hello @ nagios test] $ stat sticky
  25. File: 'sticky'
  26. Size: 0 Blocks: 0 IO Block: 4096 regular empty file
  27. Device: fd00h/64768d Inode: 134198 Links: 1
  28. Access: (1666/-rw-rwT) Uid: (500/nagios) Gid: (500/nagios)
  29. Access: 2013-03-2800: 45: 37.875928997 + 0800
  30. Modify: 2013-03-2800: 45: 37.875928997 + 0800
  31. Change: 2013-03-2800: 46: 28.050580800 + 0800

# Setfacl and getfacl

User: owner permission ":" All are owners ":" special user
Group: group and Special group
Other: Others
Mask: All persons except owner and others
Common options:
-D: subdirectory inherits the special permissions of the parent directory.
-R: recursive permission

Check whether ACL is supported

  1. [Root @ nagios heelo] # tune2fs-l/dev/sda1 | grep option
  2. Default mount options: user_xattr acl

Test:

  1. [Root @ nagios test] # touch setfacl
  2. [Root @ nagios test] # setfacl-m user: r, user: hello: rw setfacl
  3. [Root @ nagios test] # chown nagios. nagios setfacl
  4. [Root @ nagios test] # ll setfacl
  5. -R -- rw-r -- + 1 nagios 0 Mar 2800: 52 setfacl
  6. [Root @ nagios test] # su nagios
  7. [Nagios @ nagios test] $ echo hello> setfacl
  8. Bash: setfacl: Permission denied
  9. [Nagios @ nagios test] $ exit
  10. Exit
  11. [Root @ nagios test] # su hello
  12. [Hello @ nagios test] $ echo hello> setfacl
  13. [Hello @ nagios test] $ cat setfacl
  14. Hello
  15. [Hello @ nagios test] $ getfacl setfacl
  16. # File: setfacl
  17. # Owner: nagios
  18. # Group: nagios
  19. User: r --
  20. User: hello: rw-
  21. Group: r --
  22. Mask: rw-
  23. Other: r --

#chattr and lsattr
Chattr +-= [acdeijstuADST].
A: Atime: Tell the system not to modify the last access time of this file.
S: Sync. Once the application writes the file, the system immediately writes the Modification result to the disk.
A: Append Only. The system Only allows data to be appended to this file. No process is allowed to overwrite or intercept this file. If the directory has this attribute, the system will only allow the creation and modification of files under this directory, and will not allow the deletion of any files.
I: Immutable. The system does not allow any modifications to this file. If the directory has this attribute, any process can only modify the files under the Directory and cannot create or delete files.
D: Check for errors in the compressed file.
D: No dump. During file system backup, the dump program ignores this file.
C: Compress. The system compresses the file transparently. When reading from this file, the returned data is extracted. When writing data to this file, the data is first compressed before being written to the disk.
S: Secure Delete. The system will use 0 to fill in the region where the file is located when deleting the file.
U: Undelete: When an application requests to delete this file, the system will keep its data block so that the file can be deleted in the future.

Test:

  1. [Root @ nagios test] # mkdir chattr
  2. [Root @ nagios test] # chattr + I chattr/
  3. [Root @ nagios test] # touch chattr/hello
  4. Touch: cannot touch 'chattr/hello': Permission denied
  5. [Root @ nagios test] # chattr-I + a chattr/
  6. [Root @ nagios test] # touch chattr/hello & echo hello> chattr/hello & cat chattr/hello
  7. Hello
  8. [Root @ nagios test] # rm chattr/hello
  9. Rm: remove regular file 'chattr/hello '? Y
  10. Rm: cannot remove 'chattr/hello': Operation not permitted

Conclusion

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.