D: Catalogue
-: General Documents
L: Link File
B: Block device files
C: Character file
P: Pipeline File
S: Socket file
rwx Permissions:
to the file:
r: read: Cat more less tail head
w: write: Vim
x: Execute
to the directory:
RX:CD +ls
WX:RM MV
rw: no meaning
r:
W:
x: Access to the directory
umask affects default permissions when you create a file or folder
Maximum file permissions: 666
folder Maximum permissions: 777
Uamsk Default: 0022
default permissions when creating files: 644
default permissions when creating a folder: 755
Special Permissions:
1:suid
2:sgid
3:sticky
suid: Valid only for commands (2-File cat, passwd, and so on), invalid for normal files and folders, and executed by the owner of the command, regardless of which user is executing. (/USR/BIN/PASSWD) U+s
s: Has x permission on itself
S: No x permission for itself
Sgid: Can be used for commands and directories to execute with the permissions of the command and the owning group of the directory. G+s
Sticky: Only to the function directory. Anyone in this directory can only be operated by himself and Root. O+t
4:chattr
chattr command usage: chattr [-RVF] [-v version] [mode] files ...
Most crucially, in the [mode] section, the [mode] section is composed of +-= and [Asacddiijsttu] characters, which are used to control the file
Property.
+ :在原有参数设定基础上,追加参数。
- :在原有参数设定基础上,移除参数。
= :更新为指定参数设定。
A:文件或目录的 atime (access time)不可被修改(modified), 可以有效预防例如手提电脑磁盘I/O错误的发生。
S:硬盘I/O同步选项,功能类似sync。
a:即append,设定该参数后,只能向文件中添加数据,而不能删除,多用于服务器日志文件安全,只有root才能设定这个属性。
c:即compresse,设定文件是否经压缩后再存储。读取时需要经过自动解压操作。
d:即no dump,设定文件不能成为dump程序的备份目标。
i:设定文件不能被删除、改名、设定链接关系,同时不能写入或新增内容。i参数对于文件 系统的安全设置有很大帮助。
j:即journal,设定此参数使得当通过mount参数:data=ordered 或者 data=writeback 挂 载的文件系统,文件在写入时会先被记录(在journal中)。如果filesystem被设定参数为 data=journal,则该参数自动失效。
s:保密性地删除文件或目录,即硬盘空间被全部收回。
u:与s相反,当设定为u时,数据内容其实还存在磁盘中,可以用于undeletion。
各参数选项中常用到的是a和i。a选项强制只可添加不可删除,多用于日志系统的安全设定。而i是更为严格的安全设定,只有superuser (root) 或具有CAP_LINUX_IMMUTABLE处理能力(标识)的进程能够施加该选项。
This article is from the "night Reading Wit Hope female Ghost" blog, please be sure to keep this source http://more3.blog.51cto.com/9929586/1649855
Linux file types, permissions