Linux Rights Management Summary (1)--Basic permissions

Source: Internet
Author: User

Linux players know that Linux is much more secure than Windows, and this is mainly because of Linux security permissions mechanism, Linux users and files are the focus of the system, and the main philosophy of Linux is all documents. Users in Linux have the user's privileges, divided into ordinary users and super users. The file has the file permissions, respectively, read and write execution permissions. Because of all the files in Linux, the operation of the file can be directly operating system, many Linux Advanced Server is no graphical interface, is to directly manipulate the file to control the server, the operation of the file to be performed by the user, and the normal user and Superuser executive permissions are different.

1. Differences between normal user and Superuser privileges

Superuser is the owner of the system, can do any operation on the system, or even delete the root directory of the system. While ordinary users have great limitations, such as the inability to modify the system key configuration files, to view other users ' files requires appropriate permissions to not install the software, even the shutdown instructions (shutdown or poweroff) need to be executed as root (sudo).

2. Understanding "Ls-l"

Let's take a look at our ls-l output and check the first column of this list:

$ ls-l/bin/bash
-rwxr-xr-x 1 root wheel 430540 Dec 18:27/bin/bash
The first field-rwxr-xr-x a symbolic representation of the permission that contains the special file.

The first character in the field (-) specifies the type of the file, in this case it is a regular file. Other possible first characters are:
"D" Directory
"L" symbolic link
"C" character specialized device file
"B" block specialized equipment files
"P" Advanced first Out
"S" sockets

3. File Permissions rwx

R means allow read (view the data in the file), w means allow write (modify file and delete), x means Allow "execute" (Run program).

different permissions for files are implemented through different combinations of rwx,

First set of rwx: The permissions of the file owner are read, write, and execute

Second set of rw-: Permissions for users of the same group as the file owner are read, write, but cannot be executed

Third group r--: Permissions for other users who are not in the same group as the file owner are read and cannot be written and executed

The numbers can also be expressed as:r=4,w=2,x=1 so rwx=4+2+1=7

4.umask value

when we log into the system and create a file, there is always a defaultPermissions, then how does this permission come from? That's what Umask did. Umask Set the userCreateThe default permissions for the file, which is exactly the opposite of the chmod effect,umask Set the permissions " complement", while chmod is setting the file permission code. you can generally set $[HOME]/.BASHRC values in/etc/profile,/ETC/BASHRC, $ [Home]/.bash_profile, $[home]/.profile, or umask. Depending on the Linux distribution, such as Fedora19 to change its umask value, the value added umask under $[home]/.profile or $[home]/.bash_profile cannot overwrite the configuration value in/etc/profile , you must increase the Umask value under $[HOME]/.BASHRC to permanentlydefinitionown umask value.

    • how to calculate umask values

The Umask command allows you to set the default mode for file creation, with a corresponding number of umask values for each type of user (file owner, same group of users, other user). For a file, the maximum value for this number is 6, respectively. The system does not allow you to give it permission to create a text file, and you must add this permission with the chmod command after creation. The directory allows you to set execution permissions, so that for the directory, the number of umask can be up to 7.


For example, for the Umask value 0 0 2, what are the corresponding file and directory default creation permissions?

In the first step, we first write the schema with full permissions on the directory, which is 777 (all users have read, write, and Execute permissions).

In the second step, the following line writes the corresponding bit according to the Umask value, which in this case is 0 0 2.

The third step is to make a note in the next line that there are no matching bits in the above two lines. This is the default creation permission for the directory.

This method can be remembered with a little practice.

The fourth step, for a file, cannot be created with Execution permissions, as long as the corresponding execution permissions to remove the bit.

This is the example above, where the Umask value is 0 0 2:

1) Maximum file permissions rwx rwx rwx (777)

2) umask value is 0 0 2-------w

3) directory Permissions rwx rwx r-x (775) This is the directory creation default permissions

4) file Permissions rw-rw-r--(664) This is the file creation default permission

Here is another example, assuming that the u m a S K value is 0 2 2:

1) Maximum file permissions rwx rwx rwx (777)

2) u m a S K value is 0 2 2----w-w-

3) directory Permissions rwx r-x r-x (755) This is the directory creation default permissions

4) file Permissions rw-r--r--(644) This is the file creation default permission

5. Change file Permissions command chmod

chmod [who] [+ |-| =] [mode] file name?

The meanings of the options in the command are:

Action object who is either or their combination of the following letters:

U means "user", which is the owner of the file or directory.

G means "same group user", that is, all users with the same group ID as the file owner.

O means "other (others) users".

A means "all users". He is the system default value.

The operation symbols are:

+ Add a permission.

-Cancels a permission.

= gives the given permission and cancels all other permissions, if any.

Setting the permissions represented by mode can be any combination of the following letters:

R is readable.

W writable.

X executable.

x append the x attribute only if the destination file is executable to some users, or if the target file is a directory.

S is the owner of the file in which the owner or group ID of the process is placed when the file is executed. The way "U+s" sets the user ID bit of the file, "G+s" sets the group ID bit.

T save the program's text to the swap device.

U and the owner of the file have the same permissions.

G and the user with the same group as the file owner have the same permissions.

O and other users have the same permissions.


Example:

chmod 755 ABC: Give ABC permission rwxr-xr-x

, g=rx o=rx abc : Ibid. u= user rights , g= o=

chmod u-x,g+w ABC: to ABC remove user-executed permissions, increase group Write permissions

chmod a+r ABC: Add Read permissions to all users


This article from the "Technology life, Simple not simple" blog, please be sure to keep this source http://willis.blog.51cto.com/11907152/1845983

Linux Rights Management Summary (1)--Basic permissions

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.