Linux User group Rights Management

Rights Management as a person who is learning Linux, it feels like nothing. How to protect personal privacy and personal work environment, after you have learned this, you feel that authority is how important.

#ls-L 1.sh

-rw-r--r--1 root root 0 Sep 19:36 1.sh

1th column

1th character: Represents a file type

-Normal file

F Common Files

Catalog D

b Device Files

L Link File

C Serial Port Device

s Scocket file

第2-10 characters: normal permissions for files

R-Read permission number representation: 4 U file owner

W-Writable Permissions Digital ID: 2 G file Genus Group

x executable permissions Digital ID: 1 o Other person permissions for the file

Column 2nd: The number of subdirectories representing files or the number of linked files

Column 3rd: Owner of the file

4th Column: The genus Group of the file

5th column: Size of file (default bytes in units)

6th to 8th column: Date time of the file (modified or created)

Nineth column: File

By default

The root user file has permissions of 644 and the Create directory permission is 755

Normal User: By default, the permission to create a file is 664, and the permission to create a directory is 775

The permissions for files and directories are determined by the Umask value, and the default is umask=022

To Modify the default permissions:   
1. Temporary modification (only valid at the current terminal)
#umask 0002

2. Permanent modification (for all users | For a user)
For User01 users:
Vim ~/.BASHRC
#. BASHRC

# Source Global Definitions
if [-F/ETC/BASHRC]; Then
. /etc/bashrc
Fi
umask 0033 on the last

# source ~/.BASHRC

0033
0666-0033=0633 0644
0777-0033=0744

For all users:
# VIM/ETC/BASHRC
...
umask 0014

# SOURCE/ETC/BASHRC

0014
0666-0014=0652 0662
0777-0014=0763

Special privileges (Adventure bit) "S" "

The command that is typically targeted, temporarily owning the file's owner permissions.

# chmod U+S/BIN/RM user Plus "s" permission | G+s Group "s" permissions | O+s other people's rights

Ll/bin/rm
-rwsr-xr-x. 1 root root 57440 Oct /bin/rm

# Su-User name

# RM file name (can be deleted)

Sticky bits: (stick bit)

Generally for public directories, only root and the owner of the file can delete files, and no one else will be able to delete other people's files. I can only manage myself.

acl  Access Policy setfacl: Set ACL policy for file-R: Recursive authorization, for directories or files that already exist under the directory have an ACL policy. However, the newly created file under this directory does not have an ACL policy-D: Default ACL policy for directories, new files or directories under that directory inherit ACL policy. Old files do not inherit-m: Modify settings ACL policy-x: Delete a user's ACL policy-B: Remove all ACL policies mask: Defines the maximum permissions except other and owner    #setfacl   -m  u:user01:rw   file1 --> acl   Policy permissions to individual users [[Email protected] test] # setfacl -m u:user01:rw file1                            [[email  protected] test]# getfacl file1                            #  file: file1                            # owner: root                             # group: root                              user::rw-                             user:user01:rw-                              group::rw-                              mask::rw-                             other::r--            #setfacl   -m m::r   file1       --> Set maximum permissions, maximum permissions only  r     [[email protected] test]# setfacl -m  m::r file1  [[email protected] test]# getfacl file1 # file:  file1 # owner: root # group: root   user::rw-    user:user01:rw-#effective: r--   user:user03:r-x#effective:r--   group::rw- #effective: r--   group:admin:rw-#effective:r--   mask::r--    other::r--              #setfacl     -x  u:user01  file1      -->  Delete  user01   on File  file1    ACL  Policy Permissions #setfacl   -x  g:admin   file1      --> Delete Group  admin     ACL  policy permissions on file  file1  #setfacl    -x  m  file1    --> Delete Maximum permissions for a file #setfacl  - b    file1    -->  Remove all  ACL  policy permissions                    -R   : Old files and directories will inherit  ACL  policies                       [[email protected] test]# setfacl -R  -m u:user01:rwx dir1                   [[email protected] test]# getfacl dir1                    # file: dir1                    # owner:  root                    # group: root                    user::rwx                    user:user01:rwx                    group::r-x                     mask::rwx                    other::r      -d  :  the newly created file or directory inherits  ACL  policies                        [[email  protected] test]# setfacl -d -m g:admin:rwx dir2             [[email protected] test]# getfacl dir2             # file: dir2             # owner: root             # group: root             user::rwx             group::r-x            other::r-x             default:user::rwx             default:group::r-x            default:group: admin:rwx            default:mask::rwx             default:other::r-x Test Results:  # id  user02  uid=501 (User02)  gid=501 (USER02)  groups=501 (USER02), 502 (Admin)    User02 users cannot create any files under this directory, but they can create files under the new directory   setfacl -m g:admin:rwx dir2           -Rd   used together:     # setfacl -rd  -m u:user02:rwx dir1/    1, old directory can inherit  ACL  policy, but cannot create file in this directory;  Files do not inherit  ACL  policy  2, new directories and files inherit ACL policies, and can create files

This article from "11447124" blog, declined reprint!

Linux User group Rights Management