Rights Management as a person who is learning Linux, it feels like nothing. How to protect personal privacy and personal work environment, after you have learned this, you feel that authority is how important.
#ls-L 1.sh
-rw-r--r--1 root root 0 Sep 19:36 1.sh
1th column
1th character: Represents a file type
-Normal file
F Common Files
Catalog D
b Device Files
L Link File
C Serial Port Device
s Scocket file
第2-10 characters: normal permissions for files
R-Read permission number representation: 4 U file owner
W-Writable Permissions Digital ID: 2 G file Genus Group
x executable permissions Digital ID: 1 o Other person permissions for the file
Column 2nd: The number of subdirectories representing files or the number of linked files
Column 3rd: Owner of the file
4th Column: The genus Group of the file
5th column: Size of file (default bytes in units)
6th to 8th column: Date time of the file (modified or created)
Nineth column: File
By default
The root user file has permissions of 644 and the Create directory permission is 755
Normal User: By default, the permission to create a file is 664, and the permission to create a directory is 775
The permissions for files and directories are determined by the Umask value, and the default is umask=022
To Modify the default permissions:
1. Temporary modification (only valid at the current terminal)
#umask 0002
2. Permanent modification (for all users | For a user)
For User01 users:
Vim ~/.BASHRC
#. BASHRC
# Source Global Definitions
if [-F/ETC/BASHRC]; Then
. /etc/bashrc
Fi
umask 0033 on the last
# source ~/.BASHRC
0033
0666-0033=0633 0644
0777-0033=0744
For all users:
# VIM/ETC/BASHRC
...
umask 0014
# SOURCE/ETC/BASHRC
0014
0666-0014=0652 0662
0777-0014=0763
Special privileges (Adventure bit) "S" "
The command that is typically targeted, temporarily owning the file's owner permissions.
# chmod U+S/BIN/RM user Plus "s" permission | G+s Group "s" permissions | O+s other people's rights
Ll/bin/rm
-rwsr-xr-x. 1 root root 57440 Oct /bin/rm
# Su-User name
# RM file name (can be deleted)
Sticky bits: (stick bit)
Generally for public directories, only root and the owner of the file can delete files, and no one else will be able to delete other people's files. I can only manage myself.
acl Access Policy setfacl: Set ACL policy for file-R: Recursive authorization, for directories or files that already exist under the directory have an ACL policy. However, the newly created file under this directory does not have an ACL policy-D: Default ACL policy for directories, new files or directories under that directory inherit ACL policy. Old files do not inherit-m: Modify settings ACL policy-x: Delete a user's ACL policy-B: Remove all ACL policies mask: Defines the maximum permissions except other and owner #setfacl -m u:user01:rw file1 --> acl Policy permissions to individual users [[Email protected] test] # setfacl -m u:user01:rw file1 [[email protected] test]# getfacl file1 # file: file1 # owner: root # group: root user::rw- user:user01:rw- group::rw- mask::rw- other::r-- #setfacl -m m::r file1 --> Set maximum permissions, maximum permissions only r [[email protected] test]# setfacl -m m::r file1 [[email protected] test]# getfacl file1 # file: file1 # owner: root # group: root user::rw- user:user01:rw-#effective: r-- user:user03:r-x#effective:r-- group::rw- #effective: r-- group:admin:rw-#effective:r-- mask::r-- other::r-- #setfacl -x u:user01 file1 --> Delete user01 on File file1 ACL Policy Permissions #setfacl -x g:admin file1 --> Delete Group admin ACL policy permissions on file file1 #setfacl -x m file1 --> Delete Maximum permissions for a file #setfacl - b file1 --> Remove all ACL policy permissions -R : Old files and directories will inherit ACL policies [[email protected] test]# setfacl -R -m u:user01:rwx dir1 [[email protected] test]# getfacl dir1 # file: dir1 # owner: root # group: root user::rwx user:user01:rwx group::r-x mask::rwx other::r -d : the newly created file or directory inherits ACL policies [[email protected] test]# setfacl -d -m g:admin:rwx dir2 [[email protected] test]# getfacl dir2 # file: dir2 # owner: root # group: root user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:group: admin:rwx default:mask::rwx default:other::r-x Test Results: # id user02 uid=501 (User02) gid=501 (USER02) groups=501 (USER02), 502 (Admin) User02 users cannot create any files under this directory, but they can create files under the new directory setfacl -m g:admin:rwx dir2 -Rd used together: # setfacl -rd -m u:user02:rwx dir1/ 1, old directory can inherit ACL policy, but cannot create file in this directory; Files do not inherit ACL policy 2, new directories and files inherit ACL policies, and can create files
This article from "11447124" blog, declined reprint!
Linux User group Rights Management