Linux files and Permissions
?? In Linux, there are all files, and the permissions of the file and the user's permissions determine the degree of control of the file, so the permissions of the file and the user's permissions on the Linux files and system security has a great impact.
I. File system
1. Files and directories in Linux are organized into a single inverted structure, with all files starting from the root (/).
2.Linux file names are case-sensitive.
3. The file has two types of data: metadata (metadata) and data. Where the metadata is stored in the file Inode and other information, the data is stored in the specific contents of the file.
4. The file name is up to 255 bytes long. File types that correspond to the various file name colors:
File name Color |
File Type |
Blue |
Directory |
Green |
Executable file |
Red |
Compress files |
Light Blue |
Connection file |
Grey |
Other files |
File structure in 5.linux
/boot :引导分区,引导文件、内核文件存放目录/bin : 存放供所有用户使用的基本命令的二进制可执行文件,不可关联到独立分区/sbin : 存放管理类的基本命令的二进制可执行文件,不可关联到独立分区/lib : 启动时程序依赖的基本共享库文件/lib64 :在x86_64系统上的辅助共享文件库存放位置/etc: 配置文件/home : 普通用户家目录存放位置/root : 管理员的家目录/media : 便携式移动设备挂载点/mnt : 临时文件系统挂载点/dev : 设备文件存放位置/opt : 第三方应用程序安装位置/srv : 系统运行服务用到的数据/tmp : 临时文件存储/var : 一般存放经常修改的文件,例如日志/sys :存放和硬件相关的(内存)内容/proc : 存放内存中的正在运行中的进程
6. File identifiers
identifiers |
File Type |
- |
Normal file |
D |
Directory |
B |
Block devices |
C |
Character device |
L |
Link file |
P |
Pipeline files |
S |
Socket sockets |
Two. File Management
1.PWD Display current working directory
pwd -P 显示真实物理路径 pwd -L 显示链接路径(默认)
2. Absolute path and relative path
Absolute path
1.以正斜杠(/)开始2.完整的文件位置路径3.可用于任何想指定的文件
Relative path
1.不以正斜杠(/)开始2.其路径是相对于当前工作目录的路径。
3.CD Changing directories (change directory)
cd 切换到当前用户主目录cd .. 切换到上一层目录cd - 切换至以前工作的目录
4.ls Listing Directory Contents
ls -a 显示包括隐藏文件ls -l 显示额外的信息ls -R 目录递归显示ls -1 文件分行显示ls -S 按大到小的顺序显示ls -t 按mtime排序
5.stat Viewing file status
stat filename atime:access time 访问时间mtime: modify time 修改时间ctime:change tine 元数据改变时间
6.CP Copying files
cp -T source destcp source directorycp -t directory sourcecp -i 覆盖前提示cp -n 不覆盖cp -r,R 递归cp -a 归档,连带权限全部复制
7.MV Moving and renaming files
mv -T source destmv source directorymv -t directory sourcemv -i 交互式mv -f 强制
8.RM Delete
rm -i 交互式rm -r 递归rm -f 强制
?? In order to prevent the RM mistakenly deleted, can build a folder, alias RM for MV Command, alias rm= ' Mv-t/trash ' where/tursh can be considered as a garbage collection station
9. File wildcard characters
symbols |
meaning |
* |
0 or more characters |
~ |
Current User Home Directory |
[0-9] |
0-9 any one number |
[A-z] |
A-Z any letter |
[A-z] |
A-Z any letter |
[En] |
En any one of the |
[^zh] |
Characters outside of ZH |
Other presentation methods
character |
meaning |
[:d Igit:] |
Any number, 0-9 |
[: Lower:] |
Any lowercase letter, a-Z |
[: Upper:] |
Any uppercase letter, a-Z |
[: Alpha:] |
Any uppercase and lowercase letters |
[: Alnum:] |
Any number, letter |
[: Blank:] |
Horizontal white space character |
[: Space:] |
Horizontal or vertical whitespace characters |
Three. Inode nodes and soft and hard links
1.inode (index node) index nodes.
?? An inode node contains metadata for a file or a folder. The Inode table records information about all the files, and the system finds the Inode information first, and then finds the storage location on the disk through the Inode information. Different file systems have different ways of partitioning the disks, and the INODE table structure is not the same. The inode includes the following information:
文件类型,权限,属主,属组链接数(指向这个文件的路径名称个数)文件大小和时间戳磁盘上存放文件数据的指针
?? Therefore, when we delete a file, we delete its file name, while releasing the Inode table is empty, and its disk contents are not emptied. When we copy a file, we first copy the Inode information into a new inode, and then copy the contents of the file. When we move or rename a file, we do not change its inode information and the contents of the data on the disk, only changing its file name.
2. Hard Links
?? Hard Link: Hard link is equivalent to the same file alias, do not change the file inode information and disk storage location. Each hard connection is independent and has no primary or secondary relationship. For each hard link created, the number of connections to the file increases by 1. Hard links are not created across partitions because each partition is a separate inode table. At the same time, hard links can only be created on the file, not on the folder, to avoid the dead loop nesting.
ln filename1 filename2
3. Soft Links
?? A soft link is equivalent to a shortcut in Windows, when a soft link is created, a new file is created, the contents of the file are the path to the referenced file, the path can be either an absolute path or a relative path, and the relative path is relative to the path of the soft-link directory, not the working directory. If a soft link is attached to a reference file and the reference file is deleted, the soft link is also invalidated. Soft links can be created across partitions, and can be used for files or folders.
ln -s filename1 filename2
Four. Standard I/O and piping
1. Standard input and output
Linux provides three I/O devices to the program
type |
operator |
default input/Output |
Standard input |
0 |
Default input from keyboard |
Standard output |
1 |
Default output to Terminal |
Standard error |
2 |
Default output to Terminal |
?? Combined with commands and operators, we can redirect three standard input/output to a file. The format is as follows:
Among them, the operators include:
>(1>) 把标准输出重定向到文件2> 把标准错误输入重定向到文件&> 把所有输出重定向到文件< file 把文件的内容作为命令的标准输入>>、>> 和 <<终止词> file 会把文件原有内容覆盖,set -C 禁止覆盖已有文件,可追加set +C 允许覆盖>> file 追加到文件中,不覆盖文件。<<终止词 多行输入,直到遇到终止词才停止输入
2.tr command
TR Convert and delete characters
tr [option] SET1 [SET2]tr -c 取字符的补集tr -d 删除属于第一字符集的字符tr -s 把连续重复的字符转化为一个指定的字符tr -t 把第一字符集的字符转化为第二字符集对应的字符
3. Piping
?? Use the standard output of one command as the standard output of another command, using the "|" To connect.
命令1 | 命令2 | 命令3 |...
?? Error output is not forwarded by pipeline by default and can be implemented with 2>&1 or |&
4.tee Redirect to multiple targets
?? Save the standard output of command 1 to a file and serve as a standard input for command 2
Five. Users and Groups
1. Configuration files for users and groups:
/etc/passwd:用户机器属性信息/etc/shadow:用户密码及其相关属性/etc/group:组及其属性信息/etc/shadow:组密码及其相关属性
User
2. User-Created
useradd -u UID :指定所创建用户的UIDuseradd -g :指定用户的基本组useradd -c :指定用户的注释信息useradd -d :指定用户家目录useradd -s :指定用户的shelluseradd -G :指定用户的附加组useradd -D :查看创建用户的默认设置默认设置文件:/etc/default/useradd家目录模板文件:/etc/skelnewusers passwd 格式文件 批量创建用户chpasswd 批量修改用户口令id username 显示用户相关的信息
3. User Property Modification
usermod -u newUID oldUID 修改用户的UIDusermod -g newGID oldGID 修改用户的主组usermod -s 修改默认的shellusermod -c 修改注释信息usermod -L lock指定用户,在/etc/shadow 密码栏加!usermod -U unlock指定用户,把/etc/shadow密码栏的!去掉usermod -e 指定用户账号过期的时间chfn 指定个人信息chsh 指定shellfinger user 查看用户信息
4. Delete a user
userdel username 删除用户userdel -r 删除用户家目录
5. Switch users
su username 非登录式切换,不会读取用户的配置文件,不改变当前工作目录su - username 登录式切换,会读取用户配置文件,完全切换
6. Setting and changing passwords
passwd -d 删除密码passwd -l lock用户passwd -u unlock用户passwd -e 强制用户下次登录修改密码chage 交互式修改用户密码策略
Group
7. Create a group
groupadd -g GID name 指明GIDgroupadd -r 创建系统组
7. Modifying and deleting groups
groupmod -n oldname newname 修改组名字groupmod -g oldGID newGID 修改组GIDgroupdel groupname 删除组
8. Change the group password
gpasswd -a user group 将user添加至指定组中gpasswd -d user group 将user从组中删除newgrp 临时切换主组,不改变/etc配置文件
9. Change and view Group members
groupmems options actionoptions:-g 更改为指定组actions:-a 把用户加入到指定组中-d 把用户从指定组中删除-p 把组中所有成员清除-l 显示组成员列表groups [option].[username]...查看用户所属组列表
Summary: 1. Modify the user's group:
用户加入到组:usermod -g newGID oldGID 修改用户的主组gpasswd -a user group 将user添加至指定组中groupmems -g group -a user 把user加入到组中newgrp 临时切换主组,不改变/etc配置文件用户从组中删除:gpasswd -d user group 将user从组中删除groupmems -g group -d user 把user从组中删除
2. Locking and unlocking users
lockusermod -L lock指定用户,在/etc/shadow 密码栏加!passwd -l lock用户unlockusermod -U unlock指定用户,把/etc/shadow密码栏的!去掉passwd -u unlock用户
Six. File permissions
1. File attributes
?? Each file has three basic permissions for three different types of users. Three different types of users are:
文件的属主(u)文件的属组(g)其他用户(o)
The three basic permissions are:
读(r)、写(w)、执行(x)。
?? X Capital x, give directory x permission only, do not give file x permission, because execute permission is dangerous to the file, if the file is virus and have execute permission that is very dangerous.
?? There are also the number of links, file name, creation time, file size, and so on.
2. Owner and owner of the modified file
chown [option] [owner][:[group] fileowner 修改属主owner:group 修改属主和属组:group 修改属组-R 递归chgrp group file 修改属组
3. Modify File Permissions
chmod -R 递归修改权限chmod [option] --reference=rfile file
| Owner
Genus Group |
other |
U |
G |
O |
+ 、-、 = |
+ 、-、 = |
+ 、-、 = |
R, W, X |
R, W, X |
R, W, X |
4, 2, 1 |
4, 2, 1 |
4, 2, 1 |
4. Permission Mask Code umask
?? The Umask value can be used to retain the Create file permission
umask 查看系统umask值umask 022 设置uamsk值,临时umask -S/p 输出不同格式umask值/etc/bashrc umask全局设置文件~/.bashrc 用户设置
File Permissions calculation:
文件: umask=022666 -> 110110110022 -> 000010010 遇到umask的1就为0,遇0则不变644 <- 110100100文件夹则把666改为777
5. Special Permissions
Suid (4): Valid only for executable binaries, when a user executes a file with Suid permissions, the user inherits the owner's permissions.
Sgid (2): For executable binaries, the performer inherits the permissions of the filegroup. Sgid function in the directory, the new file under the directory will inherit the permissions of the directory group.
Sticky (1): Sticky bit can also be called protection bit, sticky function in the directory, the directory of files can only be deleted by their own owner, others can not.
6.ACL Access Control List
?? ACL permissions are more flexible than traditional permissions, and permissions can be set individually for a single user.
setfacl -m u:user:rwx file 设置user对file有rwx的权限setfacl -x user file 删除user在file上的acl权限setfacl -b file 删除所有对file的acl权限getfacl file 查看file的acl权限getfacl -R file > acl.txt 把file的acl权限备份到acl.txtsetfacl -R --set-file=acl.txt file 从acl.txt中把file的acl权限还原 setfacl --restore acl.txt 还原acl权限ACL权限和传统权限的关系:属主 自定义用户(ACL) 自定义组(ACL) others
7.chattr
chattr +/- i 加锁/解锁 防止误删除,root也删除不了chattr +/- A 不支持读时间的更改
Linux file system on permissions (learning record)