Linux Fundamentals 8

Source: Internet
Author: User

Access rights:
READ: Allow viewing of content-read
Write: Allow content to be modified-write
Executable: Allow to run and switch-excute
(The above three points rwx together determine the final authority)
Attribution Relationship:
Owner: The user who owns this file/directory-user
Owning group: The group that owns this file/directory-group
Other users: Users other than the owner, the owning group-other
All users: The above three categories belong to collectively-all

Resolve File/directory permissions:
The 8 binary number of the permission bit means: r,w,x corresponds to 4,2,1 respectively, the latter three groups are summed separately
—————————————————————————
Group |    User Permissions |    Group Permissions | Other Permissions |
Characters |     R W x |    R-x | R-x |
Digital |     4 2 1 |    4 0 1 | 4 0 1 |
Summation |        7 |       5 | 5 |
—————————————————————————

Permissions control:
Set basic permissions: chmod command
Format: CHOMD [ugoa][+-=][rwx] File
chmod [nnn] File
Common Command options:
-R: Recursive Modify permissions

Default permissions for new files/directories
Normal file does not give x Execute permission by default, other depends on umask setting
[Email protected] ~]# umask
0022
[Email protected] ~]# umask-s
U=rwx,g=rx,o=rx (new directory 755, new file 644)

————————————————————————————————————————————————————————
To set up a attribution relationship:
Owner > Owning group > Other people
Chown command
Format: Chown Master File
Chown: Genus Group File
Chown: The genus Group file (equivalent to the CHGRP command. Specially modified Group)
Common Command options:
-R: Recursive Modify permissions
Operation:
[Email protected]room1pc01 ~]# ls-ld/nsd/
Drwxr-xr-x 2 root root 4096 June 5 13:50/nsd/
[[email protected] ~]# chown anonymous:anonymous/nsd/(modified to Anonymous main Anonymous group)
[Email protected] ~]# ls-ld/nsd/
Drwxr-xr-x 2 Anonymous Anonymous 4096 June 5 13:50/nsd/

[[email protected] ~]# chown root:anonymous/nsd/(modified to root main Anonymous group)
[Email protected] ~]# ls-ld/nsd/
Drwxr-xr-x 2 root Anonymous 4096 June 5 13:50/nsd/

——————————————————————————————————————————————

Special permissions
The U,g,o packet, which is superimposed on the permission bit, is used to pass the program execution identity and restrict directory write rights.

Special Permissions Categories:
The category character indicates that the number represents the overlay position
Set UID s 4 x bit of user
Set GID s 2 x bits of group
Sticky bit T 1 other X-bit
View:
[[Email protected] Desktop]# ls-ld/usr/bin/passwd
-rwsr-xr-x. 1 root root 30768 February 2012/usr/bin/passwd

Set UID
SUID Permissions:
Occupy the X-bit of the owner (User)
Displayed as S or S, depending on whether the owner has X permission
Meaningful only for executable programs
Pass-through owner identity

Set GID
Sgid Permissions:
Occupy the X-bit of the owner (Group)
Displayed as S or S, depending on whether the owner has X permission
Valid for executable program/directory
When other users execute a program with the sgid tag, they have the identity of the program group and the appropriate permissions
In a directory with Sgid permissions, the newly created document automatically inherits the group identity of the secondary directory

Sticky Bit
Sticky Bits,
The X-bit of the other person, shown as T or T, depends on whether the other person has X permission
Applies to directories to restrict user abuse of write rights
In a folder with sticky bits set, you cannot delete or rename other user documents, even if the user has write rights.

———————————————————————————————————————
ACL permissions
Ext Series File system support,
Separate RWX permissions can be set for individual users, groups
Set default RWX permissions for a new child profile for a directory
To view ACL permissions:
[[Email protected] Desktop]# tune2fs-l/dev/sda2 |grep ACL
Default Mount Options:user_xattr ACL

Defining ACL control policies
SETFAC command:
Format: setfacl [options] u: User name: Permissions file
setfacl [option] G: Group name: Permission file
Common Command options:
-M: Define an ACL policy
-X: Clears the specified ACL policy
-B: Clears all ACL policies that have been set
-r: Recursive set ACL policy
-D: Set default permissions for the directory (subdocument auto-inherit)

Linux Fundamentals 8

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.