Linux File and directory permissions
Each file or directory in Linux contains access rights that determine who can access and how to access these files and directories.
By setting permissions, you can restrict access by only allowing users to access them, allowing users in a pre-specified group to access them, and allowing any user in the system to access them.
Linux all files, about the permissions of the file owner is divided into users, user groups, the other three categories, the rights of the category is divided into R (readable), W (writable), X (executable) three, the corresponding permissions for the value of 4, 2, 1
The command to modify the permissions is chmod, and the command to modify the owner is Chown
Simulation Environment:
Create user Group ABC
Create User A and specify user group ABC
Create User B and specify user group ABC
Create another user test without specifying a user group
To view created users
[Email protected] ~]# Groupadd ABC
[Email protected] ~]# USERADD-G ABC a
[Email protected] ~]# USERADD-G ABC b
[Email protected] ~]# Useradd test
[Email protected] ~]# tail-3/etc/passwd
A:x:500:500::/home/a:/bin/bash
B:x:501:500::/home/b:/bin/bash
Test:x:502:502::/home/test:/bin/bash
- Permissions for files
1.1 Create a file with the root user and modify the owner and owner group of the file
[Email protected] ~]# Mkdir/data
[Email protected] ~]# Touch/data/ceshi.txt
[Email protected] ~]# chown a.abc/data/ceshi.txt
[Email protected] ~]# Ll/data/ceshi.txt
-rw-r--r--1 A ABC 0 APR 9 21:02/data/ceshi.txt
1.2 can find the default permission bit of the file is 644, modify the permission bit to 754, 731, the file becomes executable (the color turns green)
[Email protected] ~]# Mkdir/data
[Email protected] ~]# Touch/data/ceshi.txt
[Email protected] ~]# chown a.abc /data/ceshi.txt
[Email protected] ~]# Ll/data/ceshi.txt
-rw-r--r--1 A ABC 0 APR 9 21:02 /data/ceshi.txt
1.3 Summary:
For ordinary users, the file has permission to execute if it needs to have Read permission
The root user has absolute privileges
Root user has read and write access to all files
Any one of the Ugo has execute permission equals the root user has Execute permission
- Permissions for the Directory
2.1 Creating a directory with the root user and modifying the owner and owner groups of the file
[Email protected] ~]# Mkdir/data/ceshi
[Email protected] ~]# chown A.abc/data/ceshi
[[email protected] ~]# touch/data/ceshi/{1..5}
[Email protected] ~]# Ls-ld/data/ceshi
Drwxr-xr-x 2 A ABC 4096 APR 9 21:11 /data/ceshi
2.2 Switch to different user to execute LS command (check Read permission), mkdir command (check Write permission), cd command (verify execution permission)
[Email protected] ~]# su-a
[Email protected] ~]$ Ls/data/ceshi
1 2 3) 4 5
[Email protected] ~]$ mkdir-p/DATA/CESHI/6
[Email protected] ~]$ Cd/data/ceshi
[[Email protected] ceshi]$ CD
[email protected] ~]$ su
Password:
[Email protected] a]# Su-b
[Email protected] ~]$ ls/d
Ls:cannot access/d: No such file or directory
[Email protected] ~]$ Ls/data/ceshi
1 2 3 4 5 6
[Email protected] ~]$ mkdir-p/DATA/CESHI/7
Mkdir:cannot Create directory '/DATA/CESHI/7 ': Permission denied
[Email protected] ~]$ Cd/data/ceshi
[[Email protected] ceshi]$ CD
[email protected] ~]$ su
Password:
[Email protected] b]# su-test
[Email protected] ~]$ Ls/data/ceshi
1 2 3 4 5 6
[Email protected] ~]$ mkdir-p/DATA/CESHI/7
Mkdir:cannot Create directory '/DATA/CESHI/7 ': Permission denied
[Email protected] ~]$ Cd/data/ceshi
[[Email protected] ceshi]$ CD
[email protected] ~]$ su
Password:
[[Email protected] test]# CD
[Email protected] ~]#
2.3 Can be found
A user has read and write execution permissions
b user has read and execute permissions, no write permission
Test user has read and execute permissions, no write permission
2.4 Modify the permission bit to 731, perform the same command test result, at this time
Drwx-wx--x 3 A ABC 4096 APR 9 21:11
A user has write Execute permission, no Read permission
b user has execute and write permissions, no Read permissions
Test user has Execute permissions, no read and Write permissions
2.5 Modify the permission bit to 754, perform the same command test result, at this time
drwxr-xr--3 A ABC 4096 APR 9 21:11
A user has write Execute permission, no Read permission
b user has read and execute permissions, no write permission
Test user has Read permissions, no write and Execute permissions
2.6 Summary:
For a normal user, the Read permission (LS) of the directory needs to have EXECUTE permission
- Relationship of files and directories
Directory is also a file, directory of the block is stored in the directory of the file name and directory name
The default size of the block is 4096 bytes =4k
- How to read the contents of a file
Read/data/ceshi.txt, will find the root directory/Inode, through the inode to find the root directory block, in the root directory block, find the/data directory, through the directory name to find the/data directory inode number, according to the inode number, find/ Data directory block, read the/data directory block, find the file named/data/ceshi.txt file, find the/data/ceshi.txt inode number, and then read the/data/ Ceshi.txt block, output the results to the screen.
- Mask for permissions
5.1 Viewing the system mask configuration file Cat/etc/bashrc|sed-n ' 65,69p '
The relevant content is as follows
If [$UID-gt 199] && ["'/usr/bin/id-gn '" = "'/usr/bin/id-un '"]; Then
Umask 002
Else
Umask 022
Fi
Umask you can control the default permissions by controlling the permission mask
Umask Viewing the permission mask
Umask 0002 Modify the permission mask
5.2 File-based permission masks
Umask defaults to 0022
0666
-0022
= 0644
When the umask is set to an odd number, the system automatically adds a value to the calculated odd digits
5.3 Directory-based permission masks
Umask defaults to 0022
0777
-0022
= 0755
When the umask is set to an odd number, unlike the file, the system does not automatically add a
Bo Master original articles, reproduced please be sure to indicate the source
Linux Learning 14-linux file and directory permissions