Linux Learning 14-linux file and directory permissions

Source: Internet
Author: User

Tags: automatic command using how SSI Group USERADD Technical Permission Mask

Linux File and directory permissions

Each file or directory in Linux contains access rights that determine who can access and how to access these files and directories.

By setting permissions, you can restrict access by only allowing users to access them, allowing users in a pre-specified group to access them, and allowing any user in the system to access them.

Linux all files, about the permissions of the file owner is divided into users, user groups, the other three categories, the rights of the category is divided into R (readable), W (writable), X (executable) three, the corresponding permissions for the value of 4, 2, 1

The command to modify the permissions is chmod, and the command to modify the owner is Chown

Simulation Environment:

Create user Group ABC

Create User A and specify user group ABC

Create User B and specify user group ABC

Create another user test without specifying a user group

To view created users

[Email protected] ~]# Groupadd ABC

[Email protected] ~]# USERADD-G ABC a

[Email protected] ~]# USERADD-G ABC b

[Email protected] ~]# Useradd test

[Email protected] ~]# tail-3/etc/passwd

A:x:500:500::/home/a:/bin/bash

B:x:501:500::/home/b:/bin/bash

Test:x:502:502::/home/test:/bin/bash

    1. Permissions for files

1.1 Create a file with the root user and modify the owner and owner group of the file

[Email protected] ~]# Mkdir/data

[Email protected] ~]# Touch/data/ceshi.txt

[Email protected] ~]# chown a.abc/data/ceshi.txt

[Email protected] ~]# Ll/data/ceshi.txt

-rw-r--r--1 A ABC 0 APR 9 21:02/data/ceshi.txt

1.2 can find the default permission bit of the file is 644, modify the permission bit to 754, 731, the file becomes executable (the color turns green)

[Email protected] ~]# Mkdir/data

[Email protected] ~]# Touch/data/ceshi.txt

[Email protected] ~]# chown a.abc /data/ceshi.txt

[Email protected] ~]# Ll/data/ceshi.txt

-rw-r--r--1 A ABC 0 APR 9 21:02 /data/ceshi.txt

1.3 Summary:

For ordinary users, the file has permission to execute if it needs to have Read permission

The root user has absolute privileges

Root user has read and write access to all files

Any one of the Ugo has execute permission equals the root user has Execute permission

    1. Permissions for the Directory

2.1 Creating a directory with the root user and modifying the owner and owner groups of the file

[Email protected] ~]# Mkdir/data/ceshi

[Email protected] ~]# chown A.abc/data/ceshi

[[email protected] ~]# touch/data/ceshi/{1..5}

[Email protected] ~]# Ls-ld/data/ceshi

Drwxr-xr-x 2 A ABC 4096 APR 9 21:11 /data/ceshi

2.2 Switch to different user to execute LS command (check Read permission), mkdir command (check Write permission), cd command (verify execution permission)

[Email protected] ~]# su-a

[Email protected] ~]$ Ls/data/ceshi

1 2 3) 4 5

[Email protected] ~]$ mkdir-p/DATA/CESHI/6

[Email protected] ~]$ Cd/data/ceshi

[[Email protected] ceshi]$ CD

[email protected] ~]$ su

Password:

[Email protected] a]# Su-b

[Email protected] ~]$ ls/d

Ls:cannot access/d: No such file or directory

[Email protected] ~]$ Ls/data/ceshi

1 2 3 4 5 6

[Email protected] ~]$ mkdir-p/DATA/CESHI/7

Mkdir:cannot Create directory '/DATA/CESHI/7 ': Permission denied

[Email protected] ~]$ Cd/data/ceshi

[[Email protected] ceshi]$ CD

[email protected] ~]$ su

Password:

[Email protected] b]# su-test

[Email protected] ~]$ Ls/data/ceshi

1 2 3 4 5 6

[Email protected] ~]$ mkdir-p/DATA/CESHI/7

Mkdir:cannot Create directory '/DATA/CESHI/7 ': Permission denied

[Email protected] ~]$ Cd/data/ceshi

[[Email protected] ceshi]$ CD

[email protected] ~]$ su

Password:

[[Email protected] test]# CD

[Email protected] ~]#

2.3 Can be found

A user has read and write execution permissions

b user has read and execute permissions, no write permission

Test user has read and execute permissions, no write permission

2.4 Modify the permission bit to 731, perform the same command test result, at this time

Drwx-wx--x 3 A ABC 4096 APR 9 21:11

A user has write Execute permission, no Read permission

b user has execute and write permissions, no Read permissions

Test user has Execute permissions, no read and Write permissions

2.5 Modify the permission bit to 754, perform the same command test result, at this time

drwxr-xr--3 A ABC 4096 APR 9 21:11

A user has write Execute permission, no Read permission

b user has read and execute permissions, no write permission

Test user has Read permissions, no write and Execute permissions

2.6 Summary:

For a normal user, the Read permission (LS) of the directory needs to have EXECUTE permission

    1. Relationship of files and directories

Directory is also a file, directory of the block is stored in the directory of the file name and directory name

The default size of the block is 4096 bytes =4k

    1. How to read the contents of a file

Read/data/ceshi.txt, will find the root directory/Inode, through the inode to find the root directory block, in the root directory block, find the/data directory, through the directory name to find the/data directory inode number, according to the inode number, find/ Data directory block, read the/data directory block, find the file named/data/ceshi.txt file, find the/data/ceshi.txt inode number, and then read the/data/ Ceshi.txt block, output the results to the screen.

    1. Mask for permissions

5.1 Viewing the system mask configuration file Cat/etc/bashrc|sed-n ' 65,69p '

The relevant content is as follows

If [$UID-gt 199] && ["'/usr/bin/id-gn '" = "'/usr/bin/id-un '"]; Then

Umask 002

Else

Umask 022

Fi

Umask you can control the default permissions by controlling the permission mask

Umask Viewing the permission mask

Umask 0002 Modify the permission mask

5.2 File-based permission masks

Umask defaults to 0022

0666

-0022

= 0644

When the umask is set to an odd number, the system automatically adds a value to the calculated odd digits

5.3 Directory-based permission masks

Umask defaults to 0022

0777

-0022

= 0755

When the umask is set to an odd number, unlike the file, the system does not automatically add a

Bo Master original articles, reproduced please be sure to indicate the source

Linux Learning 14-linux file and directory permissions

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

Tags Index: