Linux Learning Summary (--linux) permissions control

in Linux , the right to learn is essential, whether as an operations engineer or a single manager, to learn the rights control in Linux, you can protect your privacy at the same time planning for all you manage.

The right to learn is a lot of, do not think that they have to protect their privacy is very good, the loopholes are always there, the side of the attack is often difficult to defend. So everyone with me to learn the basic permissions control, in the back there will be more on the rights control of the knowledge points to share. Thank you for your attention and support!

The Nineth day of the classes:

Today's Course Outline:

2. Basic permissions control of file directory in Linux system

4. How to modify the default build permissions

6. Three special privileges (S,S,T)

Inside I basically talk about some conceptual issues, there are some special, the application of a lot, I can not finish, these are still need in practice slowly enrich.

Detailed Explanation:

• Basic permissions control for file directories in Linux systems

When it comes to permissions, the first thing we need to know is, yes, how to view permissions. Here are two ways to speak:

①stat+ file name, where we see 644 is the permission of the file

②ls-l + file name, this displayed information will include the permissions of the files

First we should understand what the permissions rwx mean,R means read, reads, w means write, write, r means execute, execute .

Second, we need to understand the composition of the Authority: the use of ls-l to get, the first "-" not to see, directly look at the back of the nine-bit, rw-r--r--, divided into three three of the look, respectively, is Rw-,r--,r--。 Respectively represents the owner of this file, the group and other permissions to the file, collectively, the UGO permission, in addition we put rwx 421, the common permissions are 777, 755, 644 and so on.

We know that the Linux system has file permissions and directory permissions,

1. Permissions for the file

For file permissions, we first want to know how to change the permissions of this file, using the command chmod u/g/0+r/w/x file name, to increase or decrease the number of files r/w/ The X permission is for the owner, the owning group, and others. If you want to assign permissions to all, then use the chmod a=rwx file name to change the permissions. However, we often use chmod 777 files to assign permissions in the form of numbers. Here is the premise that the file is executed X is the Read permission R.

2. Permissions for the directory

For directory permissions, we use the LS-LD directory name to view the permissions for the directory. You can see that the first bit becomes d, which means directory: dir

Rwx for a directory, meaning is different: R means the contents of the list directory ls,w means to create in the directory, delete, rename the file, X represents the CD into the directory. To see if a user has permission to write to the file, see if the user has X (CD) permissions on the directory where the file resides.

chmod changes the permissions of a user or group from a file or directory level, Chown and Chgrp Change permissions on the user or group level (Chown and CHGRP are only available to the root user).

• How to modify the default build permissions

When are the default permissions generated? We create a file and create a directory, there will be an initial permission, then how this permission is set.

Umask restricts the user's default permissions to create files or directories. We execute umask.

You can see that the root user's umask is 0022, the first bit does not look, and is 002. 23 indicates that the User,group,other does not have permissions, 2 means that other does not have W Write permission, and 0 means there are.

Also understand is, for the file, the initial permissions: 666-022=644 permissions, that is, Rw-r--r--。 For the directory, the initial permission: 777-022=755, which is rwxr-xr-x.
We can directly execute the umask+ number to change the value of the Umask to control the initial permissions.

• Three special permissions (s,s,t)

There are three special privileges in Linux, SST, which represent Setuid,setgid,stick bit respectively. The full permission is rwxrwxrwx, the first s represents the x in the user corresponding to Rwx, the second s represents the x in the group corresponding to RWX, and the third T represents the x in the other corresponding to rwx.

①setuid give a binary program passwd such as add a s permission, chmod u+s/usr/bin/passwd  means that other users can be root (owner) to execute the passwd command, originally passwd is to modify/etc/passwd file, other users are not modified, now you can

②setgid is intended for binary programs and directory dir. Setgid to a binary program effect with setuid, as root (owning group) to perform the touch mkdir, such as the command, so that the creation of the file group is root, chmod G+s/bin/touch. Setgid adds the S permission to Dir, which means that the group of files created by a user in the B directory becomes the owning group of the B directory, inheriting.  chmod g+s/dir .

Summarize:
There are many applications for the control of permissions, this should be used flexibly, three kinds of special permissions need to understand, with few aspects, but to know this.

Linux Learning Summary (--linux) permissions control