Linux: permission, user, user group, root, security audit, Security Configuration

Source: Internet
Author: User

File (including directory) permissions:

Permission type
X: 1: Run W: 2: Write R: 4: Read
Directory (Access Directory) enter the directory to view the file name information under it Create, delete, modify, and append files Browse other file information in the directory (the file name will always be obtained)
File Type Common File Execution File Modify file content, including Append content Read File Content
Other files
Note: If you do not have the X permission, the LS-l directory is not allowed, but the LS-LD is acceptable. If the parent directory does not have the X permission. The key point is how ls looks at directory files: whether to treat them as just a common file entry
If you have the W permission on the directory, You can forcibly delete any files in the directory, unless the directory has the sticky permission T. Remember !!!!
At the permission level, the directory permission priority may be higher than the File Permission under it! Different applicationsProgramThere are usually different behavior methods:
Head, tail, Cat, more, less and other file content processing tools, only controlled by File Permissions
VI and other editing tools are affected by the directory permission. If the File Permission is insufficient, you can use the directory permission forcibly. The user and group owner of the file will be changed!
Rm mV and other directory file information processing tools, first consider the permissions of the file itself, but also consider the permissions of the Directory

 

S permission:

The executable file is executed as the file owner and group owner during execution. Similar to execute as DBO (Self) of the stored procedure in mssqlserver2005 ).

This permission can be assigned to files and folders.

S permission:The system prompts that the parent directory of the file already has the s permission!

T permission:

For a directory, it is prohibited that files under the directory be deleted by non-file owners.

For files, it has little significance for modern Linux. Indicates placing the executable file in the SWAp memory for execution.

Owner permission:

The owner of a file has all permissions on the file. You can set the file permissions and perform any operations.

For directory files, the owner can operate on any files under it, regardless of how the file permissions are set.

T permission:The parent directory of the prompt file already has the T permission!

 

The general sequence of file permissions is as follows:File Permission -------- file owner permission ---------- parent file directory permission --------- permissions of users in the same group

 

Segment: owner permission, owner group permission, and other user permissions. special permissions: [st] * ([WRX]) {3}) {3}

Absolute mode and relative mode

General permission: Execute X1, write R2, read W4: For Files

Special permissions: l, super permissions S, and sticky permissions t

Chmod

Chown

Chgrp

 

 

Advanced features of ext File System:

A When writing a file: the file can only be opened in append mode. The previous content cannot be modified, the previous content cannot be truncated, And the content cannot be deleted. You cannot delete or rename a file in a directory.
A Do not modify the file access time information
C Automatic File compression and storage, automatic decompression and access
D If the 'D' attribute is set for a file, it will not be backed up during the dump (8) operation (do not dump the file, note by the translator)
D Directory real-time writing, which is equivalent to the dirsync option in the mount command: Synchronous directory
E Extended File Information Format???????????
E (compression error) Mark the file with an error in Compression
H (large file) More than 2 TB
I If the 'I' attribute is set for the file, the file cannot be modified, deleted, renamed, linked, or written to the file.
For directories, only files can be modified, and files cannot be created or deleted.
I (Indexed Directory) Used in the H tree (htree)CodeTo mark directories that use the hash number to hide the index.
J  If a file is set with the 'J' attribute, all its data is written to the ext3 file system log before being written to the file itself, if the "Data = ordered" or "Data = writeback" option is used for mounting the file system.
When the file system uses the "Data = journal" option for mounting, all file data has logged, so this attribute does not work.
This attribute can be set and deleted only by a super user or a process with the cap_sys_resource capability.
S Safely delete the file content, and overwrite it with 0. Opposite to u!
S File Content is written in real time. It is equivalent to the 'sync' option of the mount command.
T If a file is set with the 'T' attribute, when it is merged with other files, there will be no part of block fragments at the end of the file.
(Used for file systems that support tail merge)
T If a directory is set with the 'T' attribute, it is regarded as the top directory of the directory structure for Orlov block allocation.
U Files can be deleted in reverse mode. The opposite is S!
X (suppressing underlying access) Mark direct access to files
Z (Suppress dirty files) Mark dirty files

Lsattr

Chattr

 

 

 

User:

Useradd

Usermod

Usedel

Passwd

Adduser

Deluser

Pwck

Pwconv

Pwuncov

ID

Whoami

Who am I

Who

Finger

Chfn

CHSH

/Etc/passwd: This file can be used in many ways. You can modify each part to achieve many functions and purposes.

/Etc/shadow

/Etc/logins. Def

/Etc/skel /*

/Etc/default /*

 

User Group:

Groupadd

Groupdel

Gpasswd

Groupmod

Grpck

Kgconv

Grpunconv

/Etc/group

/Etc/gshadow

/Etc/logins. Def

/Etc/default /*

 


Security Audit: in fact, every application system and application has its own security audit and security management mechanism !! Pay attention to in-depth research

Sshd

Pam

Secure Linux System

ACL

...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.