Linux permissions, group management, and access control lists (ACLs)

First, user group management

Create a group

Groupad command:

Groupadd [OPTION] ... group_name-g gid: Specify GID number; [Gid_min,gid_max]-r: Create System Group; CentOS 6:id<500 CentOS 7:id<1000

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/85/69/wKioL1eixiCBlOOZAAAQUkXLl9E337.png "title=" 1.png " alt= "Wkiol1eixicbloozaaaqukxll9e337.png"/>

Group Property Modification

Groupmod command:

Groupmod [OPTION] ... group_name-g:gid, change group id-n: Change group name groupmod-n mutest mysystemgroupmod-g 10010 mytest

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/85/6A/wKiom1eix9zQbS4aAAAdF5DmG_w958.png "title=" 2.png " alt= "Wkiom1eix9zqbs4aaaadf5dmg_w958.png"/>

Delete a group

Groupdel command:

Groupdel Group_namegroupdel mytest

Group password

GPASSWD command:

GPASSWD [OPTION] group-a User: Add user to the specified group;-D User: Remove users from the specified group user-a user1,user2,...: Set up a list of users with administrative rights

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/85/69/wKioL1eiyPvQM9VmAAAml4bcOys527.png "title=" 3.png " alt= "Wkiol1eiypvqm9vmaaaml4bcoys527.png"/>

NEWGRP command: Temporarily switch base Group, if user does not belong to this group, need group password

NewGroup mytest

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/85/6A/wKiom1eiykvDJt1xAABDraEvjr0169.png "title=" 4.png " alt= "Wkiom1eiykvdjt1xaabdraevjr0169.png"/>

Change and view Group members

Groupmems command:

groupmems [options] [action] options:    -g, --group groupname   Change to specified group   (root only)  Actions:    -a, --add username        Specify user join group     -d, --delete username     Remove users from a group     -p, --purge                  clear all Members from the group     -l, --list                     Show Group Members list       groups [option]. [username]...  View User-owned Groups list 

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/85/69/wKioL1eiysfRuRMBAAAuRPF_p1g602.png "title=" 5.png " alt= "Wkiol1eiysfrurmbaaaurpf_p1g602.png"/>

Second, user Rights management

File Basic Permissions Description:

[Email protected] ~]# lltotal 4-rw-r--r--. 1 root root 4 12:26 file-: File type rw-: Owner rights r--: owning group permissions r--: Other user rights.: SELinux Open 1: Number of links, number of citations root: main root: Owner 11: File size 4 12:26: File creation time FileName: file name

File Properties Operations:

Modify the owner of the file, the genus Group

chown [OPTION] ... [OWNER] [: [GROUP]] FILE ... Usage: The colon in the OWNER OWNER:GROUP:GROUP command is available. Replace;-r: Recursive chown [OPTION] ...--reference=rfile file...chown-r nginx. Nginx/var/html/www/chown gentoo:hadoop file Chown:root file chown Hadoop file chown--reference=/etc/shadow file

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/85/6A/wKiom1eizzaAv8boAAAvoaCHf6Q998.png "title=" 7.png " alt= "Wkiom1eizzaav8boaaavoachf6q998.png"/>

Modify the file group, only the administrator has this right:

CHGRP [OPTION] ...   GROUP file ... chgrp[option] ...--reference=rfile file ...-r recursive chgrp Gentoo chen.txt chgrp--reference=/tmp/chen.out /root/filechgrp-r hadoop/var/html/www/

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/85/6A/wKiom1ei0T_wN_Y_AAAXn7wkCvA098.png "title=" 8.png " alt= "Wkiom1ei0t_wn_y_aaaxn7wkcva098.png"/>

Detailed file permissions:

R: Read  w: Write  x: Execute  r=4 w=2 x=1  Admin Create file default permissions are as follows:[[email protected] ~]#  Lltotal 4-rw-r--r--.  1 root gentoo  0 Aug  4 13:20  chen.txtdrwxr-xr-x. 2 root root    6 aug  4 13:27  Dir-rw-r--r--.  1 root root   11 aug  4 12:26 file[[ Email protected] ~]# umask0022umask: Mask Administrator: Directory permissions: 777-umask 755 file Permissions:666-umask 644  [[email protected] ~]# su - gentoo[[email protected] ~]$ touch  file[[email protected] ~]$ mkdir dir[[email protected] ~]$ lltotal  0drwxrwxr-x. 2 gentoo gentoo 6 aug  4 13:32 dir-rw-rw-r--.  1  gentoo gentoo 0 aug  4 13:31 file[[email protected] ~]$  umask0002 Normal User: Directory permissions: 777-umask 775  file permissions: 666-umask 664 umask principle:     umask from the directory file to screen out the corresponding bits of the maximum permissions, This results in the default permissions  dir:777-umask file:666-umaks  if the cardinality is plus one, even the immutable umask value   can be used to retain the new file permission in the Create Files permission:  666- Umask If there is an execute (odd) permission for a bit, its permissions +1  new DIR permission:  777-umask non-privileged user umask  002 root umask  is   022 umask:  view umask #:  settings  umask002 umask –S  mode display  umask –p   output can be called   Global Settings: /etc./bashrc    user settings:: ~/.BASHRC

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/85/6A/wKiom1ei1MXxpxQlAAAbF_eVngA811.png "title=" 9.png " alt= "Wkiom1ei1mxxpxqlaaabf_evnga811.png"/>

Set file Properties command:

chattr [ -rvf ] [ -v version ] [ mode ] files...     chattr +A  Add the Access file three times unchanged        chattr +i   Cannot delete, rename, change     chattr -i  unlock     chattr +a  only add      chattr -a lsattr  Display Specific Properties [[email protected] ~]#  Chattr +i file[[email protected] ~]# lsattr file----I----------- file[[ email protected] ~]# rm -rf filerm: cannot remove  ' file ':  operation not permitted[[email protected] ~]# echo  "Love" >>file-bash:  file: permission denied[[email protected] ~]# chattr -i file. [[Email protected] ~]# chattr +a file[[email protected] ~]# lsattr  file-----A---------- ./file[[email protected] ~]# rm -rf filerm: cannot remove  ' file ':  Operation  not permitted[[email protected] ~]# echo  "Love"  >> file[[email  protected] ~]# cat filelove

Third, access control list

Acl:access controllist, enabling flexible permissions management In addition to the file owner, the owning group and others, you can set permissions on more users  centos7.0 the XFS and Ext4 file systems created by default have ACL capabilities. centos7.x Previous versions, the default manually created Ext4 file system has no acl  functionality. Manual Increase Required:  tune2fs –o acl /dev/sdb1 mount –oacl /dev/sdb1  / Mntacl Effective Order: Owner, custom user, custom group, other people the group permission on the ACL file is mask  value (custom user, custom group &nbsp, with maximum permissions for the group), rather than traditional group permissions  getfacl  Special permissions are visible: Flags default ACL permissions give x, and files do not inherit x permissions. base acl  cannot delete  setfacl -k dir  remove default ACL permissions  setfacl -b file1 clear all ACL permissions  getfacl file1 | setfacl --set-file=-file2   Copy file1  ACL permissions to the FILE2SETFACL command:setfacl - set file access control lists      setfacl [-bkndrlpvh] [{-m|-x} acl_spec] [{-m|-x} acl_file] file  ...    option:-B: Remove all permissions         -k: Clear default Permissions          -m,x: Define ACL permissions         -r: Recursive setfacl -m  u:wang:rwx file|directorysetfacl -rm g:sales:rwx  directorysetfacl -m  file.acl file|directorysetfacl -m  g:salesgroup: Rw file|directorysetfacl -m  d:u:wang:rx  directorysetfacl -x  u: wang  file |directorysetfacl -x file.acl  directorysetfacl -m   m::rw file

This article is from "Wake up your not alarm clock but dream" blog, please be sure to keep this source http://purify.blog.51cto.com/10572011/1834328

Linux permissions, group management, and access control lists (ACLs)