LINUX redhat Sixth Unit documentation

One. View of file properties
ls-l filename
-|rw-r--r--. | 1| Root| root|   46 | oct  1 05:03 |filename
-—————————  -  ————   ————    --  ————————————  - ———————
1    2         3    4       5      6      7              8

1. " -": File type
-    # #普通文件
d    # #目录
c    # #字符设备
s    # #套接字
p    # #管道
b    # #快设备
l    # #连接

2. " rw-r--r--": File read and Write permissions
rw-|r--|r--
 *   $   @

* Permissions for everyone
$ permissions for all Groups
@ Other people's Rights

3. "1":
Pair of files: number of times the contents of the file were recorded by the system
to directory: bytes of file properties in directory

4. " Root ": File owner

5." Root ": File all Groups

6." 46 ": Size of File contents

7." oct  1 05:03 ": The last time the file was modified

8." FileName ": File name

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/8F/8D/wKiom1jkmvzhXhfeAAmPGWQGfuQ667.png-wh_500x0-wm_ 3-wmp_4-s_150334427.png "title=" screenshot from 2017-04-05 15-21-17.png "alt=" Wkiom1jkmvzhxhfeaampgwqgfuq667.png-wh _50 "/>

Two. Management of all group of file owners

Chown Username File|dir # #更改文件的所有人
Chown Username:groupname File|dir # #更改所有人所有组
Chown-r Username Dir # #更改目录本身及里面所有内容的所有人
Chgrp-r GroupName dir # #更改目录本身及里面所有内容的所有组

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/8F/8F/wKiom1jk06rCgteZAAPOETOsbsw160.png-wh_500x0-wm_ 3-wmp_4-s_3113186269.png "style=" Float:none; "title=" screenshot from 2017-04-05 19-15-30.png "alt=" Wkiom1jk06rcgtezaapoetosbsw160.png-wh_50 "/>

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/8F/8D/wKioL1jk06-ReaiXAAPE6L4iwOE550.png-wh_500x0-wm_ 3-wmp_4-s_1918923080.png "style=" Float:none; "title=" screenshot from 2017-04-05 19-16-11.png "alt=" Wkiol1jk06-reaixaape6l4iwoe550.png-wh_50 "/>

Monitoring command
Watch-n 1 ls-lr/mnt

Three. File General permissions
rw-|r--|r--
 u   g   o
U: File owner can read and write to file
G: Filegroup member to file readable
O: Other people to file readable
U first match, G time first, O match when U,g mismatch

1.R
to file: Can view characters in file
For directories: You can view the information for a file in a directory

2.W
to file: Can change in-file characters
to a directory: You can add a delete file to a directory

3.x
to a file: program actions that can run records within a file
To directory: You can enter the directory in

4. Modify the file permissions by character mode
Chmod [-R] <u|g|o><+|-|=><r|w|x> file|dir    

chmod u-x file1            # #file1拥有者去掉x权限
chmod g+w file1             # #file1拥有组添加w权限
chmod u-x,g+w file1         # #file1拥有者去掉x权, File1 has group add W permissions
chmod ugo-r file2        ## File2 User Group Other people remove R permissions
chmod ug+x,o-r file3        # #file3用户和组添加x权限, others remove R permissions

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/8F/8F/wKiom1jk1byS3eRpAAPOETOsbsw320.png-wh_500x0-wm_ 3-wmp_4-s_2492192360.png "style=" Float:none; "title=" screenshot from 2017-04-05 19-15-30.png "alt=" Wkiom1jk1bys3erpaapoetosbsw320.png-wh_50 "/>

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/8F/8D/wKioL1jk1cDBbeUeAAPE6L4iwOE620.png-wh_500x0-wm_ 3-wmp_4-s_3751836333.png "style=" Float:none; "title=" screenshot from 2017-04-05 19-16-11.png "alt=" Wkiol1jk1cdbbeueaape6l4iwoe620.png-wh_50 "/>

5. Digitally modify the file permissions
In Linux
R=4
w=2
X=1
File permission number representation
rw-|r--|r--
U g o
U=rw-=4+2+0=6
G=r--=4+0+0=4
O=r--=4+0+0=4
So file permissions are represented as 644

chmod Modified Permission value file
chmod 777 File

7=rwx
6=rw-
5=r-x
4=r--
3=-wx
2=-w-
1=--x
0=---

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M00/8F/8D/wKioL1jk1oWiNvolAAO5QW_vGsc489.png-wh_500x0-wm_ 3-wmp_4-s_1010530136.png "title=" screenshot from 2017-04-05 19-33-58.png "alt=" Wkiol1jk1owinvolaao5qw_ Vgsc489.png-wh_50 "/>

Four. Setting the system default permissions

From the point of view of system existence, the greater the open power, the higher the system existence meaning
From a system security standpoint, the less open power, the higher the system security
So the system set new file or directory will remove some permissions
Setting mode
Umask # #查看系统保留权限默认为022
Umask 077 # #修改该系统保留权限为077, this setting is temporary and only valid in the current shell

Permanent setting Mode:
VIM/ETC/BASHRC # #shell
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then
Umask 002 # #普通用户umask
Else
Umask 077 # #超级用户umask
The fi

Vim/etc/profile # #系统
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then
Umask 002 # #普通用户umask
All else
Umask 077 # #超级用户umask
+ fi

Two files above Umask set values must be consistent
Source/etc/bashrc
Source/etc/profile
Make the setting effective immediately

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/8F/8F/wKiom1jk2GuBXEdRAARIPw8hQ_M792.png-wh_500x0-wm_ 3-wmp_4-s_485348366.png "style=" Float:none; "title=" screenshot from 2017-04-05 19-40-00.png "alt=" Wkiom1jk2gubxedraaripw8hq_m792.png-wh_50 "/>

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/8F/8F/wKiom1jk2HCijy3UAAQllVCwfLE583.png-wh_500x0-wm_ 3-wmp_4-s_568849730.png "style=" Float:none; "title=" screenshot from 2017-04-05 19-42-12.png "alt=" Wkiom1jk2hcijy3uaaqllvcwfle583.png-wh_50 "/>

Five. Special permissions
1.suid # #冒险位
The binary executable file,
Files documented within the process generated by the program owner for the file owner
Not related to the identity of the process initiator

Setting mode:
chmod u+s File
Suid=4
chmod 4xxx File

650) this.width=650; "Src=" Https://s4.51cto.com/wyfs02/M00/8F/8D/wKioL1jk2mPTf0zlAAOKKf-LhRA396.png-wh_ 500x0-wm_3-wmp_4-s_983269126.png "title=" 1.png "alt=" wkiol1jk2mptf0zlaaokkf-lhra396.png-wh_50 "/>
2.sgid         # #强制位
to files: binary executables only,
     Anyone running binaries
     Program All groups of processes that are generated by the program are all groups of files
     and program Initiator group identity independent of
to directory: When the directory has Sgid permissions, all groups of new files in the directory are
      automatically belongs to all groups in the directory, regardless of the group that the file creator is in

settings:

chmod g+s file|dir
sgid=2
chmod 2xxx file|dir

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/8F/8F/wKiom1jk2oLTIa3OAAOSl6LHoxw671.png-wh_500x0-wm_ 3-wmp_4-s_135772696.png "title=" 2.png "alt=" Wkiom1jk2oltia3oaaosl6lhoxw671.png-wh_50 "/>
3.sticky # #粘制位
T permissions:
Only for directories, when a directory has T permissions, then the files in the directory can only be deleted by everyone

Setting mode:
chmod o+t Direcotry
T=1
chmod 1777 Direcotry
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/8F/8D/wKioL1jk2qiwnY0JAAOUrorQeqI557.png-wh_500x0-wm_ 3-wmp_4-s_1003479791.png "title=" screenshot from 2017-04-05 19-47-06.png "alt=" Wkiol1jk2qiwny0jaaourorqeqi557.png-wh_50 "/>

LINUX redhat Sixth Unit documentation