Linux Rookie Learning Path >>6

File Permissions **********

View file properties by: ls-l filename
For example:

-rw-r--R--. 1 root root 1 Oct 05:03 file
1 2 3 4 5 6 7 8
Monitoring instructions: watch-n 1 LS-LR file name
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/88/55/wKioL1fw6yLAhdNJAABErvjGIo4527.png-wh_500x0-wm_3 -wmp_4-s_1828029433.png "title=" 1.PNG "alt=" Wkiol1fw6ylahdnjaabervjgio4527.png-wh_50 "/>

1 : File type
-    // normal file
d     // directory
c     // character device
s     // socket
p     // pipeline
b     // Block device
l     // link
If it is a directory: 3 6

2: File read and Write permissions
rw-r--R-x
U g o
U: All rights
g: All group permissions
o: Other people permissions
Among them:Rrepresents a readable (can view character information in a file to view the file information in the directory),Wrepresents writable (you can change the characters within the file, you can add delete files to the directory,xtable
Executable (You can run a program action that records within a file, you can enter the directory),u,g,oindicates the matching priority in turn
Modify Permissions:chmodd [-R] <u|g|o><+|-|=><r|w|x> File|dir
in theLinuxcan also digitally modify file permissionsr=4,w=2,x=1For examplerw-r--r--expressed as644
modified torw-rw-rw-can be written asCHOMD 666 File|dir

3 : The number of times the contents of the file were recorded by the system -- How many times will it be deleted to be deleted?

4: File owner
chown username filename|dir// Change file owner 650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/88/55/wKioL1fw6y-zJuroAABTyF2rKOc096.png-wh_500x0-wm_3 -wmp_4-s_3715307718.png "title=" 2.PNG "alt=" Wkiol1fw6y-zjuroaabtyf2rkoc096.png-wh_50 "/>
chown-r username dir// change the directory itself and everyone inside the content
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/88/55/wKioL1fw64_gJaiMAACMbnYrcbs945.png-wh_ 500x0-wm_3-wmp_4-s_1893374540.png "title=" 3.PNG "alt=" wkiol1fw64_gjaimaacmbnyrcbs945.png-wh_50 "/>

5 : All groups of files
chgrp username : groupname Filename|dir// change everyone all groups

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/88/56/wKioL1fw68TimmDEAABee37ZuTw825.png-wh_500x0-wm_3 -wmp_4-s_4061285562.png "title=" 5.PNG "alt=" Wkiol1fw68timmdeaabee37zutw825.png-wh_50 "/>

chgrp-r username dir// change the directory itself and all the groups inside the content
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/88/59/wKiom1fw69XjP8uVAACPVjHoKhk612.png-wh_500x0-wm_3 -wmp_4-s_3609268961.png "title=" 4.PNG "alt=" Wkiom1fw69xjp8uvaacpvjhokhk612.png-wh_50 "/>

6 : The size of the file contents

7 : The last time the file was modified

8 : File name

##### #系统默认权限的设定
From the point of view of system existence, the bigger the open power, the higher the system existence meaning.
From the point of view of system security, the smaller the open power, the higher the system security
So the system set new file or directory will remove some permissions
Setting mode
Umask//View System retention permissions

Umask//Modify system reserved Permission is 077, this setting is temporary setting, only in the current shell to take effect

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/88/56/wKioL1fw7AuDvxteAABO3Nk01l4412.png-wh_500x0-wm_3 -wmp_4-s_1016910779.png "title=" 6.PNG "alt=" wkiol1fw7audvxteaabo3nk01l4412.png-wh_50 "/> Permanent setting mode
VIM/ETC/BASHRC//shell
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then
Umask 002//General user Umask
Else
Umask 077//Super User Umask
077
The fi

Vim/etc/profile//System
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then
File:/run/media/kiosk/hello/linux/ Study Notes /linux Learning 6 Page 2 of 2
Umask 002//General user Umask
Else
Umask 077//Super User Umask
077
The fi

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/88/59/wKiom1fw7D3AVefYAACuBBWSU2w812.png-wh_500x0-wm_3 -wmp_4-s_1108398687.png "title=" 7.PNG "alt=" wkiom1fw7d3avefyaacubbwsu2w812.png-wh_50 "/> above two files umask setpoint must be consistent
Source/etc/bashrc
Source/etc/profile
Make the setting effective immediately

Practice:
1.New User GroupShengchan,Caiwu,Jishu
2.New user requirements are as follows:
1)Tomis an additional user of the production group
2)Harryis an additional user of the Finance group
3) Leois an additional user of the Technical Group
3.The new directory requires the following;
1)/pubdirectory for common storage directory for all users can read, write, execute
2)/scCatalog for Production department storage Directory can only be written to production department personnel
3)/CWDirectory for Finance Department storage directory can only be written to finance department personnel

650 "this.width=650;" src= " Http://s2.51cto.com/wyfs02/M00/88/56/wKioL1fw7GyjwwenAAE7NUpRHYA792.png-wh_500x0-wm_3-wmp_4-s_413393704.png " Title= "8.PNG" alt= "wkiol1fw7gyjwwenaae7nuprhya792.png-wh_50"/>

########### #特殊权限
1.suid (Adventure Bit)
For binary executables only
Files documented within the process generated by the program owner for the file owner
Not related to the process initiator
Setting mode:
chmod u+s File
Suid=4
chmod 4chmod xxx File
Change back; Chmon 755 file
2.sgid (Mandatory bit)
Note: monitoring process PS Ax-o User,group,comm | grep watch
For files: Only for binary executables, no one runs the binaries program when the program produces the identity of all the groups and program initiator groups of the process
For directories: When the directory has Sgid permissions, all groups of all newly created files in the directory are automatically attributed to all groups in the directory, regardless of the group in which the file was created
Setting mode:
chmod g+s File|dir
sgid=2
3.sticky (Sticky bit)
Only for directories, when a directory has T permissions, then the directory files can only be deleted by everyone
chmod o+t Direcotry
T=1
chmod 1777 Direcotry
Rht-vmctl Reset Desktop Restore virtual machine initial state

Exercise 2:
1.New User GroupShengchan,Caiwu,Jishu
2.New user requirements are as follows:
1)Tomis an additional user of the production group
2)Harryis an additional user of the Finance group
3) Leois an additional user of the Technical Group
4)NewAdminuser, this user does not belong to the three departments mentioned above
3.The new directory requires the following;
1)/pubdirectory for common storage directory for all users can read, write, execute, but users can only delete files belonging to their own
2)/scCatalog for Production department storage Directory can only be written to the production department personnel, and the production department personnel created by the documents automatically belong to the production team
3)/CWdirectory for the Finance Department storage directory can only be written to the Finance department personnel, and the financial department personnel created by the documents automatically belong to the financial Group
4)Adminusers can useTouchtool in/scdirectories and/CWany files are created in the directory but cannot be deleted

On the basis of Exercise 1, set the following:

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/88/59/wKiom1fw7M6BLdfTAAB_3JFJB5w759.png-wh_500x0-wm_3 -wmp_4-s_2538640638.png "title=" 9.PNG "alt=" Wkiom1fw7m6bldftaab_3jfjb5w759.png-wh_50 "/>

This article is from the "12119857" blog, please be sure to keep this source http://12129857.blog.51cto.com/12119857/1858457

Linux Rookie Learning Path >>6