Linux system permissions

1th Linux System permissions

1.1 Introduction
The permissions of files or directories in Linux are associated with users and user groups, each file or directory in Linux has a set of 9 base permission bits, each of which is divided into a group of three characters, each of which is a sovereign limit (three characters), a group permission bit (three characters), and other user privilege bits (three characters).
For example, Rwxr-xr-x Linux is the 9 privilege bits to control the file owner (user), group, other users (other) basic permissions.

1.2 of three characters
Users have three roles for resources
User (U): Belongs to the master user (file owner)
Group (g): Genus User (includes group members)
Other (o): Anonymous user (other person)

1.3 Environment

[[email protected] ~]# ll -d dirdrwxr-xr-x. 2 root root 18 8月  16 17:11 dir[[email protected] ~]# ll -d dir/file -rw-r--r--. 1 root root 0 8月  16 17:11 dir/file

1.3.1 Permission Description
/root/dir permission is the user root read and write execution, belong to the group root reading execution, other users read execution
/root/dir/file permission is the user root read and write, the group root is reading, other users read

1.4 Modify the file belongs to command chown
Modify file to belong to
chown [User][.|:][group] [-r] FileName

Modify Owner
[Email protected] ~]# chown Oldboy/root/dir
[Email protected] ~]# ll-d/root/dir

Modify Genus Group
[```
[Email protected] ~]# chown. Dba/root/dir
[Email protected] ~]# ll-d/root/dir
D-wx--x--x. 2 Oldboy dba 29 August 17:24/root/dir

1.5 Modify Permissions Command chmod

first Way : chmod [Ugoa] [+-=] [rwx] [-r] FileName//A is all
[Email protected] ~]# chmod u=rx/root/dir
[Email protected] ~]# ll-d dir
Dr-xr-xr-x. 2 root root 18 August 17:11 dir
[Email protected] ~]# chmod u+w/root/dir
[Email protected] ~]# ll-d dir
Drwxr-xr-x. 2 root root 18 August 17:11 dir
[Email protected] ~]# chmod u-w/root/dir
[Email protected] ~]# ll-d dir
Dr-xr-xr-x. 2 root root 18 August 17:11 dir
[Email protected] ~]# chmod a=rwx/root/dir
[Email protected] ~]# ll-d dir
Drwxrwxrwx. 2 root root 18 August 17:11 dir
[Email protected] ~]# chmod a=/root/dir
[Email protected] ~]# ll-d dir
D---------. 2 root root 18 August 17:11 dir
[Email protected] ~]# chmod =rx/root/dir
[Email protected] ~]# ll-d dir
Dr-xr-xr-x. 2 root root 29 August 17:24 dir

The second way : chmod nnn [-r] filename//nnn means u G O
User RW, group user Read only, other users do not have permission
4+2=6 4 0
[Email protected] ~]# chmod 640/root/dir/file
[Email protected] ~]# Ll/root/dir/file
-rw-r-----. 1 root root 0 August 17:11/root/dir/file

1.6 Recursively Modify directory permissions (modify directory and subdirectory permissions)

chmod -R 权限 filename[[email protected] ~]# ll -d /root/dirdrwxr-xr--. 2 root root 29 8月  16 17:24 /root/dir[[email protected] ~]# ll -d /root/dir/file -rw-r-----. 1 root root 0 8月  16 17:11 /root/dir/file[[email protected] ~]# chmod -R 755 /root/dir[[email protected] ~]# ll -d /root/dir/file -rwxr-xr-x. 1 root root 0 8月  16 17:11 /root/dir/file

2nd. File Permissions Experimental case

2.1 Default file other users have Read permission only

[[email protected] ~]# echo "date" >/tmp/date.txt[[email protected] ~]# ll /tmp/date.txt-rw-r--r--. 1 root root 5 Aug 16 06:37 /tmp/date.txt

2.2 Test Read permissions (cannot be performed or deleted)

[[email protected] ~]# su - oldboy[[email protected] ~]$ cat  /tmp/date.txtdate[[email protected] ~]$ echo "test" >/tmp/date.txt -bash: /tmp/date.txt: Permission denied[[email protected] ~]$ /tmp/date.txt-bash: /tmp/date.txt: Permission denied

Increase x Execute permissions
[Email protected] ~]# chmod o+x/tmp/date.txt
[Email protected] ~]# Ll/tmp/date.txt
-rw-r--r-x. 1 root root 5 06:37/tmp/date.txt

//测试执行权限**

[Email protected] ~]$/tmp/date.txt
Thu 06:40:56 CST 2018

//增加w写权限

[Email protected] ~]# chmod o+w/tmp/date.txt
[Email protected] ~]# Ll/tmp/date.txt
-rw-r--rwx 1 root root 5 06:38/tmp/date.txt

Test Write permissions
[Email protected] ~]$ echo "Test" >/tmp/date.txt
Or use Vim to edit the file to test

3rd Chapter RWX Impact on documents

3.1 Read permission (r)
File has only R permissions: Read \ Read file content permissions
1. Can use the View Class command cat, Head, tail, less, more
2. Cannot be copied, cannot be moved, cannot be edited, cannot be deleted

3.2 Write Permission (W)
If the file has only W permissions: Has new, modified file content permissions
1. Use Vim to edit, will prompt permission to deny, but can be forced to save, will overwrite the previous file contents
2. Use the echo command to redirect or append redirection technology to write data to a file
3. Use the cat command to read the file and send the output of the read file to the input of the W permission file only
4. Cannot copy, cannot move, cannot delete, (delete the permission that need to see the parent directory W)

3.3 Execute permissions (x)
The file has only X permissions and has permission to execute the file.
Note: The normal user needs to have R permission, the administrator does not need
1. Cannot execute, view, edit, copy, move, delete

The 4th chapter of the catalogue permission experiment case

4.1 Actual Case 1: No W for directory, rwx for file

[[email protected] ~]# mkdir /test[[email protected] ~]# echo "test" > /test/test.txt[[email protected] ~]# chmod 777 /test/test.txt[[email protected] ~]# ll -d /testdrwxr-xr-x. 2 root root 22 Aug 16 06:52 /test[[email protected] ~]# ll /test/test.txt -rwxrwxrwx. 1 root root 5 Aug 16 06:52 /test/test.txt

Normal User authentication permissions

[[email protected] ~]$ cat /test/test.txttest[[email protected] ~]$ rm -f /test/test.txtrm: cannot remove ‘/test/test.txt’: Permission denied

4.2 Actual Case 2: W for the directory, no permissions on the file

[[email protected] ~]# chmod 777 /test/[[email protected] ~]# chmod 000 /test/test.txt[[email protected] ~]# ll -d /testdrwxrwxrwx. 2 root root 22 Aug 16 06:52 /test[[email protected] ~]# ll -d /test/test.txt ----------. 1 root root 5 Aug 16 06:52 /test/test.txt

Normal User authentication permissions
[Email protected] ~]$ Cat/test/test.txt
Cat:/test/test.txt:permission denied
[Email protected] ~]$ rm-f/test/test.txt
[Email protected] ~]$ Touch/test/test1.txt

4.3 actual case 3: No x for the directory, no permissions on the file

[[email protected] ~]# chmod 766 /test/[[email protected] ~]# chmod 777 /test/test.txt[[email protected] ~]# ll -d /test/drwxrw-rw-. 2 root root 22 Aug 16 06:58 /test/[[email protected] ~]# ll /test/test.txt -rwxrwxrwx. 1 root root 5 Aug 16 06:58 /test/test.txt

Normal User authentication permissions
[Email protected] ~]$ cd/test
-BASH:CD:/test:permission denied
[Email protected] ~]$ Cat/test/test.txt
Cat:/test/test.txt:permission denied
[Email protected] ~]$ rm-f/test/test.txt
Rm:cannot remove '/test/test.txt ': Permission denied

5th chapter RWX influence on the catalogue

5.1 Directory only R permissions: With browse directory and subdirectory permissions
1. Can use the LS command to browse directories and subdirectories, but also prompt permission to deny
2. Can use the LS-L command to browse directories and subdirectories, with a question mark, and only see the file name
Summary: The directory only R permissions, only browse within the file name, no other operational permissions

5.2 Write Permission (W)
If the directory has only W permissions: Has add, delete, or modify file name permissions in the directory (requires x mates)
Note: If the directory has W permissions, you can create files in the directory to delete files in the directory (regardless of file permissions)
Cannot access directory, cannot copy directory, cannot delete directory, cannot move directory

5.3 Execute permissions (x)
Directory has only X permissions
1. Access to the directory only
2. Cannot browse, copy, move, delete

5.4 Summary of permissions:
File RW permissions to view and edit file contents
File Rx permissions, can only view and execute files, cannot edit, copy, move, delete
Directory RX permissions that allow you to browse files and subdirectories within a directory, and allow new files within the directory to be created, deleted, files and directories

> Precautions:

file, x permission is given carefully, it is recommended to give R or RW
Directory, W permission is given carefully, it is recommended to give RX without special need

Linux system permissions