Linux user, group, file, permissions relationships __linux

The occasional use of Linux, its users, the relationship between the group has been very complex, and divided three kinds of permissions, intertwined with more feel messy. Today to think about their relationship before, encounter a predecessor of the article, the quality is very high, slightly cut edit to stay bo Backup, but also convenient for others.

The original text reads as follows:

In Linux everything is a file (folders and hardware peripherals are special files), and if possible use text files. Text files are documents that people and machines can understand, and they are the best way to communicate between people and machines. Because all of the configuration files are text, you need only one of the simplest editors to modify. Even the 2 binary execution file will have the source code attached.

This is the basic philosophy of Linux, but also the basic spirit of open source. The ultimate development of gnu/linux is to transcend the boundaries between man and machine.

(Comparison: Everything in Windows is also a file, most of them are in the Microsoft Format encoded 2 files, and the configuration file is often carried out 2 coding, and even the results are 2-encoded, such as Doc, you need to use the Microsoft API to complete the modification. )

Because it is so simple to modify a text file, the Linux system itself must be regulated. This leads to the 2 concepts of users (groups) and permissions.

The introduction of these 2 concepts is a perfect guarantee for Linux security without adding complexity. Because everything is a document. So Linux introduced 2 files to manage users (groups),/etc/passwd store users,/etc/group storage groups, and then added information about the relationship between users and files in the header of each file in the file system.

There are only 2 relationships between users and files, owned and not owned.

There are only 2 relationships between groups and files, owned and not owned.

There are only 2 relationships between users and groups, belonging to and not belonging to.

By stacking These three relationships, the final relationship between the user and the file can be grouped into 3 categories

1, the user owns the file

2, the user belongs to a group, a group owns the file (that is, the user owns the file by belonging to a group)

3, the user does not own the file

In the file header, 3 sets of information are stored, respectively, corresponding to the above 3 categories of relationships

The first group holds the permissions of the user who owns the file.

The second group holds the permissions of the group that owns the file (all other members belonging to that group get this permission).

The third group has access to all users who do not own the file (equal to all users minus 2 categories of users).

Very subtly, you can make the third group more privileged than the first, and the second, which means that the user who doesn't have the file has greater privileges. (Comments: When I figured out this relationship, very sigh it predecessors of the extraordinary wisdom, such a design has very good symmetry, has not necessarily a good thing, not owning may be a kind of happiness.) Life is not so it. ）

Here is a description of the permissions

There are three types of permissions (abbreviated to R), write (abbreviated W), and execute (abbreviated to x). Read and write well understood, the execution of course only to be able to execute the document to have effect. Permissions have a slightly different meaning than folders. For example, if you have permission to execute a directory, you can CD to a directory, and if you do not have Read permission, you even CD to a certain directory, you can not LS.

In practice for the sake of convenience, we generally use all three kinds of permissions, so beginners just know that there is such a thing on it. With the user (group), permissions, files, we use a command ls-l can show the relationship between the three

Here is an example

To display Readme.txt permission information

R-x-w-rw-tom Admin Readme.txt

The above r-x-w-rw-, each 3 characters is a group, corresponding to the user, group, other users,-that does not have this permission. Permissions for User (abbreviated U): is read (R) and execute (x) group (abbreviated to G) Permission: Is write (W). Permissions for other users (abbreviated O): Read (R) and write (W). User Tom owns the file

Group Admin owns the file. Any user who logs on will be able to obtain his or her own appropriate permissions based on the above settings. Modifying permissions is also simple, such as adding a privilege read (R) to G and executing permissions (x):

chmod g+rx filename---plus sign add right

To cancel write (W) permissions for another user

chmod o-w file name---minus sign indicates cancellation permission

In the actual application, we usually use the name of the application to set the group name, such as in my system there are MySQL group, MONGDB Group. (Comment: Here's a quote from the smartest physicist and philosopher who loves old sayings.

Make everything as simple aspossible, but not simpler

Albert Einstein

My translation of this famous sentence is also very simple, that is, "simplicity", Linux, the subtle design of the privilege system is easily reminiscent of the human body's DNA system, only four kinds of base, it can evolve the human body so complex and effective system. But the Windows system, is really helpless ah. The user's computer can become the QQ and 360 battlefield, the user has no evidence to prove who is not. On Linux, it's impossible to have a simple security system.

Finally, let's talk about Linux's Level three Help system.

Linux's help system is very distinctive. If you can use the Help system skillfully, plus Google learning method (the matter is not decided to ask Baidu, foreign affairs to ask Google), self-study will become very relaxed, the first is the mini help, this help is the shortest, most refined, more use in the can not think of a specific command parameters, command usage as follows

Command –help, like Ls–help.

The second is medium help, which is more lengthy, detailed, and used in the context of a detailed command, as follows

Man Command--------Man is (manual), such as Man CD

The third is the large help, which is the longest, some may be a book, the command usage is as follows

Info command, such as info RM

Linux learning must own more discipline, can really grasp. Easy Come easy go. Any knowledge and technology that is easy to learn is mostly cheap.

PS. Some netizens would like to recommend a book on Linux, I read too much of the original book, but most of the knowledge still rely on their own practice, and Google to. Many Linux knowledge may be acquired when learning something else, such as when you configure Apache, and you will learn more about the meaning of Symboliclink. Many things need to be honed to understand the real meaning.

Original link: http://kb.cnblogs.com/page/87100/