Linux users, groups, and Rights Management (II)

The previous article completed some user and group management commands, followed by rights management

Rights Management :

Each directory or file has a corresponding permission bit to restrict whether the user has permission to "use"

Process Security Context:

The process applies the model to the access rights of the file:

The owner of the process is the same as the owner of the file, and if the same, the application is the master permission;

Otherwise, check whether the owner of the process belongs to the genus Group of the file, and if so, the group permission is applied;

Otherwise, you can only apply other permissions;

Solution: When a user accesses a file, it will determine whether the user belongs to the owner of the file, the group, others, and then, in turn, to determine the corresponding permission bit, then use its permissions.

First look at the meaning of the file permission bit:

[Email protected]_1 sh]# ll Test.txt

-rwxrwxrwx 1 root root 1186 Apr 15:22 test.txt

RWXRWXRWX:

Left three bits: Define user's permissions, UID

Three-bit: defines permissions for group; GID

Right three bits: Define other's permissions

Permissions:

R:readable, read

W:writable, write

X:excutable, Executive

Directory:

R: You can use the LS command to get a list of all the files under it;

W: Can modify the list of files in this directory, that is, create or delete files;

X: Can be CD to this directory, and can use Ls-l to get all the file detailed property information;

File:

R: Can obtain the data of the file;

W: can modify the data of the file;

X: This file can be run as a process;

Note: Directory permissions are not the same as file permissions. Not have the directory permission, the file inside can read, change and other operations

Privilege Combination mechanism:

---000 0

--x 001 1

-w-010 2

-WX 011 3

r--100 4

R-x 101 5

RW-110 6

RWX 111 7

In simple terms: r=4, w=2, X=1, '-' =0

Rights Management Commands :

chmod command:

chmod [OPTION] ... Mode[,mode] ... FILE ...

chmod [OPTION] ... Octal-mode FILE ...

chmod [OPTION] ...--reference=rfile FILE ...

Three types of users:

U: Representative owner

G: Representative Group

O: On behalf of other

A: On behalf of all

(1) chmod [OPTION] ... Mode[,mode] ... FILE ...

Mode notation:

Empowerment notation: Direct operation of a class of user's ownership limit rwx;

U=rwx

G=rwx

O=rwx

A=rwx

Authorization representation: A privilege bit r,w,x for direct operation of a class of users;

u+, U-:u+r, U+w, u+x,u-r ...

g+, G-:g+r...,u-r ...

o+, O-:o+r...,o-r ...

A +, a-:a+r...,a-r ...

Example:

[Email protected]_1 sh]# chmod u+w test.txt

[Email protected]_1 sh]# chmod a-w test.txt

(2) chmod [OPTION] ... Octal-mode FILE ...

[Email protected] ~]# chmod 777 Anaconda-ks.cfg

(3) chmod [OPTION] ...--reference=rfile FILE: (Refer to Anaconda-ks.cfg permissions, authorization to the Hello file)

[Email protected] ~]# chmod--reference=anaconda-ks.cfg Hello

Note: Users can only modify the permissions of those files that belong to the owner;

Subordinate Relationship Management commands: Chown, CHGRP

Chown command: Modify owners and groups

chown [OPTION] ... [OWNER] [: [GROUP]] FILE ...

Two different ways:

[Email protected] ~]# chown Kwang:kwang Hello

[Email protected] ~]# chown Kwang.kwang Hello

chown [OPTION] ...--reference=rfile FILE ...

Refer to the properties of a file owner and group and authorize to the specified file

Options:

-R: Recursive modification

CHGRP Command: Modify Group properties

CHGRP [OPTION] ... GROUP FILE ...

CHGRP [OPTION] ...--reference=rfile FILE ...

Example:

[Email protected]_1 sh]# chgrp test2 test.txt

Note: Only administrators can modify the owner and owner group of the file;

Umask: File Permissions Reverse Mask

Reverse mask and permission phase are reduced to initial permissions when creating files and directories

File:

666-umask

Directory:

777-umask

Note: The file with 666 to reduce, indicating that the file does not have the default execution permissions, if the result of the reduction of the execution permissions, you need to add 1, can only be used on the file;

umask:022

666-023=644

777-023=755

Umask command:

Umask: View current Umask

Umask MASK: Set umask

[Email protected] ~]# umask 022

Note: This type of setting is only valid for the current shell process;

Practice:

1, the new system group MARIADB, the new system user mariadb, belongs to the MARIADB group, requires that it has no home directory, and the shell is/sbin/nologin; try root to switch to the user and view its command prompt;

2, the new GID for 5000 group mageedu, new user Gentoo, request their home directory for/users/gentoo, password with the user name;

3, new user fedora, whose home directory is/users/fedora, password with the user name;

4, the new user www, its home directory for/users/www; Delete www users, but keep their home directory;

5 added additional group mageedu for user Gentoo and fedora;

6, copy the directory/var/log to/tmp/directory, modify/tmp/log and all the files within the group of mageedu, and let the group has write access to the directory itself;

An additional command that can be used to copy the file while setting its permissions and owner, etc.

Install Command:

install-copy files and set attributes (copying files and setting file properties)

Single Source replication:

Install [OPTION] ... [-T] SOURCE DEST

Multi-source replication:

Install [OPTION] ... SOURCE ... DIRECTORY

Install [OPTION] ...-t DIRECTORY SOURCE ...

To create a directory:

Install [OPTION] ...-d DIRECTORY ...

Common options:

-M,--mode=mode: Set the target file permissions, default to 755;

-O,--owner=owner: Set the target file owner;

-G,--group=group: Set the target file genus Group;

-D,: Create directory

Example:

[Email protected] ~]# install-d/sh/install

Drwxr-xr-x 2 root root 6 Mar 18:03/sh/install/

[Email protected] ~]# install-m 640-o kwang-g kwang/etc/issue/sh/

-rw-r-----1 Kwang Kwang 18:02 issue

This article from "Disguised geek" blog, declined reprint!

Linux users, groups, and Rights Management (II)