The previous article completed some user and group management commands, followed by rights management
Rights Management :
Each directory or file has a corresponding permission bit to restrict whether the user has permission to "use"
Process Security Context:
The process applies the model to the access rights of the file:
The owner of the process is the same as the owner of the file, and if the same, the application is the master permission;
Otherwise, check whether the owner of the process belongs to the genus Group of the file, and if so, the group permission is applied;
Otherwise, you can only apply other permissions;
Solution: When a user accesses a file, it will determine whether the user belongs to the owner of the file, the group, others, and then, in turn, to determine the corresponding permission bit, then use its permissions.
First look at the meaning of the file permission bit:
[Email protected]_1 sh]# ll Test.txt
-rwxrwxrwx 1 root root 1186 Apr 15:22 test.txt
RWXRWXRWX:
Left three bits: Define user's permissions, UID
Three-bit: defines permissions for group; GID
Right three bits: Define other's permissions
Permissions:
R:readable, read
W:writable, write
X:excutable, Executive
Directory:
R: You can use the LS command to get a list of all the files under it;
W: Can modify the list of files in this directory, that is, create or delete files;
X: Can be CD to this directory, and can use Ls-l to get all the file detailed property information;
File:
R: Can obtain the data of the file;
W: can modify the data of the file;
X: This file can be run as a process;
Note: Directory permissions are not the same as file permissions. Not have the directory permission, the file inside can read, change and other operations
Privilege Combination mechanism:
---000 0
--x 001 1
-w-010 2
-WX 011 3
r--100 4
R-x 101 5
RW-110 6
RWX 111 7
In simple terms: r=4, w=2, X=1, '-' =0
Rights Management Commands :
chmod command:
chmod [OPTION] ... Mode[,mode] ... FILE ...
chmod [OPTION] ... Octal-mode FILE ...
chmod [OPTION] ...--reference=rfile FILE ...
Three types of users:
U: Representative owner
G: Representative Group
O: On behalf of other
A: On behalf of all
(1) chmod [OPTION] ... Mode[,mode] ... FILE ...
Mode notation:
Empowerment notation: Direct operation of a class of user's ownership limit rwx;
U=rwx
G=rwx
O=rwx
A=rwx
Authorization representation: A privilege bit r,w,x for direct operation of a class of users;
u+, U-:u+r, U+w, u+x,u-r ...
g+, G-:g+r...,u-r ...
o+, O-:o+r...,o-r ...
A +, a-:a+r...,a-r ...
Example:
[Email protected]_1 sh]# chmod u+w test.txt
[Email protected]_1 sh]# chmod a-w test.txt
(2) chmod [OPTION] ... Octal-mode FILE ...
[Email protected] ~]# chmod 777 Anaconda-ks.cfg
(3) chmod [OPTION] ...--reference=rfile FILE: (Refer to Anaconda-ks.cfg permissions, authorization to the Hello file)
[Email protected] ~]# chmod--reference=anaconda-ks.cfg Hello
Note: Users can only modify the permissions of those files that belong to the owner;
Subordinate Relationship Management commands: Chown, CHGRP
Chown command: Modify owners and groups
chown [OPTION] ... [OWNER] [: [GROUP]] FILE ...
Two different ways:
[Email protected] ~]# chown Kwang:kwang Hello
[Email protected] ~]# chown Kwang.kwang Hello
chown [OPTION] ...--reference=rfile FILE ...
Refer to the properties of a file owner and group and authorize to the specified file
Options:
-R: Recursive modification
CHGRP Command: Modify Group properties
CHGRP [OPTION] ... GROUP FILE ...
CHGRP [OPTION] ...--reference=rfile FILE ...
Example:
[Email protected]_1 sh]# chgrp test2 test.txt
Note: Only administrators can modify the owner and owner group of the file;
Umask: File Permissions Reverse Mask
Reverse mask and permission phase are reduced to initial permissions when creating files and directories
File:
666-umask
Directory:
777-umask
Note: The file with 666 to reduce, indicating that the file does not have the default execution permissions, if the result of the reduction of the execution permissions, you need to add 1, can only be used on the file;
umask:022
666-023=644
777-023=755
Umask command:
Umask: View current Umask
Umask MASK: Set umask
[Email protected] ~]# umask 022
Note: This type of setting is only valid for the current shell process;
Practice:
1, the new system group MARIADB, the new system user mariadb, belongs to the MARIADB group, requires that it has no home directory, and the shell is/sbin/nologin; try root to switch to the user and view its command prompt;
2, the new GID for 5000 group mageedu, new user Gentoo, request their home directory for/users/gentoo, password with the user name;
3, new user fedora, whose home directory is/users/fedora, password with the user name;
4, the new user www, its home directory for/users/www; Delete www users, but keep their home directory;
5 added additional group mageedu for user Gentoo and fedora;
6, copy the directory/var/log to/tmp/directory, modify/tmp/log and all the files within the group of mageedu, and let the group has write access to the directory itself;
An additional command that can be used to copy the file while setting its permissions and owner, etc.
Install Command:
install-copy files and set attributes (copying files and setting file properties)
Single Source replication:
Install [OPTION] ... [-T] SOURCE DEST
Multi-source replication:
Install [OPTION] ... SOURCE ... DIRECTORY
Install [OPTION] ...-t DIRECTORY SOURCE ...
To create a directory:
Install [OPTION] ...-d DIRECTORY ...
Common options:
-M,--mode=mode: Set the target file permissions, default to 755;
-O,--owner=owner: Set the target file owner;
-G,--group=group: Set the target file genus Group;
-D,: Create directory
Example:
[Email protected] ~]# install-d/sh/install
Drwxr-xr-x 2 root root 6 Mar 18:03/sh/install/
[Email protected] ~]# install-m 640-o kwang-g kwang/etc/issue/sh/
-rw-r-----1 Kwang Kwang 18:02 issue
This article from "Disguised geek" blog, declined reprint!
Linux users, groups, and Rights Management (II)