Linux_ file Permissions

Permissions throughout the Linux system

Create a file or directory where both the owner and group are current users

Linux privilege bit?

9-bit base privilege bit, 3-bit group, total 12-bit permissions

User-to-file permissions, equivalent to your notebook

R-Read 4

W Write 2

X execution 1

-No Permissions 0

For general file Permissions Summary:

R permissions to read or read files

W Add, modify file contents

No r permission VI will prompt cannot be edited, but can force edit and Echo >> Force append

x indicates permission to execute file

. SH scripts require federated R permissions to execute, other Python, Java, and other language files require only the corresponding interpreter to execute with only R

Note: Under the root user, the executable shell requires only x permission to execute.

How to delete a file:

　　

When I_link = 0 and I_count = 0, it is like putting the file data into a small black room, being recycled, and deleting

Delete a file, because the file name is stored in the parent directory block, can delete a file to see the upper directory of the W permissions, no words can not be deleted

(Permission to delete a file is controlled by permissions on the parent directory, regardless of file permissions)

The default permissions for creating files are 644, rw-r--r--, primary and group are creators

For a summary of directory permissions:

R represents the right to browse directories under files and sub-files, that is, Ls,dir

W indicates permission to add, delete, or modify files within the directory

X represents the ability to do directory permissions, no access to the directory, such as CD dir, but no r cannot list files and directories, no w cannot be created or deleted

The default permissions for creating files are 755, Rwxr-xr-x, primary and group are creators

and file permissions related commands:

chmod change the file directory permissions, only the owner and Root can modify

-R recursively the directory and all files and directories under this directory unified permissions

Empowering by Digital

chmod 755-r/date    #递归让/date directory and directory all files and directories get the same permissions Rwxr-xr-x

Empowering with symbols

U owner

G belongs to Group

o Other People

+ Add

-Cancel

= equals

Touch modtest    # Create test file chmod u+x modtest    # Master Add x Execute permissions

Umask to view or set a default permission mask

Umask    # View current permission Mask sed-n ' 65,69p '/ETC/BASHRC        # view default permissions Configuration

　　

How to convert?

Permissions for files starting from 666, directory permissions starting from 777

666 << File Start permissions

-022 << umask value

644 << File Permissions

Uamsk are even, direct subtraction, there is a count, the number of digits plus 1 and then subtract

Umask need for production scenarios without changes

What are the special permission bits?

Suid,guide, Sticky bit

Suid Summary

For command and binary programs

1. The first three bits of the user corresponding to the X-bit if there is s on the suid permission, when the X-bit does not have the lowercase x execution permission, SUID display is the big s

2. SUID allows a normal user to execute a command with root, and suid to set special permissions for a command (everyone can use), unlike sudo

Typical suid passwd, you can only change the password by this command, instead of changing the file directly

3. Suid is a double-edged sword, the useless function of the suid cancel out

Sgid Summary

Valid only for binary command programs

• Executable Permissions Required X
• Anyone who executes this command can obtain the permissions of the group to which the command was executed

Typical example: Locate

Linux system basic Permissions bits are 9-bit permissions, but there are additional 3-bit permission bits, a total of 12-bit permissions

Suid s (with x) s 4 user-corresponding permission bits (user-corresponding 3-position)

GUID s (with x) s 2 user group corresponding permission bit (user group corresponding to 3 position)

Sticky t (with x) T 1 the corresponding permission bit for other users, only for the directory

chmod 4755 Command     # SUID permissions to the commands, or chmod u+s filechmod 2755 Command     # give this command GUID permission, or chmod g+s filechmod 1755 Direc Tory     # give this directory sticky bit permissions, or chmod o+s file

Sticky bit, TMP is the classic sticky bit directory, any user can browse, modify any content under this file, but cannot delete and move the master is another user's file or directory, often is Trojan first-hand springboard address, bring security problems

　　

How do I switch to the owning group of the file owner?

Between the Chown and the group: separate, use. Alternative:

Chown Oldboy test.sh    # change test.sh's main chown:incahome test.sh    # change test.sh group chown. Incahome test.sh    # change test.sh Group, passed. Instead: # Note: Both the authorization master and the group must be real in Linux

　　

Summary of file permissions

　1. Total 12-bit privilege bit, 9-bit base privilege bit, 3-bit special permission bit, base 3-bit group, special 1-bit group

2. R W x corresponding numbers are 4 2 1, special permission bit suid guid sticky corresponding numbers 4 2 1 respectively

3. The underlying permission bit is different on the file and on the directory

On the file, r means that you can browse the contents of the file, w means to modify the contents of the file, x indicates that the file has execute permissions, only the X permission alone, the command interpreter can not read the contents of the file, is also unable to execute

In the directory, r indicates that the file name and directory name can be in the list directory, W indicates that you can delete and create files or directories under this directory, and X indicates that you could enter this directory

4. The master and the group can be changed through the Chown command, and must exist in the primary and group Linux systems

5. The principle of deleting a file is that the file has a hard link number of 0 while the file has a program reference number of 0

Linux_ file Permissions