Modification of Linux file permissions

First, preface

1. Permissions include three types: W, R, X
2. For a file, you can read the contents of the file simply by having R permission
3. For the directory, you must have R, x permissions to access the contents of the directory, there is no meaning to the R permission alone
4.root users are not restricted by any permissions

Second, modify the normal permissions

Command: chmod
Function: Permission to modify a file
Parameter:-r to recursively modify permissions for all files in the directory

Usage 1:chmod g+w 1.txt; chmod u+r 1.txt; chmod o+x 1.txt
Usage 2:chmod u=rwx,g=r--, o=r--1.txt
Usage 3:chmod 777 1.txt; chmod 735 1.txt

Description

1. U, G, O represent users, groups and other users respectively; A may refer to Ugo
2. +,-represents adding or removing corresponding permissions
3. R, W, X for three kinds of permissions
4. The normal permission is represented by the number: R = 4 W = 2 x = 1 For example: rw-= 4+2 = 6;rwx = 4+2+1 = 7

Third, modify the default permissions

Preface: Each terminal has a Umask property, used to determine the default permissions for new files, for example, we create a new directory, its default permissions are rwxr-xr-x; we create a new file whose default permissions are rw-r--r--

The umask value is represented by a number:

[Email protected] ~]# umask  0022

Description

1. The first 0 represents a special permission, and the next three represent Ugo permissions
2. In Linux, the default directory permission is 755 and the document permission is 644

How to modify the Umask value:

Umask 055

How to calculate default permissions by Umask values:

Calculation of the directory: (RWXRWXRWX) – (umask value) = (Directory permission)
Calculation of the file: (rw-rw-rw-) – (umask value) = (file permissions)

Example:

If you set Umask to 001 (denoted by letters as--------X), what are the permissions for directories and files that users create by default?
The permissions for the directory are: (RWXRWXRWX) – (--------x) = (rwxrwxrw-) = 776
The permissions for the file are: (rw-rw-rw-) – (--------x) = (rw-rw-rw-) = 666
So it concludes that when Umask is 001, directory permissions are 776 and file permissions are 666

Iv. Modification of special permissions

1 Special privileges: suid

What is suid: suid (SET_UID) allows an ordinary user to run an executable binary (such as passwd this command) temporarily with the permissions of the user to which the file belongs (note that the SUID permission is valid only for executable binaries and is not valid for normal files)

Let's give an example:

Suppose we are now logged in as a normal user, when we want to change the password using the passwd command, we need to change the password/etc/shadow this configuration file (/etc/shadow is used to store the password of the configuration file), but as follows,/etc/shadow is not any permissions , which means we can't read and write this file.

[Email protected ] ~]# ls-l/etc/shadow16293:/etc/shadow

What do we do then? We need to use the root user's privileges (note: Root user is not restricted by any permissions) to execute passwd This command to modify/etc/shadow this configuration file
If you don't want ordinary users to change their passwords, just chmod u-s/usr/bin/passwd

How do I add suid permissions?

Syntax One: chmod u+s file name
Syntax two: chmod 4755 file name (4 for S permission, 755 for normal permission)
Note: As with normal permissions, special permissions can also be represented by digital means: Suid = 4, Sgid = 2, sticky = 1

Let's give an example:

We know that ordinary users are not able to browse the/root directory, so we have to give LS this command to add S permissions (note that only the user who owns the file can add special permissions) to temporarily have the permissions of the owning user to view the/root directory

[[email protected] ~]# SU–PZK    // We switch to normal user first [[email protected] ~]$ ls/root/    //  Normal user does not have permission to browse/root directory ls: unableto open Directory/root/~]$ Su-         // We switch to the root user to add the LS command s privilege password:     ~]# chmod u+s/bin/~]# Su-~]$ ls/root/    //LS has the S permission to browse the test.sh Test.txt

So, let's look at another phenomenon, such as the presence of S and s in the 3rd position of the permission bit, what is this?

Why do special permissions have uppercase and lowercase letters?

The system is provided that if there is an X on that bit, then these special signs are shown as lowercase (s, s, T) otherwise shown as uppercase (s, S, T), we know that the first 3 bits of the permission bit is the user's permission, when the presence of S, indicating that the user also has X permission, when the presence of S, The user does not have X permission, but the ordinary user uses the LS command, the permission bit used is the other's permission bit, so for s does not have the X permission is OK, as long as other this privilege bit with x permission can run ls this command (root user does not matter, Because the root user is not restricted by any permissions)

2 Special privileges: Sgid

What is Sgid: As we have said earlier, when the S flag appears on the file owner's X-permission, it is called the set UID. So put this s in the file's user group X position, that is Sgid

When S is present, it indicates that it has X permission and does not have X permission when S is present.

What is the use of Sgid: like Suid, just Sgid is to get the permissions of the user group that the program belongs to, to execute with the permissions of the owning group.

There are a few things we need to note about Sgid:
1.sgid is useful for binary programs;
2. The program executor is required to have X permission for the program;
3.sgid is mainly used in the catalogue;

How do I add sgid permissions?

Syntax One: chmod g+s file name
Syntax two: chmod 2755 file name (2 for Sgid permissions, 755 for normal permissions)
Note: As with normal permissions, special permissions can also be represented by digital means: Suid = 4, Sgid = 2, sticky = 1

3 Special privileges: Sticky

What is sticky: The front suid and Sgid are set for the user and group, so Sticky is set for others, just like suid/sgid, but functionally different.
What is the use of Sticky: Sbit (Sticky Bit) is currently only valid for the directory, the role of the directory is: when the user in this directory to create a file or directory, only their own and root have the right to delete. The most representative is the/tmp directory, anyone can add and modify files in/tmp, but only the file/directory creator and Root can delete their own directories or files.

When T is present, it indicates an X permission, and when T is present, does not have X permission

How do I add sticky permissions?

Syntax One: chmod o+s file name
Syntax two: chmod 1755 file name (1 for Sticky permissions, 755 for normal permissions)
Note: As with normal permissions, special permissions can also be represented by digital means: Suid = 4, Sgid = 2, sticky = 1

Modification of Linux file permissions