Permission collation of Centos File System

Source: Internet
Author: User

Programs used:

Chmod setfacl getfacl stat chattr lsattr
Chmod: Set File Permissions
Setfacl: access control list)
Getfacl: view the access control list
Stat: displays inode content (a | m | c) time content
Chattr: sets the list file attribute system of the second extended file.
Lsattr: view the list file attribute system of the second extension fileSetuid: Make the file have the same x permissions as the file owner
Setgid: Make the folder have the same x permissions as the file group
Sticky: Make files unavailable


  1. [root@nagios test]# touch setuid setgid sticky

  2. [root@nagios test]# chown -R nagios.nagios ./

  3. [root@nagios test]# chmod u+s setuid && chmod g+s setgid && chmod o+t sticky

  4. [root@nagios test]# ll

  5. total 0

  6. -rw-r-Sr-- 1 nagios nagios 0 Mar 2800:41 setgid

  7. -rwSr--r-- 1 nagios nagios 0 Mar 2800:41 setuid

  8. -rw-r--r-T 1 nagios nagios 0 Mar 2800:41 sticky

  9. [root@nagios test]# su hello

  10. [hello@nagios test]$ pwd

  11. /root/test

  12. [hello@nagios test]$ echo hello >> setuid

  13. bash: setuid: Permission denied

  14. [hello@nagios test]$ sh setuid

  15. hello

  16. [nagios@nagios test]$ exit

  17. exit

  18. [root@nagios test]# chmod o+w sticky

  19. [root@nagios test]# su hello

  20. [hello@nagios test]$ ll sticky

  21. -rw-rw-rwT 1 nagios nagios 0 Mar 2800:45 sticky

  22. [hello@nagios test]$ rm sticky

  23. rm: cannot remove `sticky': Permission denied

  24. [hello@nagios test]$ stat sticky

  25. File: `sticky'

  26. Size: 0 Blocks: 0 IO Block: 4096 regular empty file

  27. Device: fd00h/64768d Inode: 134198 Links: 1

  28. Access: (1666/-rw-rw-rwT) Uid: ( 500/ nagios) Gid: ( 500/ nagios)

  29. Access: 2013-03-2800:45:37.875928997 +0800

  30. Modify: 2013-03-2800:45:37.875928997 +0800

  31. Change: 2013-03-2800:46:28.050580800 +0800

# Setfacl and getfacl

User: owner permission ":" All are owners ":" special user
Group: group and Special group
Other: Others
Mask: All persons except owner and others
Common options:
-D: subdirectory inherits the special permissions of the parent directory.
-R: recursive permission

Check whether ACL is supported

  1. [root@nagios heelo]# tune2fs -l /dev/sda1 | grep option

  2. Default mount options: user_xattr acl


  1. [root@nagios test]# touch setfacl

  2. [root@nagios test]# setfacl -m user::r,user:hello:rw setfacl

  3. [root@nagios test]# chown nagios.nagios setfacl

  4. [root@nagios test]# ll setfacl

  5. -r--rw-r--+ 1 nagios nagios 0 Mar 2800:52 setfacl

  6. [root@nagios test]# su nagios

  7. [nagios@nagios test]$ echo hello >> setfacl

  8. bash: setfacl: Permission denied

  9. [nagios@nagios test]$ exit

  10. exit

  11. [root@nagios test]# su hello

  12. [hello@nagios test]$ echo hello >> setfacl

  13. [hello@nagios test]$ cat setfacl

  14. hello

  15. [hello@nagios test]$ getfacl setfacl

  16. # file: setfacl

  17. # owner: nagios

  18. # group: nagios

  19. user::r--

  20. user:hello:rw-

  21. group::r--

  22. mask::rw-

  23. other::r--

#chattr and lsattr
Chattr +-= [acdeijstuADST].
A: Atime: Tell the system not to modify the last access time of this file.
S: Sync. Once the application writes the file, the system immediately writes the Modification result to the disk.
A: Append Only. The system Only allows data to be appended to this file. No process is allowed to overwrite or intercept this file. If the directory has this attribute, the system will only allow the creation and modification of files under this directory, and will not allow the deletion of any files.
I: Immutable. The system does not allow any modifications to this file. If the directory has this attribute, any process can only modify the files under the Directory and cannot create or delete files.
D: Check for errors in the compressed file.
D: No dump. During file system backup, the dump program ignores this file.
C: Compress. The system compresses the file transparently. When reading from this file, the returned data is extracted. When writing data to this file, the data is first compressed before being written to the disk.
S: Secure Delete. The system will use 0 to fill in the region where the file is located when deleting the file.
U: Undelete: When an application requests to delete this file, the system will keep its data block so that the file can be deleted in the future.


  1. [root@nagios test]# mkdir chattr

  2. [root@nagios test]# chattr +i chattr/

  3. [root@nagios test]# touch chattr/hello

  4. touch: cannot touch `chattr/hello': Permission denied

  5. [root@nagios test]# chattr -i +a chattr/

  6. [root@nagios test]# touch chattr/hello && echo hello >>chattr/hello && cat chattr/hello

  7. hello

  8. [root@nagios test]# rm chattr/hello

  9. rm: remove regular file `chattr/hello'? y

  10. rm: cannot remove `chattr/hello': Operation not permitted

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.