1. Basic Permissions
(1). Character notation
R: Read permission, for the file, is to have greedy to look at the content of the file permissions, and for the directory, it means you can view the name of the sub-object under the directory;
W: Write permission, for the file, means to have overrides, delete and other permissions, and for the directory, it is the right to create child objects;
X: Run, execute permissions, for the file, means that you have executable permissions, and for the directory you can switch into the directory.
(2). Numerical notation
r--= (8421BCD code) =4 (decimal)
-w-= 010 (8421BCD code representation) =2 (decimal)
--x = 001 (8421BCD code representation) =1 (decimal)
2. Modify Permissions
Chmod-r (U) ser/(g) roup/(O) ther/(a) ll operator (+/-/=) permissions (character) filename
where the-r parameter indicates that if the directory is executed, all files under that directory are changed at the same time, indicating recursion.
Example:
Create a file with the file name test:
650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" text-align:center;border:1px solid RGB ( 221,221,221); background-position:50% 50%; "alt=" Spacer.gif "/>650" this.width=650; "src=" http://s3.51cto.com/ Wyfs02/m00/6f/73/wkiol1wc9cmqh84haada2howtfq645.jpg "title=" 1.png "alt=" Wkiol1wc9cmqh84haada2howtfq645.jpg "/>
Add execute permission to the owner of the test file
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/76/wKiom1Wc9F_x4pSvAADAxn4s49U089.jpg "style=" float: none; "title=" 2.png "alt=" Wkiom1wc9f_x4psvaadaxn4s49u089.jpg "/>
Add read and Write permissions to the test file's owning group
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/73/wKioL1Wc9i7CTNY8AADPLDgsU8Y874.jpg "style=" float: none; "title=" 3.png "alt=" Wkiol1wc9i7ctny8aadpldgsu8y874.jpg "/>
Cancel Read permissions for other users of the test file
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/73/wKioL1Wc9i_gjgmzAAC39cQnkN0524.jpg "style=" float: none; "title=" 4.png "alt=" Wkiol1wc9i_gjgmzaac39cqnkn0524.jpg "/>
The owner of the Modify test file is the test user
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/76/wKiom1Wc9GCxIOwFAAC-tpgFvlw111.jpg "style=" float: none; "title=" 5.png "alt=" Wkiom1wc9gcxiowfaac-tpgfvlw111.jpg "/>
The group to which the test file is modified belongs to the test group
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/73/wKioL1Wc9jCBpe7HAAC-OZ_lkXI561.jpg "style=" float: none; "title=" 6.png "alt=" Wkiol1wc9jcbpe7haac-oz_lkxi561.jpg "/>
3. Special Privileges
(1). Delegating part of root authority to ordinary users
Use the Visudo command to open /etc/sudoers, where you can set up a partial setting to distribute the specified permissions to the specified user
Example:
Open configuration file
Delegate the ability to add account passwords to users FCY
The absolute path added can be found through the which+ execution file name . such as which Useradd)
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/74/wKioL1WdDHqCYHKgAAByelyKjCs678.jpg "style=" float: none; "title=" 7.png "alt=" Wkiol1wddhqcyhkgaabyelykjcs678.jpg "/>
Test Add User Test2
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/77/wKiom1WdCqqRlMsOAAFpb5Jm3yM788.jpg "style=" float: none; "title=" 8.png "alt=" Wkiom1wdcqqrlmsoaafpb5jm3ym788.jpg "/>
Test add a password for test2
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/77/wKiom1WdCqqyrLs2AAFPp7AAeHM566.jpg "style=" float: none; "title=" 9.png "alt=" Wkiom1wdcqqyrls2aafpp7aaehm566.jpg "/>
Extended:
If you want to delegate the same permissions for a batch of accounts, you can add alias settings to the/etc/sudoers
The format is as follows:
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/74/wKioL1WdD9qydF9JAADTXHcJMdI995.jpg "title=" 10.png "alt=" Wkiol1wdd9qydf9jaadtxhcjmdi995.jpg "/>
The first line defines the group of permissions, the second line defines the group for the normal user, and the third row specifies the permissions that the user group has.
(2) Special file permissions
suid : For executables, when executing a directive or tool with SUID, run as the owner of the tool or directive (note that if you add suid to a file that does not have X permissions, it will appear in uppercase S, otherwise lowercase s)
Sgid : For a directory, when a directory has sgid, the owning group of all child objects created under that directory is the owning group of the parent directory
Sticky : For the directory, other settings, sub-objects in the directory, can only be deleted by the owner, other ordinary users do not have delete permissions
Ways to add or remove special permissions for files and directories:
character notation
chmod u+/-s---> Add suid
chmod g+/-s---> Add sgid
chmod o+/-t----> Add sticky
Numerical notation
suid sgid Sticky
1 0 0 =4
0 1 0 =2
0 0 1 =1
Suppose a file named test has the permission of 644, which is-rw-r--r--
chmod 4644 Test---> Add suid
chmod 2644 Test---> Add sgid
chmod 1644 Test---> Add sticky
(3). Special properties
To view special properties of a file by lsattr
Special properties of the file via chattr (plus attribute +, go to attribute then-)
several commonly used special attribute parameters are:
1). I ---> If this parameter is added to a file, the file will not be deleted or modified, including the root user, in order to prevent accidental deletion of important files
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/77/wKiom1WdEvKyQy8SAAFb-rITZFo382.jpg "style=" float: none; "title=" A.png "alt=" Wkiom1wdevkyqy8saafb-ritzfo382.jpg "/>
Root user also cannot delete
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/74/wKioL1WdFMKDTSAcAACfGTu0U50133.jpg "style=" float: none; "title=" B.png "alt=" Wkiol1wdfmkdtsacaacfgtu0u50133.jpg "/>
2). A ---> This parameter can make the atime of the file no longer change (commonly used in the homepage of the Web server, to prevent the homepage from being accessed by multiple users and constantly modify the accesstime, improve efficiency)
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/77/wKiom1WdFTHh4iewAACnuSqLZos234.jpg "style=" float: none; "title=" C.png "alt=" Wkiom1wdfthh4iewaacnusqlzos234.jpg "/>
Atime before the change
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/74/wKioL1WdFwHDjMQsAAH3AMURjfs182.jpg "style=" float: none; "title=" D.png "alt=" Wkiol1wdfwhdjmqsaah3amurjfs182.jpg "/>
You can see that even modifying the test,atime will not change
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/77/wKiom1WdFTGyz5tpAAIelFyjtuY783.jpg "style=" float: none; "title=" E.png "alt=" Wkiom1wdftgyz5tpaaielfyjtuy783.jpg "/>
3). a ---> Files with this special permission can only be edited in an additional way
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/77/wKiom1WdGA_D2907AACrZqpwzYk327.jpg "style=" float: none; "title=" F.png "alt=" Wkiom1wdga_d2907aacrzqpwzyk327.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/74/wKioL1WdGd-iEp1oAADpFy-fkbA458.jpg "style=" float: none; "title=" G.png "alt=" Wkiol1wdgd-iep1oaadpfy-fkba458.jpg "/>
4 . ACL ---> Add special ACL Control
Specific implementation:
Find a formatted hard drive, go to/etc/fstab and add ACL control and boot mount point
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/77/wKiom1WdGtKgy1T2AAI24OcBpBw203.jpg "style=" float: none; "title=" I.png "alt=" Wkiom1wdgtkgy1t2aai24ocbpbw203.jpg "/>
View ACLs for corresponding files
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/74/wKioL1WdHKKjlMDbAAE_t6IO9MU531.jpg "style=" float: none; "title=" J.png "alt=" Wkiol1wdhkkjlmdbaae_t6io9mu531.jpg "/>
Setting ACLs on files
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/77/wKiom1WdGtPAZmtHAAErgMcsXSE554.jpg "style=" float: none; "title=" K.png "alt=" Wkiom1wdgtpazmthaaergmcsxse554.jpg "/>
Test (because the file test belongs to user root and group Root,other only Read permission)
Normal user test cannot modify the file test because only the R permission
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/78/wKiom1WdG6Oj_UGOAADgcH0rSQk041.jpg "style=" float: none; "title=" L.png "alt=" Wkiom1wdg6oj_ugoaadgch0rsqk041.jpg "/>
Normal user fcy can modify the file test
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/74/wKioL1WdHXOT_y5hAAEDWsya3ao680.jpg "style=" float: none; "title=" M.png "alt=" Wkiol1wdhxot_y5haaedwsya3ao680.jpg "/>
This article is from the "but evil Water Heart Pan" blog, please be sure to keep this source http://shmilyfl.blog.51cto.com/8897986/1672164
Permissions and access control in Linux