Permissions and special permission bits for Linux files

Source: Internet
Author: User

Permissions and special permission bits for Linux files

Permissions for files

rw-     r--    r--  owner  group  other

Normal file

**当仅r权限作用在文件上的时候,表示用户可以读取该文件的内容*当仅w权限作用在文件上的时候,表示用户可以修改该文件的内容当仅x权限作用在文件上的时候,没有意义。**当rw同时作用在文件上的时候,表示用户可以读写文件**当rx同时作用在文件上的时候,表示用户可以读且可以执行该文件当wx同时作用在文件上的时候,权限与仅w相同**当rwx同时作用在文件上的时候,用户可以读写执行。

Directory

当仅r权限作用在目录上的时候,表示用户可以短列出查看目录下的文件名当仅w权限作用在目录上的时候,没有意义*当仅x权限作用在目录上的时候,表示用户可以进入且可以访问目录下的文件,但不能列出文件名当仅rw权限同时作用在目录上的时候,权限等同于仅r权限作用在目录**当仅rx权限同时作用在目录上的时候,表示用户可以进入,可以访问子文件,同时可以长列出文件*当仅wx权限同时作用在目录上的时候,表示用户可以进入,可以访问子文件,可以创建及删除,但不能列出**当rwx权限同时作用在目录上的时候,表示用户有完整权限X 对于批量增加x权限时,可以跳过文件而只对目录加x chmod --reference  -R  可以递归修改权限  r:4  w:2  x:1  7:rwx  6:rw  5:rx  4:r  3:wx  2:w  1:x      umask     表示用户创 建文件的默认权限,目录最高777,文件最高666     umask xxx 设置umask     umask   查看umask     ~/.bashrc 将umask设定保存以让下次登录时仍然有效     umask -S 显示创建目录的默认权限

Homework:

1、复制/etc/fstab文件到/var/tmp下,设置文件所有者为wangcai读写权限,所属组为sysadmins组有读写权限,其他人无权限cp /etc/fstab /var/tmp;useradd wangcai;groupadd sysadmins;chown wangcai.sysadmins /var/tmp/fstab;chmod u=rw,g=rw,o= /var/tmp/fstab2、误删除了用户wangcai的家目录,请重建并恢复该用户家目录及相应的权限属性rm -rf /home/wangcaimkdir -p /home/wangcaicp cp -rf /etc/skel/.[^.]* /home/wangcai/
  • Suid

    SUID: After an executable binary has suid permissions, anyone who executes the file can temporarily have the permissions of its owner
    chmod u+s
    chmod 4777 Suid

  • Sgid

    Sgid: After an executable binary has Sgid permissions, anyone who executes the file can temporarily have the permissions of the group to which it belongs
    After the directory has Sgid permissions, the owning group of the inherited directory of the files that are created by anyone in the directory
    chmod g+s
    chmod 2777 Sgid

  • Sticky

    Sticky: After the directory has been sticky, the files and subdirectories in that directory are only deleted by the owner and Root of its owner and directory.
    chmod o+t
    chmod 1777 Sticky

      • Setting file-specific properties

    Chattr +a cannot be modified, can be appended, cannot be deleted
    Chattr +i do nothing but read

    lsattr filename to see if a file has specific properties

      • ACL Permissions

    CENOTS6: The new partition default does not have ACL support, the Open method.
    Fdisk/dev/sda
    N Enter
    Enter

      • 500M return
        W Enter
        PARTX-A/DEV/SDA notification kernel update partition table
        Mkfs.ext4/dev/sda6
        Tune2fs-l/DEV/SDA |grep ACL
        None
        Tune2fs-o Acl/dev/sda6
        Tune2fs-l/DEV/SDA |grep ACL
        Acl
        CENTOS7: ACLs are supported whenever
      • Permission execution order for files

    Owner > ACL user > Group ACL group who has more precedence > Other settings
    Setfacl-m u|g:username|groupname:rwx Filename|dirname
    Setfacl-x U|g:username|groupname Filename|dirname
    Setfacl-b filename |dirname
    Setfacl-m m:r-x filename|dirname or chmod g=rx filename |dirname

        • Setting ACLs through Files

        File.add content is as follows
        U:liubei:rwx
        G:shuguo:rx

        Setfacl-m File.acl house/

        • Removing ACLs from files
          File.del content is as follows
          U:liubei
          G:shuguo

        Setfacl-x File.del house/

        • Default Permissions
          Setfacl-m d:u:liubei:rwx House
          SETFACL-RM u:liubei:rwx House
  • Getfacl House
    File:.
    Owner:root
    Group:root
    --------------------------Setfacl-rm u:liubei:rwx House
    User::rwx
    User:liubei:rwx
    Group::r-x
    Mask::rwx
    other::r--

    -------------------------setfacl-m d:u:liubei:rwx House
    Default:user::rwx
    Default:user:liubei:rwx
    Default:group::r-x
    Default:mask::rwx
    Default:other::r-x

Setfacl-k house/Delete only default permissions

    • Experiment: Directories that contain ACL permissions backup and restore using the packaging tool

      1. Backup
      TAR-CVF House.tar House
      Getfacl-r House > Acl.txt
      2. Restore
      TAR-XVF house.tar-c/var/tmp
      CP acl.txt/var/tmp
      Setfacl--restore Acl.txt

Permissions and special permission bits for Linux files

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.