Permissions and special permission bits for Linux files
Permissions for files
rw- r-- r-- owner group other
Normal file
**当仅r权限作用在文件上的时候,表示用户可以读取该文件的内容*当仅w权限作用在文件上的时候,表示用户可以修改该文件的内容当仅x权限作用在文件上的时候,没有意义。**当rw同时作用在文件上的时候,表示用户可以读写文件**当rx同时作用在文件上的时候,表示用户可以读且可以执行该文件当wx同时作用在文件上的时候,权限与仅w相同**当rwx同时作用在文件上的时候,用户可以读写执行。
Directory
当仅r权限作用在目录上的时候,表示用户可以短列出查看目录下的文件名当仅w权限作用在目录上的时候,没有意义*当仅x权限作用在目录上的时候,表示用户可以进入且可以访问目录下的文件,但不能列出文件名当仅rw权限同时作用在目录上的时候,权限等同于仅r权限作用在目录**当仅rx权限同时作用在目录上的时候,表示用户可以进入,可以访问子文件,同时可以长列出文件*当仅wx权限同时作用在目录上的时候,表示用户可以进入,可以访问子文件,可以创建及删除,但不能列出**当rwx权限同时作用在目录上的时候,表示用户有完整权限X 对于批量增加x权限时,可以跳过文件而只对目录加x chmod --reference -R 可以递归修改权限 r:4 w:2 x:1 7:rwx 6:rw 5:rx 4:r 3:wx 2:w 1:x umask 表示用户创 建文件的默认权限,目录最高777,文件最高666 umask xxx 设置umask umask 查看umask ~/.bashrc 将umask设定保存以让下次登录时仍然有效 umask -S 显示创建目录的默认权限
Homework:
1、复制/etc/fstab文件到/var/tmp下,设置文件所有者为wangcai读写权限,所属组为sysadmins组有读写权限,其他人无权限cp /etc/fstab /var/tmp;useradd wangcai;groupadd sysadmins;chown wangcai.sysadmins /var/tmp/fstab;chmod u=rw,g=rw,o= /var/tmp/fstab2、误删除了用户wangcai的家目录,请重建并恢复该用户家目录及相应的权限属性rm -rf /home/wangcaimkdir -p /home/wangcaicp cp -rf /etc/skel/.[^.]* /home/wangcai/
Suid
SUID: After an executable binary has suid permissions, anyone who executes the file can temporarily have the permissions of its owner
chmod u+s
chmod 4777 Suid
Sgid
Sgid: After an executable binary has Sgid permissions, anyone who executes the file can temporarily have the permissions of the group to which it belongs
After the directory has Sgid permissions, the owning group of the inherited directory of the files that are created by anyone in the directory
chmod g+s
chmod 2777 Sgid
Sticky
Sticky: After the directory has been sticky, the files and subdirectories in that directory are only deleted by the owner and Root of its owner and directory.
chmod o+t
chmod 1777 Sticky
- Setting file-specific properties
Chattr +a cannot be modified, can be appended, cannot be deleted
Chattr +i do nothing but read
lsattr filename to see if a file has specific properties
CENOTS6: The new partition default does not have ACL support, the Open method.
Fdisk/dev/sda
N Enter
Enter
- 500M return
W Enter
PARTX-A/DEV/SDA notification kernel update partition table
Mkfs.ext4/dev/sda6
Tune2fs-l/DEV/SDA |grep ACL
None
Tune2fs-o Acl/dev/sda6
Tune2fs-l/DEV/SDA |grep ACL
Acl
CENTOS7: ACLs are supported whenever
- Permission execution order for files
Owner > ACL user > Group ACL group who has more precedence > Other settings
Setfacl-m u|g:username|groupname:rwx Filename|dirname
Setfacl-x U|g:username|groupname Filename|dirname
Setfacl-b filename |dirname
Setfacl-m m:r-x filename|dirname or chmod g=rx filename |dirname
-
- Setting ACLs through Files
File.add content is as follows
U:liubei:rwx
G:shuguo:rx
Setfacl-m File.acl house/
-
- Removing ACLs from files
File.del content is as follows
U:liubei
G:shuguo
Setfacl-x File.del house/
-
- Default Permissions
Setfacl-m d:u:liubei:rwx House
SETFACL-RM u:liubei:rwx House
Getfacl House
File:.
Owner:root
Group:root
--------------------------Setfacl-rm u:liubei:rwx House
User::rwx
User:liubei:rwx
Group::r-x
Mask::rwx
other::r--
-------------------------setfacl-m d:u:liubei:rwx House
Default:user::rwx
Default:user:liubei:rwx
Default:group::r-x
Default:mask::rwx
Default:other::r-x
Setfacl-k house/Delete only default permissions
Experiment: Directories that contain ACL permissions backup and restore using the packaging tool
1. Backup
TAR-CVF House.tar House
Getfacl-r House > Acl.txt
2. Restore
TAR-XVF house.tar-c/var/tmp
CP acl.txt/var/tmp
Setfacl--restore Acl.txt
Permissions and special permission bits for Linux files