# # #第六单元 # #
One, file Properties view
Ls-l the size of the FileName directory property (the sum of the characters in the file name)
-|rw-r--r--. | 1| Root| Root| 46 | OCT 1 05:03 |filename
— ————————— — ———— ———— —— ———————————— ————————
1 2 3 4 5 6 7 8
The number of files contained in the directory
1. "-": File type
-# #普通文件
D # #目录
C # #字符设备
S # #套接字
P # #管道
B # #快设备
L # #连接
2. "rw-r--r--": File read and Write permissions
rw-|r--|r--
* $ @
* Everyone's permission--u
$ permissions for all groups--g
@ Other people's Rights--o
3. "1":
File: The number of times a file's contents have been recorded by the system
To directory: The number of bytes of the file attribute in the directory
4. "Root": File owner
5. "Root": all groups of files
6. "46": Size of File contents
7. "Oct 1 05:03": The last time the file was modified
8. "FileName": File name
Diagram: File View ls-l/root # #root目录下的文件属性查看
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/A6/DB/wKioL1ncoNjAGZj1AACp9bwLPjY373.png-wh_500x0-wm_ 3-wmp_4-s_2432302367.png "title=" screenshot from 2017-10-09 15-56-19.png "alt=" Wkiol1nconjagzj1aacp9bwlpjy373.png-wh_50 "/>
Ii. management of all groups of document owners
1. change file permissions person/group
Chown Username File|dir # #更改文件的所有人
Chgrp username:groupname File|dir # #更改所有人所有组
Diagram: Changes to file permissions in the directory
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/08/29/wKiom1ndEACxoa5fAACZ20qtTwI916.png-wh_500x0-wm_ 3-wmp_4-s_3278929735.png "title=" screenshot from 2017-10-09 16-10-10.png "alt=" Wkiom1ndeacxoa5faacz20qttwi916.png-wh_50 "/>
2. Change directory permissions person/group
Chown-r Username Dir # #更改目录本身及里面所有内容的所有人
Diagram: Modification of directory User rights
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M01/08/29/wKiom1ndEBGion_SAACRehmsFYg012.png-wh_500x0-wm_ 3-wmp_4-s_3595423630.png "title=" screenshot from 2017-10-09 16-10-46.png "alt=" Wkiom1ndebgion_ Saacrehmsfyg012.png-wh_50 "/>
Chgrp-r GroupName dir # #更改目录本身及里面所有内容的所有组
Diagram: Modification of directory group permissions
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/08/29/wKiom1ndECLBWDIkAAC5evNjy8c282.png-wh_500x0-wm_ 3-wmp_4-s_376930923.png "title=" screenshot from 2017-10-09 16-11-43.png "alt=" Wkiom1ndeclbwdikaac5evnjy8c282.png-wh _50 "/>
$PS:
Monitoring commands
Watch-n 1 ls-lr/mnt # #ls-lr/mnt View the properties of the files in the directory, and-R recursively view the properties of the files in the MNT directory
Third, the general permissions of the file
rw-|r--|r--
U g o
U: File owner can read and write to file
G: File group members are readable for files
O: Other people can read the file
U first match, G priority, O match when U,g mismatch
1.r
To files: You can view the characters in a file
For directories: You can view the information for a file in a directory
0.5
To file: You can change the characters in the file
For directories: You can add delete files to the directory
3.x
To files: program actions that can run records within a file
To the directory: You can enter the directory
4. Modify the file permissions by character mode
chmod [-R] <u|g|o><+|-|=><r|w|x> File|dir
chmod u-x File1 # #file1拥有者去掉x权限
chmod g+w File1 # #file1拥有组添加w权限
chmod u-x,g+w file1 # #file1拥有者去掉x权, file1 have group add W permission
chmod ugo-r File2 # #file2的用户组其他人去掉r权限
chmod ug+x,o-r File3 # #file3用户和组添加x权限, other people get rid of R permissions
Diagram: chmod Modify Permissions
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/A6/DB/wKioL1ncoZ2QIOclAACiiDLSMr8712.png-wh_500x0-wm_ 3-wmp_4-s_1804405452.png "title=" screenshot from 2017-10-09 21-26-26.png "alt=" Wkiol1ncoz2qioclaaciidlsmr8712.png-wh_50 "/>
5. Digitally modify the file permissions
In Linux
R=4
w=2
X=1
File permission number representation
rw-|r--|r--
U g o
U=rw-=4+2+0=6
G=r--=4+0+0=4
O=r--=4+0+0=4
So file permissions are represented as 644
chmod Modified Permission value file
chmod 777 File
7=rwx
6=rw-
5=r-x
4=r--
3=-wx
2=-w-
1=--x
0=---
Figure: chmod Number Modification permission
650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M01/A6/DB/wKioL1ncocKBCiJQAACPdJyn9Fo917.png-wh_500x0-wm_ 3-wmp_4-s_2231505658.png "title=" screenshot from 2017-10-09 21-27-12.png "alt=" Wkiol1ncockbcijqaacpdjyn9fo917.png-wh_50 "/>
Four, the system default permissions settings
From the point of view of system existence, the greater the open power, the higher the system existence meaning
From a system security standpoint, the less open power, the higher the system security
So the system set new file or directory will remove some permissions
Setting mode
Umask # #查看系统保留权限默认为022
Umask 077 # #修改该系统保留权限为077, this setting is temporary and only valid in the current shell
Diagram: Umask system permissions and temporary permissions
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/A6/DB/wKioL1ncodeACGyoAAB4yx1vQk8107.png-wh_500x0-wm_ 3-wmp_4-s_3755303141.png "title=" screenshot from 2017-10-09 21-28-49.png "alt=" Wkiol1ncodeacgyoaab4yx1vqk8107.png-wh_50 "/>
Permanent setting Mode:
[Email protected] desktop]# VIM/ETC/BASHRC # #shell系统文件配置
Part of the/ETC/BASHRC file:
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then
Umask 002 # #普通用户umask
Else
Umask 077 # #超级用户umask
The fi
Diagram:/ETC/BASHRC file contents
650) this.width=650; "Src=" Https://s4.51cto.com/wyfs02/M02/08/29/wKiom1ndERjScfuyAABbgJmDljY706.png-wh_ 500x0-wm_3-wmp_4-s_422239339.png "title=" screenshot from 2017-10-09 21-33-33.png "alt=" Wkiom1nderjscfuyaabbgjmdljy706.png-wh_50 "/>
[Email protected] desktop]# Vim/etc/profile # #系统
Part of the/etc/profile file:
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then
Umask 002 # #普通用户umask
All else
Umask 077 # #超级用户umask
+ fi
Diagram:/etc/profile file contents
650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M02/08/29/wKiom1ndESrAqlnUAAAsHNalWug033.png-wh_500x0-wm_ 3-wmp_4-s_342996024.png "title=" screenshot from 2017-10-09 21-33-46.png "alt=" Wkiom1ndesraqlnuaaashnalwug033.png-wh _50 "/>
Two files above Umask set values must be consistent
Source/etc/bashrc
Source/etc/profile
Make the setting effective immediately
V. Special privileges
1.suid # #冒险位
For binary executables only,
Files documented within the process generated by the program owner for the file owner
Not related to the identity of the process initiator
Setting mode:
[[email protected] desktop]# chmod u+s File # #suid = 4, can also be modified with the number of permissions chmod 4xxx file
Check if modified files can be used: switch to a normal user and execute the command given special permission as Superuser in the normal user
For example, with/bin/touch, the configuration file for the Touch command
[Email protected] desktop]# chmod U+s/bin/touch
Switch user to normal user
[[email protected] ~]$/bin/touch/root/file ##/bin/touch is equivalent to a normal user as a superuser in the creation of a file-based command,/root/file is an ordinary user can not operate the directory
Diagram: Execution process
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/A6/DB/wKioL1ncomyiDZQkAABeOE4Vn7o780.png-wh_500x0-wm_ 3-wmp_4-s_631029286.png "title=" screenshot from 2017-10-09 21-37-59.png "alt=" Wkiol1ncomyidzqkaabeoe4vn7o780.png-wh _50 "/>
2.sgid # #强制位
To file: Only for binary executables,
Anyone running a binary file
All groups of processes that are generated by programs are all groups of files
Independent of the identity of the program initiator group
For directories: When the directory has Sgid permissions, all the groups of all files created in the directory
are automatically attributed to all groups in the directory, regardless of the group that the file creator resides in
Setting mode:
[Email protected] desktop]# chmod g+s file|dir
# #sgid = 2, can also be modified with the number of permissions chmod 2xxx File|dir, the group must have write function
Diagram: Execution process
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/08/29/wKiom1ndEYvw_3akAACIrYLXf1U954.png-wh_500x0-wm_ 3-wmp_4-s_2090544569.png "title=" screenshot from 2017-10-09 21-41-37.png "alt=" Wkiom1ndeyvw_ 3akaacirylxf1u954.png-wh_50 "/>
3.sticky # #粘制位
T permissions:
For directories only, when a directory has T permissions, the files in the directory can only be deleted by the owner
Setting mode:
[Email protected] desktop]# chmod o+t direcotry
# #t = 1, so you can modify permissions with numbers, chmod 1777 Direcotry
Login with a normal user and in the directory under the Add T permission to establish a file, which is the owner of the file for the establishment of his users, and then with another ordinary user login to delete the file just created, is not allowed.
Diagram: Execution process
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/A6/DC/wKioL1ncoo6CPQ9-AADefzjtP20643.png-wh_500x0-wm_ 3-wmp_4-s_274427269.png "title=" screenshot from 2017-10-09 21-46-53.png "alt=" Wkiol1ncoo6cpq9-aadefzjtp20643.png-wh _50 "/>
This article is from the "13342594" blog, please be sure to keep this source http://13352594.blog.51cto.com/13342594/1971258
Primary Learning Linux Unit sixth