Primary Learning Linux Unit sixth

# # #第六单元 # #

One, file Properties view

Ls-l the size of the FileName directory property (the sum of the characters in the file name)
-|rw-r--r--. | 1| Root|   Root| 46 | OCT 1 05:03 |filename
— ————————— — ———— ———— —— ———————————— ————————
1 2 3 4 5 6 7 8
The number of files contained in the directory
1. "-": File type
-# #普通文件
D # #目录
C # #字符设备
S # #套接字
P # #管道
B # #快设备
L # #连接

2. "rw-r--r--": File read and Write permissions
rw-|r--|r--
*   $   @

* Everyone's permission--u
$ permissions for all groups--g
@ Other people's Rights--o

3. "1":
File: The number of times a file's contents have been recorded by the system
To directory: The number of bytes of the file attribute in the directory

4. "Root": File owner

5. "Root": all groups of files

6. "46": Size of File contents

7. "Oct 1 05:03": The last time the file was modified

8. "FileName": File name

Diagram: File View ls-l/root # #root目录下的文件属性查看

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/A6/DB/wKioL1ncoNjAGZj1AACp9bwLPjY373.png-wh_500x0-wm_ 3-wmp_4-s_2432302367.png "title=" screenshot from 2017-10-09 15-56-19.png "alt=" Wkiol1nconjagzj1aacp9bwlpjy373.png-wh_50 "/>

Ii. management of all groups of document owners

1. change file permissions person/group
Chown Username File|dir # #更改文件的所有人
Chgrp username:groupname File|dir # #更改所有人所有组

Diagram: Changes to file permissions in the directory

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/08/29/wKiom1ndEACxoa5fAACZ20qtTwI916.png-wh_500x0-wm_ 3-wmp_4-s_3278929735.png "title=" screenshot from 2017-10-09 16-10-10.png "alt=" Wkiom1ndeacxoa5faacz20qttwi916.png-wh_50 "/>

2. Change directory permissions person/group
Chown-r Username Dir # #更改目录本身及里面所有内容的所有人

Diagram: Modification of directory User rights

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M01/08/29/wKiom1ndEBGion_SAACRehmsFYg012.png-wh_500x0-wm_ 3-wmp_4-s_3595423630.png "title=" screenshot from 2017-10-09 16-10-46.png "alt=" Wkiom1ndebgion_ Saacrehmsfyg012.png-wh_50 "/>

Chgrp-r GroupName dir # #更改目录本身及里面所有内容的所有组

Diagram: Modification of directory group permissions

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/08/29/wKiom1ndECLBWDIkAAC5evNjy8c282.png-wh_500x0-wm_ 3-wmp_4-s_376930923.png "title=" screenshot from 2017-10-09 16-11-43.png "alt=" Wkiom1ndeclbwdikaac5evnjy8c282.png-wh _50 "/>

$PS:
Monitoring commands
Watch-n 1 ls-lr/mnt # #ls-lr/mnt View the properties of the files in the directory, and-R recursively view the properties of the files in the MNT directory

Third, the general permissions of the file

rw-|r--|r--
U g o
U: File owner can read and write to file
G: File group members are readable for files
O: Other people can read the file
U first match, G priority, O match when U,g mismatch

1.r
To files: You can view the characters in a file
For directories: You can view the information for a file in a directory

0.5
To file: You can change the characters in the file
For directories: You can add delete files to the directory

3.x
To files: program actions that can run records within a file
To the directory: You can enter the directory

4. Modify the file permissions by character mode
chmod [-R] <u|g|o><+|-|=><r|w|x> File|dir

chmod u-x File1 # #file1拥有者去掉x权限
chmod g+w File1 # #file1拥有组添加w权限
chmod u-x,g+w file1 # #file1拥有者去掉x权, file1 have group add W permission
chmod ugo-r File2 # #file2的用户组其他人去掉r权限
chmod ug+x,o-r File3 # #file3用户和组添加x权限, other people get rid of R permissions

Diagram: chmod Modify Permissions

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/A6/DB/wKioL1ncoZ2QIOclAACiiDLSMr8712.png-wh_500x0-wm_ 3-wmp_4-s_1804405452.png "title=" screenshot from 2017-10-09 21-26-26.png "alt=" Wkiol1ncoz2qioclaaciidlsmr8712.png-wh_50 "/>

5. Digitally modify the file permissions
In Linux
R=4
w=2
X=1
File permission number representation
rw-|r--|r--
U g o
U=rw-=4+2+0=6
G=r--=4+0+0=4
O=r--=4+0+0=4
So file permissions are represented as 644

chmod Modified Permission value file
chmod 777 File

7=rwx
6=rw-
5=r-x
4=r--
3=-wx
2=-w-
1=--x
0=---

Figure: chmod Number Modification permission

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M01/A6/DB/wKioL1ncocKBCiJQAACPdJyn9Fo917.png-wh_500x0-wm_ 3-wmp_4-s_2231505658.png "title=" screenshot from 2017-10-09 21-27-12.png "alt=" Wkiol1ncockbcijqaacpdjyn9fo917.png-wh_50 "/>

Four, the system default permissions settings

From the point of view of system existence, the greater the open power, the higher the system existence meaning
From a system security standpoint, the less open power, the higher the system security
So the system set new file or directory will remove some permissions
Setting mode
Umask # #查看系统保留权限默认为022
Umask 077 # #修改该系统保留权限为077, this setting is temporary and only valid in the current shell

Diagram: Umask system permissions and temporary permissions

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/A6/DB/wKioL1ncodeACGyoAAB4yx1vQk8107.png-wh_500x0-wm_ 3-wmp_4-s_3755303141.png "title=" screenshot from 2017-10-09 21-28-49.png "alt=" Wkiol1ncodeacgyoaab4yx1vqk8107.png-wh_50 "/>

Permanent setting Mode:
[Email protected] desktop]# VIM/ETC/BASHRC # #shell系统文件配置
Part of the/ETC/BASHRC file:
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then
Umask 002 # #普通用户umask
Else
Umask 077 # #超级用户umask
The fi

Diagram:/ETC/BASHRC file contents

650) this.width=650; "Src=" Https://s4.51cto.com/wyfs02/M02/08/29/wKiom1ndERjScfuyAABbgJmDljY706.png-wh_ 500x0-wm_3-wmp_4-s_422239339.png "title=" screenshot from 2017-10-09 21-33-33.png "alt=" Wkiom1nderjscfuyaabbgjmdljy706.png-wh_50 "/>

[Email protected] desktop]# Vim/etc/profile # #系统
Part of the/etc/profile file:
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then
Umask 002 # #普通用户umask
All else
Umask 077 # #超级用户umask
+ fi

Diagram:/etc/profile file contents

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M02/08/29/wKiom1ndESrAqlnUAAAsHNalWug033.png-wh_500x0-wm_ 3-wmp_4-s_342996024.png "title=" screenshot from 2017-10-09 21-33-46.png "alt=" Wkiom1ndesraqlnuaaashnalwug033.png-wh _50 "/>

Two files above Umask set values must be consistent
Source/etc/bashrc
Source/etc/profile
Make the setting effective immediately

V. Special privileges

1.suid # #冒险位
For binary executables only,
Files documented within the process generated by the program owner for the file owner
Not related to the identity of the process initiator

Setting mode:
[[email protected] desktop]# chmod u+s File # #suid = 4, can also be modified with the number of permissions chmod 4xxx file
Check if modified files can be used: switch to a normal user and execute the command given special permission as Superuser in the normal user

For example, with/bin/touch, the configuration file for the Touch command
[Email protected] desktop]# chmod U+s/bin/touch
Switch user to normal user
[[email protected] ~]$/bin/touch/root/file ##/bin/touch is equivalent to a normal user as a superuser in the creation of a file-based command,/root/file is an ordinary user can not operate the directory

Diagram: Execution process

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/A6/DB/wKioL1ncomyiDZQkAABeOE4Vn7o780.png-wh_500x0-wm_ 3-wmp_4-s_631029286.png "title=" screenshot from 2017-10-09 21-37-59.png "alt=" Wkiol1ncomyidzqkaabeoe4vn7o780.png-wh _50 "/>

2.sgid # #强制位
To file: Only for binary executables,
Anyone running a binary file
All groups of processes that are generated by programs are all groups of files
Independent of the identity of the program initiator group
For directories: When the directory has Sgid permissions, all the groups of all files created in the directory
are automatically attributed to all groups in the directory, regardless of the group that the file creator resides in

Setting mode:

[Email protected] desktop]# chmod g+s file|dir
# #sgid = 2, can also be modified with the number of permissions chmod 2xxx File|dir, the group must have write function

Diagram: Execution process

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/08/29/wKiom1ndEYvw_3akAACIrYLXf1U954.png-wh_500x0-wm_ 3-wmp_4-s_2090544569.png "title=" screenshot from 2017-10-09 21-41-37.png "alt=" Wkiom1ndeyvw_ 3akaacirylxf1u954.png-wh_50 "/>

3.sticky # #粘制位
T permissions:
For directories only, when a directory has T permissions, the files in the directory can only be deleted by the owner

Setting mode:
[Email protected] desktop]# chmod o+t direcotry
# #t = 1, so you can modify permissions with numbers, chmod 1777 Direcotry
Login with a normal user and in the directory under the Add T permission to establish a file, which is the owner of the file for the establishment of his users, and then with another ordinary user login to delete the file just created, is not allowed.

Diagram: Execution process

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/A6/DC/wKioL1ncoo6CPQ9-AADefzjtP20643.png-wh_500x0-wm_ 3-wmp_4-s_274427269.png "title=" screenshot from 2017-10-09 21-46-53.png "alt=" Wkiol1ncoo6cpq9-aadefzjtp20643.png-wh _50 "/>

This article is from the "13342594" blog, please be sure to keep this source http://13352594.blog.51cto.com/13342594/1971258

Primary Learning Linux Unit sixth