Rights Management of Linux Foundation

Rights Management:

Ls-l

RWXRWXRWX:

Left three bits: Define permissions for user (owner)

Three bits: Defines the permissions of the group;

Right three bits: Define other's permissions

Process Security Context:

The process applies the model to the access rights of the file:

The owner of the process is the same as the owner of the file, and if the same, the application is the master permission;

Otherwise, check whether the owner of the process belongs to the genus Group of the file, and if so, the group permission is applied;

Otherwise, you can only apply other permissions;

Permissions:

R:readable, read

W:writable, write

X:excutable, Executive

File:

R: Can obtain the data of the file;

W: can modify the data of the file;

X: This file can be run as a process;

Directory:

R: You can use the LS command to get a list of all the files under it;

W: Can modify the list of files in this directory, that is, create or delete files;

X: Can be CD to this directory, and can use Ls-l to get all the file detailed property information;

Mode:rwxrwxrwx

Ownership:user, Group

Privilege Combination mechanism:

---000 0

--x 001 1

-w-010 2

-WX 011 3

r--100 4

R-x 101 5

RW-110 6

RWX 111 7

Practice: Rw-rw-r--, rwxrwxr-x, rwxr-x---, rw------, rwxr-xr-x

664, 640, 600, 775, 750, 755 (8 notation)

Rights Management Commands:

chmod command:

chmod [OPTION] ... Mode[,mode] ... FILE ...

chmod [OPTION] ... Octal-mode FILE ...

chmod [OPTION] ...--reference=rfile FILE ...

Three types of users:

U: Owner

G: Genus Group

O: Other

A: All

(1) chmod [OPTION] ... Mode[,mode] ... FILE ...

Mode notation:

Empowerment notation: Direct operation of a class of user's ownership limit rwx;

u=

g=

o=

A=

Authorization representation: A privilege bit r,w,x for direct operation of a class of users;

u+, U

G+, G

o+, O

A +, A-

(2) chmod [OPTION] ... Octal-mode FILE ...

8 binary

(3) chmod [OPTION] ...--reference=rfile FILE ...

Specify the same permissions as a file

Options:

-R,--recursive: Recursive modification

--reference: Reference Modification

Note: Users can only modify the permissions of those files that belong to the owner;

Subordinate Relationship Management commands: Chown, CHGRP

Chown command:

chown [OPTION] ... [OWNER] [: [GROUP]] FILE ...

chown [OPTION] ...--reference=rfile FILE ...

Options:

-R: Recursive modification

Chown-r Root:root/path/to/somefile

Chown-r Root.root/path/to/somefile

Chown-r: Root/path/to/somefile

CHGRP command:

CHGRP [OPTION] ... GROUP FILE ...

chgrp [OPTION] ...--reference=rfile FILE ...

Note: Only administrators can modify the owner and owner group of the file;

Think: The user has write permission to the directory, but the directory under the file does not have write permissions, can you modify the contents of this file? Can I delete this file?

Umask: File Permissions reverse mask, mask code;

File:

666-umask

Directory:

777-umask

Note: The file is reduced by 666, which means that the file cannot have Execute permission by default, and if there is execution permission in the result, it needs to be added 1;

umask:023

666-023=644

777-023=754

Umask command:

Umask: View current Umask

umask MASK: Set umask

Note: This type of setting is only valid for the current shell process;

Exercise: Complete the following tasks

1, the new system group MARIADB, the new system user mariadb, belongs to the MARIADB group, requires that it has no home directory, and the shell

for/sbin/nologin; try root to switch to the user and view its command prompt;

2, the new GID for 5000 group mageedu, new user Gentoo, request their home directory for/users/gentoo, password with the user name;

3, new user fedora, whose home directory is/users/fedora, password with the user name;

4, the new user www, its home directory for/users/www; Delete www users, but keep their home directory;

5 added additional group mageedu for user Gentoo and fedora;

6, copy the directory/var/log to/tmp/directory, modify/tmp/log and all the files within the group of mageedu, and let the group has write access to the directory itself;

Install Command:

install-copy files and set attributes

Single Source replication:

Install [OPTION] ... [-T] SOURCE DEST

Multi-source replication:

Install [OPTION] ... SOURCE ... DIRECTORY

Install [OPTION] ...-t DIRECTORY SOURCE ...

to create a directory:

Install [OPTION] ...-d DIRECTORY ...

Common options:

-M,--mode=mode: Set the target file permissions, default to 755;

-O,--owner=owner: Set the target file owner;

-G,--group=group: Set the target file genus Group;

Mktemp command:

mktemp-create A temporary file or directory

mktemp [OPTION] ... [TEMPLATE]

Common options:

-D: Create a temp directory

Note: Mktemp will return the created temporary file name directly, so it can be saved directly from the command reference;

Rights Management of Linux Foundation