Rights Management:
Ls-l
RWXRWXRWX:
Left three bits: Define permissions for user (owner)
Three bits: Defines the permissions of the group;
Right three bits: Define other's permissions
Process Security Context:
The process applies the model to the access rights of the file:
The owner of the process is the same as the owner of the file, and if the same, the application is the master permission;
Otherwise, check whether the owner of the process belongs to the genus Group of the file, and if so, the group permission is applied;
Otherwise, you can only apply other permissions;
Permissions:
R:readable, read
W:writable, write
X:excutable, Executive
File:
R: Can obtain the data of the file;
W: can modify the data of the file;
X: This file can be run as a process;
Directory:
R: You can use the LS command to get a list of all the files under it;
W: Can modify the list of files in this directory, that is, create or delete files;
X: Can be CD to this directory, and can use Ls-l to get all the file detailed property information;
Mode:rwxrwxrwx
Ownership:user, Group
Privilege Combination mechanism:
---000 0
--x 001 1
-w-010 2
-WX 011 3
r--100 4
R-x 101 5
RW-110 6
RWX 111 7
Practice: Rw-rw-r--, rwxrwxr-x, rwxr-x---, rw------, rwxr-xr-x
664, 640, 600, 775, 750, 755 (8 notation)
Rights Management Commands:
chmod command:
chmod [OPTION] ... Mode[,mode] ... FILE ...
chmod [OPTION] ... Octal-mode FILE ...
chmod [OPTION] ...--reference=rfile FILE ...
Three types of users:
U: Owner
G: Genus Group
O: Other
A: All
(1) chmod [OPTION] ... Mode[,mode] ... FILE ...
Mode notation:
Empowerment notation: Direct operation of a class of user's ownership limit rwx;
u=
g=
o=
A=
Authorization representation: A privilege bit r,w,x for direct operation of a class of users;
u+, U
G+, G
o+, O
A +, A-
(2) chmod [OPTION] ... Octal-mode FILE ...
8 binary
(3) chmod [OPTION] ...--reference=rfile FILE ...
Specify the same permissions as a file
Options:
-R,--recursive: Recursive modification
--reference: Reference Modification
Note: Users can only modify the permissions of those files that belong to the owner;
Subordinate Relationship Management commands: Chown, CHGRP
Chown command:
chown [OPTION] ... [OWNER] [: [GROUP]] FILE ...
chown [OPTION] ...--reference=rfile FILE ...
Options:
-R: Recursive modification
Chown-r Root:root/path/to/somefile
Chown-r Root.root/path/to/somefile
Chown-r: Root/path/to/somefile
CHGRP command:
CHGRP [OPTION] ... GROUP FILE ...
chgrp [OPTION] ...--reference=rfile FILE ...
Note: Only administrators can modify the owner and owner group of the file;
Think: The user has write permission to the directory, but the directory under the file does not have write permissions, can you modify the contents of this file? Can I delete this file?
Umask: File Permissions reverse mask, mask code;
File:
666-umask
Directory:
777-umask
Note: The file is reduced by 666, which means that the file cannot have Execute permission by default, and if there is execution permission in the result, it needs to be added 1;
umask:023
666-023=644
777-023=754
Umask command:
Umask: View current Umask
umask MASK: Set umask
Note: This type of setting is only valid for the current shell process;
Exercise: Complete the following tasks
1, the new system group MARIADB, the new system user mariadb, belongs to the MARIADB group, requires that it has no home directory, and the shell
for/sbin/nologin; try root to switch to the user and view its command prompt;
2, the new GID for 5000 group mageedu, new user Gentoo, request their home directory for/users/gentoo, password with the user name;
3, new user fedora, whose home directory is/users/fedora, password with the user name;
4, the new user www, its home directory for/users/www; Delete www users, but keep their home directory;
5 added additional group mageedu for user Gentoo and fedora;
6, copy the directory/var/log to/tmp/directory, modify/tmp/log and all the files within the group of mageedu, and let the group has write access to the directory itself;
Install Command:
install-copy files and set attributes
Single Source replication:
Install [OPTION] ... [-T] SOURCE DEST
Multi-source replication:
Install [OPTION] ... SOURCE ... DIRECTORY
Install [OPTION] ...-t DIRECTORY SOURCE ...
to create a directory:
Install [OPTION] ...-d DIRECTORY ...
Common options:
-M,--mode=mode: Set the target file permissions, default to 755;
-O,--owner=owner: Set the target file owner;
-G,--group=group: Set the target file genus Group;
Mktemp command:
mktemp-create A temporary file or directory
mktemp [OPTION] ... [TEMPLATE]
Common options:
-D: Create a temp directory
Note: Mktemp will return the created temporary file name directly, so it can be saved directly from the command reference;
Rights Management of Linux Foundation