Rights Management of Linux Foundation

Source: Internet
Author: User


Rights Management:


Ls-l

RWXRWXRWX:

Left three bits: Define permissions for user (owner)

Three bits: Defines the permissions of the group;

Right three bits: Define other's permissions


Process Security Context:

The process applies the model to the access rights of the file:

The owner of the process is the same as the owner of the file, and if the same, the application is the master permission;

Otherwise, check whether the owner of the process belongs to the genus Group of the file, and if so, the group permission is applied;

Otherwise, you can only apply other permissions;


Permissions:

R:readable, read

W:writable, write

X:excutable, Executive


File:

R: Can obtain the data of the file;

W: can modify the data of the file;

X: This file can be run as a process;


Directory:

R: You can use the LS command to get a list of all the files under it;

W: Can modify the list of files in this directory, that is, create or delete files;

X: Can be CD to this directory, and can use Ls-l to get all the file detailed property information;


Mode:rwxrwxrwx

Ownership:user, Group


Privilege Combination mechanism:

---000 0

--x 001 1

-w-010 2

-WX 011 3

r--100 4

R-x 101 5

RW-110 6

RWX 111 7


Practice: Rw-rw-r--, rwxrwxr-x, rwxr-x---, rw------, rwxr-xr-x

664, 640, 600, 775, 750, 755 (8 notation)


Rights Management Commands:

chmod command:

chmod [OPTION] ... Mode[,mode] ... FILE ...

chmod [OPTION] ... Octal-mode FILE ...

chmod [OPTION] ...--reference=rfile FILE ...


Three types of users:

U: Owner

G: Genus Group

O: Other

A: All


(1) chmod [OPTION] ... Mode[,mode] ... FILE ...


Mode notation:

Empowerment notation: Direct operation of a class of user's ownership limit rwx;

u=

g=

o=

A=


Authorization representation: A privilege bit r,w,x for direct operation of a class of users;

u+, U

G+, G

o+, O

A +, A-


(2) chmod [OPTION] ... Octal-mode FILE ...

8 binary


(3) chmod [OPTION] ...--reference=rfile FILE ...

Specify the same permissions as a file


Options:

-R,--recursive: Recursive modification

--reference: Reference Modification


Note: Users can only modify the permissions of those files that belong to the owner;


Subordinate Relationship Management commands: Chown, CHGRP


Chown command:

chown [OPTION] ... [OWNER] [: [GROUP]] FILE ...

chown [OPTION] ...--reference=rfile FILE ...


Options:

-R: Recursive modification


Chown-r Root:root/path/to/somefile

Chown-r Root.root/path/to/somefile

Chown-r: Root/path/to/somefile


CHGRP command:


CHGRP [OPTION] ... GROUP FILE ...

chgrp [OPTION] ...--reference=rfile FILE ...


Note: Only administrators can modify the owner and owner group of the file;


Think: The user has write permission to the directory, but the directory under the file does not have write permissions, can you modify the contents of this file? Can I delete this file?


Umask: File Permissions reverse mask, mask code;

File:

666-umask

Directory:

777-umask


Note: The file is reduced by 666, which means that the file cannot have Execute permission by default, and if there is execution permission in the result, it needs to be added 1;

umask:023

666-023=644

777-023=754


Umask command:

Umask: View current Umask

umask MASK: Set umask


Note: This type of setting is only valid for the current shell process;


Exercise: Complete the following tasks

1, the new system group MARIADB, the new system user mariadb, belongs to the MARIADB group, requires that it has no home directory, and the shell

for/sbin/nologin; try root to switch to the user and view its command prompt;

2, the new GID for 5000 group mageedu, new user Gentoo, request their home directory for/users/gentoo, password with the user name;

3, new user fedora, whose home directory is/users/fedora, password with the user name;

4, the new user www, its home directory for/users/www; Delete www users, but keep their home directory;

5 added additional group mageedu for user Gentoo and fedora;

6, copy the directory/var/log to/tmp/directory, modify/tmp/log and all the files within the group of mageedu, and let the group has write access to the directory itself;


Install Command:

install-copy files and set attributes


Single Source replication:

Install [OPTION] ... [-T] SOURCE DEST

Multi-source replication:

Install [OPTION] ... SOURCE ... DIRECTORY

Install [OPTION] ...-t DIRECTORY SOURCE ...

to create a directory:

Install [OPTION] ...-d DIRECTORY ...


Common options:

-M,--mode=mode: Set the target file permissions, default to 755;

-O,--owner=owner: Set the target file owner;

-G,--group=group: Set the target file genus Group;


Mktemp command:

mktemp-create A temporary file or directory


mktemp [OPTION] ... [TEMPLATE]


Common options:

-D: Create a temp directory


Note: Mktemp will return the created temporary file name directly, so it can be saved directly from the command reference;


Rights Management of Linux Foundation

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.