Rights Management of Linux

User Name resolution:

Login:root

Name resolution libraries, which are located in the/lib64,,/usr/lib64 directory, typically with LIBNSS

Nss:network Service Switch

Security context: Each process runs as a user's running identity

The permission of the process to access the resource depends on the permissions of the user initiating the process;

Permissions:

Ls–l

rw--r-r--

Three types of accounts:

Owner: Owner,u

Genus Group: Group,g

Others: Other,o

Corresponding to the current resource, each type of account is restricted by three types of permissions, in the following order fixed arrangement;

R Read

W Write

X execution

-0

Access to a file by a certain type of user:
---000 0
--x 001 1
-w-010 2
-WX 011 3
r--100 4
R-x 101 5
RW-110 6
RWX 111 7

Practice:

1.640,600,660,775,755,750,700

Rx-r-----,

RW-------,

RW-RW----,

Rwxrwxr-x,

Rwxr-xr-x,

Rwx-rx---,

RWX------

2.rwxr-xr-,r-xr-xr-,rw-r-----, rwxrwxrwx

754 554 640 777

Permissions (perm): mode,ownership

Modify Mode:

chmod command

Chmod[-r]octal-mode FILE ...

-R: Recursive modification

=============

# mkdir Mymod

# cp/etc/fstab-l/tmp/mymod

Ll-d/tmp/mymod
-rw-r--r--. 2 root root 899 August 07:11/tmp/mymod
# Chmod-r 700/tmp/mymod

Ll-d/tmp/mymod
-RWX------. 2 root root 899 August 07:11/tmp/mymod

U

User

G

Group

O

Other

A

All Users (default)

OpCode

+

Increase permissions

-

Delete permissions

=

Reassign permissions

Operation permissions for the specified category User: =

U=,g=,o=,ug=,a=

To manipulate a certain bit or some bit of a user's permissions: +-

u+,g+,o+

u-,g-,o-

Referential modifications:

--reference=/path/to/somefile

Exercise: Copying the/etc/skel directory to/home/tuser1 requires that/home/tuser1 and its internal files have no access to the group and other users.

#cp –r/etc/skel/home/tuser1

#ls –ld/home/tuser1

#chmod –R Go=/home/tuser1

Instance:

$ chmod u+x file adds execute permission to the owner of file

$ chmod 751 file assigns read, write, execute (7) permissions to the owner of file, assigns read, execute (5) permissions to the group where the file resides, and assigns permissions to other users to execute (1)

$ chmod Another form of the example on U=rwx,g=rx,o=x file

$ chmod =r file to assign Read permissions to all users

$ chmod 444 File above example

$ chmod a-wx,a+r File above example

$ chmod-r u+r Directory recursively reads permissions for the owner of all files and subdirectories in directory directory

$ chmod 4755 Sets the ID to assign read, write, and execute permissions to the owner, assigning read and Execute permissions to the group and other users.

Modify Owership: Only Administrators have permissions

Chown

     chown [options] ... Owner [: [Group]] file ...

     Change the owner and group of files via Chown. You can use the user name and user identification number settings when you change the owner or group of the file. Ordinary users cannot change their files to other owners. Its operation permissions are generally administrators.

necessary parameters:

-C displays information about the changed section

-F to ignore error messages

-H repair Symbolic Links

-R processes the specified directory and its subdirectories All files under

-V Show verbose processing information

-deference The point of the symbolic link, not the link file itself

selection Parameters:

--refere nce=< directory or File > use the specified directory/file as a reference, set the operation's file/directory to the same owner and group as the reference file/directory

--from=< Current User: Current group > Changes are made only if the current user and group are the same as the specified user and group

--help display Help information

--version display version information

1. The owner of the file hh.c to be modified. Modify this user to Sakia all
Chown Sakia hh.c
This applies hh.c user access to Sakia as the owner of
2. Change the owner and group of the directory/tmp/sco this directory to Sakia and group net
Chown-r Sakia:net/tmp/sco

Chgrp

To alter all of the/opt/local/book/and its subdirectories The genus for the file is book, and the command is as follows:
$ chgrp-r book/opt/local/book

Umask: Masking Code
Catalog: 777-umask
Files: 666-umask
If the permissions of a certain class of users have permission to execute, it will automatically add 1 to its permission bit.

Umask umask
Set: Valid only for the current shell process;

Chow's Usage tips:

Chown[-r][-reference=][user][:group]file ...

USER only changes to master

User:group at the same time as the host group

: Group changed only

Rights Management of Linux