1. file security and permissions
1 file type
D directory
L Symbolic Link
S socket File
Block B Device Files
C character Device File
P name MPs queue File
-Common files
2. For the file owner, if only the read permission bit is set, the file can still be written to the file through file redirection.
3. Change the permission bit
A symbol Mode
Chmod [who] OPERATOR [permission] filename
WHO:
U file owner permission
G same group User Permissions
O other User Permissions
A All Users
Operator
+ Add permissions
-Cancel permission
= Set permissions
Permission:
R read permission
W write permission
X execution permission
S file owner and group set-ID
T viscosity position *
L lock files
B absolute Mode
Chmod [mode] File
Mode: Eight Cores
4 directory
The read permission bit of the Directory means that the content can be listed. The Write Permission bit means that files can be created in the directory. The execution permission limit means searching and accessing the directory.
5 SUID/GUID
SUID means that if a user sets this permission for his or her shell script, other users will also have the corresponding permissions of their owner when executing this script. Therefore, if a script of the root user sets such permissions, other common users also have root user permissions during its execution. The same principle applies to guids. the user who executes the script will have the permission of the user in the user group to which the file belongs.
If you want to set s u I d for the file l o g I n, the current permission is rwx RW-r -- (741 ), you need to add a 4 (chmod 4741) before the permission number when using the CHMOD command, which changes the permission of the file to rws rw-r --
Chmod U + S <FILENAME>
6 chown and chgrp
Only the file owner and system administrator can change the ownership of the file. Once the ownership of the file is handed over to another user, the ownership of the file cannot be recovered. If you really need to do this, you have to turn to the system administrator.
Chmod-r-H owner File
-H means that when changing the owner of the symbolic link file, it does not affect the target file to which the link points.
7 umask
The umask command determines the default file creation mode. Generally, umask is set in the/etc/profile file.
The system does not allow you to grant the execution permission when creating a text file. You must use the CHMOD command to add this permission after the creation. Directory allows you to set the execution permission. For the directory, the maximum number of umask numbers is 7.