# # # file Permissions # # #
View of file Properties * * *
ls-l filename
-|rw-r--r--. | 1| Root| Root| 46 | OCT 1 05:03 |filename
— ———— — —— —— —— ———— ——
1 2 3 4 5 6 7 8
1. "-": file Type
-#普通文件
D #目录
C #字符设备
S #套接字
P #管道
b #快设备
L #连接
2. " rw-r--r--": File read and Write permissions
rw-|r--|r--
U g o
U owner's permissions
G Permissions for all groups
o Other people's rights
3. " 1 ":
File: The number of times a file's contents have been recorded by the system
To directory: The number of bytes of file attributes in the directory (file name size)
4. " Root ": File owner
5. " Root ": All groups of files
6. " 46 ": Size of File contents
7. " OCT 1 05:03 ": The time the file was last modified
8. " FileName ": File name
# # # file owner / All groups of Management # # #
Chown username File|dir #更改文件的所有人
Chown username:groupname file|dir #更改所有人所有组
Chown- r username dir #更改目录本身及里面所有内容的所有人
CHGRP- R GroupName dir #更改目录本身及里面所有内容的所有组
Monitoring commands
Watch-n 1 ls-lr/mnt
# # # file normal Permissions # # #
rw-|r--|r--
U g o
U: file owner can execute permissions on file
G: file group members can execute permissions on files
O: Other people can execute permissions on files
u first match,G priority ,o match when U,g mismatch
1.r
To files: You can view the characters in a file
For directories: You can view the information for a file in a directory
0.5
To file: You can change the characters in the file
For directories: You can add delete files to the directory
3.x
To files: program actions that can run records within a file (such as. sh |. bin.)
For directories: You can enter the directory (you cannot manipulate files in the directory when you cannot enter the directory)
Modify the file permissions by character * * *
chmod [-R] <u|g|o><+|-|=><r|w|x> File|dir
chmod u-x file1 #file1所有人remove x permission
chmod g+w file1 #file1所有人add w Permissions
chmod u-x,g+w file1 #file1所有人Remove x right, user group Group Add w permission
chmod ugo-r file2 #file2的所有人, user groups, other people remove R permissions
chmod ug+x,o-r file3 #file3所有人, user Groups add x permissions, others remove r Permissions
digitally Modify the file permissions * * *
in Linux
R=4
w=2
X=1
File permission number representation
rw-|r--|r--
U g o
U=rw-=4+2+0=6
G=r--=4+0+0=4
O=r--=4+0+0=4
So the file permission rw-r--r-- is represented as 644
*chmod Modified Permission value file
chmod 777 File
* Digital Permission 1~7 meaning
7=rwx
6=rw-
5=r-x
4=r--
3=-wx
2=-w-
1=--x
0=---
# # # system default permissions set # # #
From the point of view of system existence, the greater the open power, the higher the system existence meaning
From a system security standpoint , the less open power, the higher the system security
So the system set new file or directory will remove some permissions
Setting mode
Umask #查看系统保留权限 ( default = 022)
Umask 077 #修改该系统保留权限为077, this setting is temporary and only valid in the current shell
Permanent Setting Method * * *
*vim /ETC/BASHRC # #Shell
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then
Umask 002 #普通用户umask
Else
Umask 077 #超级用户umask
The fi
Vim /etc/profile # # System
If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then
Umask 002 #普通用户umask
All else
Umask 077 #超级用户umask (! The modified permission is 666-unmask, i.e. 600)
+ fi
! Two files above Umask set values must be consistent
Source/etc/bashrc
Source/etc/profile
Make the setting effective immediately
# # # #5. Special Permissions # # #
1.suid # #冒险位
To the binary executable file (e.g.. SH)
Procedures documented within the file are the owner of the process generated by the file owner, and the process initiator identity is irrelevant
(Anyone who executes the program as a file owner)
Setting mode:
chmod u+s File
Suid=4
chmod 4xxx File
2.sgid #强制位
To file: only for binary executables (. Sh. Bin)
Anyone running a binary file, the program when the program produces all the groups of the process are all groups of files, and the program Initiator group is not the identity
(The program is executed by anyone who executes the file as the group in which the file is located)
for directories: When the directory has sgid permissions, all the groups of all newly created files in the directory are automatically attributed to all groups in the directory, regardless of the group in which the file was created
(Anyone who creates a file in the directory that is in the same group as the directory)
Setting mode:
chmod g+s File|dir
sgid=2
chmod 2xxx File|dir
3.sticky # #粘制位
T permissions:
only for Directories , when a directory has T permissions, then the files in the directory can only be deleted by everyone
Setting mode:
chmod o+t Direcotry
Or
chmod 1777 Direcotry
1 on behalf of T
Sixth. Notes file permissions owner/Group Management