Sixth. Notes file permissions owner/Group Management

# # # file Permissions # # #

View of file Properties * * *

ls-l filename

-|rw-r--r--. | 1| Root|   Root| 46 | OCT 1 05:03 |filename

— ———— — —— —— —— ———— ——

1 2 3 4 5 6 7 8

1. "-": file Type

-#普通文件

D #目录

C #字符设备

S #套接字

P #管道

b #快设备

L #连接

2. " rw-r--r--": File read and Write permissions

rw-|r--|r--

U g o

U owner's permissions

G Permissions for all groups

o Other people's rights

3. " 1 ":

File: The number of times a file's contents have been recorded by the system

To directory: The number of bytes of file attributes in the directory (file name size)

4. " Root ": File owner

5. " Root ": All groups of files

6. " 46 ": Size of File contents

7. " OCT 1 05:03 ": The time the file was last modified

8. " FileName ": File name

# # # file owner / All groups of Management # # #

Chown username File|dir #更改文件的所有人

Chown username:groupname file|dir #更改所有人所有组

Chown- r username dir #更改目录本身及里面所有内容的所有人

CHGRP- R GroupName dir #更改目录本身及里面所有内容的所有组

　　　　　　　　　

Monitoring commands

Watch-n 1 ls-lr/mnt

# # # file normal Permissions # # #

rw-|r--|r--

U g o

U: file owner can execute permissions on file

G: file group members can execute permissions on files

O: Other people can execute permissions on files

u first match,G priority ,o match when U,g mismatch

1.r

To files: You can view the characters in a file

For directories: You can view the information for a file in a directory

0.5

To file: You can change the characters in the file

For directories: You can add delete files to the directory

3.x

To files: program actions that can run records within a file (such as. sh |. bin.)

For directories: You can enter the directory (you cannot manipulate files in the directory when you cannot enter the directory)

Modify the file permissions by character * * *

chmod [-R] <u|g|o><+|-|=><r|w|x> File|dir

chmod u-x file1 #file1所有人remove x permission

chmod g+w file1 #file1所有人add w Permissions

chmod u-x,g+w file1 #file1所有人Remove x right, user group Group Add w permission

chmod ugo-r file2 #file2的所有人, user groups, other people remove R permissions

chmod ug+x,o-r file3 #file3所有人, user Groups add x permissions, others remove r Permissions

digitally Modify the file permissions * * *

in Linux

R=4

w=2

X=1

File permission number representation

rw-|r--|r--

U g o

U=rw-=4+2+0=6

G=r--=4+0+0=4

O=r--=4+0+0=4

So the file permission rw-r--r-- is represented as 644

*chmod Modified Permission value file

chmod 777 File

* Digital Permission 1~7 meaning

7=rwx

6=rw-

5=r-x

4=r--

3=-wx

2=-w-

1=--x

0=---

# # # system default permissions set # # #

From the point of view of system existence, the greater the open power, the higher the system existence meaning

From a system security standpoint , the less open power, the higher the system security

So the system set new file or directory will remove some permissions

Setting mode

Umask #查看系统保留权限 ( default = 022)

Umask 077 #修改该系统保留权限为077, this setting is temporary and only valid in the current shell

Permanent Setting Method * * *

*vim /ETC/BASHRC # #Shell

If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then

Umask 002 #普通用户umask

Else

Umask 077 #超级用户umask

The fi

Vim /etc/profile # # System

If [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then

Umask 002 #普通用户umask

All else

Umask 077 #超级用户umask (! The modified permission is 666-unmask, i.e. 600)

+ fi

! Two files above Umask set values must be consistent

Source/etc/bashrc

Source/etc/profile

Make the setting effective immediately

# # # #5. Special Permissions # # #

1.suid # #冒险位

To the binary executable file (e.g.. SH)

Procedures documented within the file are the owner of the process generated by the file owner, and the process initiator identity is irrelevant

(Anyone who executes the program as a file owner)

Setting mode:

chmod u+s File

Suid=4

chmod 4xxx File

2.sgid #强制位

To file: only for binary executables (. Sh. Bin)

Anyone running a binary file, the program when the program produces all the groups of the process are all groups of files, and the program Initiator group is not the identity

(The program is executed by anyone who executes the file as the group in which the file is located)

for directories: When the directory has sgid permissions, all the groups of all newly created files in the directory are automatically attributed to all groups in the directory, regardless of the group in which the file was created

(Anyone who creates a file in the directory that is in the same group as the directory)

Setting mode:

chmod g+s File|dir

sgid=2

chmod 2xxx File|dir

3.sticky # #粘制位

T permissions:

only for Directories , when a directory has T permissions, then the files in the directory can only be deleted by everyone

Setting mode:

chmod o+t Direcotry

Or

chmod 1777 Direcotry

1 on behalf of T

Sixth. Notes file permissions owner/Group Management