Thank you---------Linux privileges

File permissions

in order to ensure clear rights and responsibilities and business data security and confidentiality, enterprises need to all operators in the system division of labor, set their own functional permissions, you can perform the corresponding operation. For example, when an operator is given permission to fill in a voucher, the operator can fill in the voucher after registering to enter the accounting sub-system.

Only system administrators have permission to set permissions

File definition of permissions: The permissions of the owner, the permissions of the group, the permissions of the non-owner and the group

-rw-rw-r--1 root utmp 9984 Jan 2 wtmp-rw-owner's permission, use U to represent the permission of the rw-group, use G to represent the permission of the r--non-owner group, and O to indicate the owner of the root file Genus of Utmp files

All users have only 3 classes of permissions on the file, rwx, which means:

Readable,r permissions, readable permission bits

When the file has this permission bit, the corresponding user on this file can use some file view class tool to view the contents of the file.

Directory: The user of this permission bit can view the contents of the directory with "ls"

Writeable,w permissions, writable permission bits

Files: This permission bit corresponds to the user can modify the contents of the file

Directory: This permission bit corresponds to the user can delete files in the directory, create files

Excutable,x permissions, executable permission bit

Files: This permission bit corresponds to the user can draw this file to the kernel to run as a process

Directory: Available ls-l View the list of files in this directory, and CD into this directory

These three bits can be represented by an octal number

---001 1-w-010 2-wx 011 3r--0--x 4r-x 101 5rw-110 6rwx 111 7640 rw-r-----755 rwx r-x r-x

Commands related to file permissions

CHMOD,CHOWN,CHGRP command

[[Email protected] ~]# type Chmodchmod is/usr/bin/chmod[[email protected] ~]# chmod--helpusage:chmod [OPTION] ... Mode[,mode] ... FILE ... or:chmod [OPTION] ... Octal-mode file ... or:chmod [OPTION] ...--reference=rfile file...-r,--recursive recursively modify permissions for files under directories and directories

The meaning of mode

1) Modify permissions for certain types of users

U=[rwx "] g=[rwx" o=[rwx "]

uo= ug= go=

2) A certain permission modification to a certain type of user

u+-,g+-,o+-

a+-or +-

Examples of Use:

1, modify the file of a certain type of user's permissions and a certain permission [[email protected] tmp]# mkdir -m 644 testdir  #创建目录文件 [[ email protected] tmp]# touch testdir/abc   #创建文件 [[Email protected] tmp] # ls -ltotal 4drw-r--r-- 2 root root 4096 jul 30 12:35  testdir[[email protected] tmp]# ls -l testdir/abc-rw-r--r-- 1 root  root 0 jul 30 12:39 testdir/abc[[email protected] tmp]# chmod u=  TESTDIR[[EMAIL PROTECTED] TMP]# LS -LTOTAL 4D---r--r-- 2 root  Root 4096 jul 30 12:35 testdir[[email protected] tmp]# ls -l  testdir/abc-rw-r--r-- 1 root root 0 jul 30 12:39 testdir/abc[[ email protected] tmp]# chmod -r u+rwx testdir[[email protected] tmp]#  ls -ltotal 4drwxr--r-- 2 root root 4096 jul 30 12:39 testdir[[email  Protected] tmp]# ls -l testdir/total 0-rwxr--r-- 1 root root 0  JUL 30 12:39 ABC2. Modify the permissions of File B with the permissions of the A file [[email protected] tmp]# touch  Testdir/b[[email protected] tmp]# ls -l testdir/-rwxr--r-- 1 root root  0 jul 30 12:39 abc-rw-r--r-- 1 root root 0 jul 30  12:43 b[[email protected] testdir]# chmod --reference=abc b-rwxr--r--  1 ROOT ROOT 0 JUL 30 12:43 B3, changing the permissions of a file in octal bit [[email protected]  tmp]# ls -l testdir/-rwxr--r-- 1 root root 0 Jul 30  12:39 abc[[email protected] testdir]# chmod 600 abc[[email protected]  TESTDIR]# LS -L-RW-------&nbsP;1 root root 0 jul 30 12:39 abc 

Chown command

[[Email protected] ~]# type Chownchown is/usr/bin/chown[[email protected] ~]# chown--husage:chown [OPTION] ... [OWNER] [: [GROUP]] File ... or:chown [OPTION] ...--reference=rfile-R,--recursive recursively modifies directories and directories under the owner of the files

1) Modify the owner

[[email protected] tmp]# install-d Hello #创建目录 [[email protected] tmp]# Ls-ltotal 4drwxr-xr-x 2 root root 4096 Jul 30 12 : hellodrwxr-xr-x 2 root root 4096 Jul 12:55 hello-rw-r--r--1 root root 0 Jul 12:55 abc[[email protected] tmp]# C Hown MyUser hellodrwxr-xr-x 2 myuser root 4096 Jul 12:55 hello-rw-r--r--1 root root 0 Jul 12:55 ABC

2) modify the genus Group

[Email Protected]0h6bsz tmp]# chown-r. myuser hello-rw-r--r--1 root myuser 0 Jul 12:55 ABC

3) Modification of the genus and the genus group

[Email protected] tmp]# Chown-r root.root hellodrwxr-xr-x 2 root root 4096 Jul 12:55 hello-rw-r--r--1 root root 0 Ju L-12:55 ABC

Masking code when files and directories are created: umask

Default file must not have execute permission to avoid malicious exploitation of files

Default directory has Execute permissions

Administrator's Umask

[Email protected] tmp]# umask0022

Umask for ordinary users

[Email protected] tmp]# su-user1-sh-4.2$ umask0002

Location defined by Umask

The value of umask is defined in the/ETC/PROFILE,/ETC/BASHRC # by default, and we want Umask to get set. This sets it for login shell# current threshold for system reserved Uid/gids are 200# you could check uidgid reservation VA Lidity in#/usr/share/doc/setup-*/uidgid Fileif [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then umask 002else umask 022fi

Permission to create a file, default

1. admin [[email protected] tmp]# Touch Testfile[[email protected] tmp]# ls-l-rw-r--r--1 root root 0 Jul 13:03 testfil E2, Normal user-sh-4.2$ touch testfile-sh-4.2$ ls-l-rw-rw-r--1 user1 user1 0 Jul 13:02 testfile

Permissions for file: 666-umask

Permissions for directory: 777-umask

This article from "Reading" blog, declined reprint!

Thank you---------Linux privileges