File permissions
in order to ensure clear rights and responsibilities and business data security and confidentiality, enterprises need to all operators in the system division of labor, set their own functional permissions, you can perform the corresponding operation. For example, when an operator is given permission to fill in a voucher, the operator can fill in the voucher after registering to enter the accounting sub-system.
Only system administrators have permission to set permissions
File definition of permissions: The permissions of the owner, the permissions of the group, the permissions of the non-owner and the group
-rw-rw-r--1 root utmp 9984 Jan 2 wtmp-rw-owner's permission, use U to represent the permission of the rw-group, use G to represent the permission of the r--non-owner group, and O to indicate the owner of the root file Genus of Utmp files
All users have only 3 classes of permissions on the file, rwx, which means:
Readable,r permissions, readable permission bits
When the file has this permission bit, the corresponding user on this file can use some file view class tool to view the contents of the file.
Directory: The user of this permission bit can view the contents of the directory with "ls"
Writeable,w permissions, writable permission bits
Files: This permission bit corresponds to the user can modify the contents of the file
Directory: This permission bit corresponds to the user can delete files in the directory, create files
Excutable,x permissions, executable permission bit
Files: This permission bit corresponds to the user can draw this file to the kernel to run as a process
Directory: Available ls-l View the list of files in this directory, and CD into this directory
These three bits can be represented by an octal number
---001 1-w-010 2-wx 011 3r--0--x 4r-x 101 5rw-110 6rwx 111 7640 rw-r-----755 rwx r-x r-x
Commands related to file permissions
CHMOD,CHOWN,CHGRP command
[[Email protected] ~]# type Chmodchmod is/usr/bin/chmod[[email protected] ~]# chmod--helpusage:chmod [OPTION] ... Mode[,mode] ... FILE ... or:chmod [OPTION] ... Octal-mode file ... or:chmod [OPTION] ...--reference=rfile file...-r,--recursive recursively modify permissions for files under directories and directories
The meaning of mode
1) Modify permissions for certain types of users
U=[rwx "] g=[rwx" o=[rwx "]
uo= ug= go=
2) A certain permission modification to a certain type of user
u+-,g+-,o+-
a+-or +-
Examples of Use:
1, modify the file of a certain type of user's permissions and a certain permission [[email protected] tmp]# mkdir -m 644 testdir #创建目录文件 [[ email protected] tmp]# touch testdir/abc #创建文件 [[Email protected] tmp] # ls -ltotal 4drw-r--r-- 2 root root 4096 jul 30 12:35 testdir[[email protected] tmp]# ls -l testdir/abc-rw-r--r-- 1 root root 0 jul 30 12:39 testdir/abc[[email protected] tmp]# chmod u=  TESTDIR[[EMAIL PROTECTED] TMP]# LS -LTOTAL 4D---r--r-- 2 root Root 4096 jul 30 12:35 testdir[[email protected] tmp]# ls -l testdir/abc-rw-r--r-- 1 root root 0 jul 30 12:39 testdir/abc[[ email protected] tmp]# chmod -r u+rwx testdir[[email protected] tmp]# ls -ltotal 4drwxr--r-- 2 root root 4096 jul 30 12:39 testdir[[email Protected] tmp]# ls -l testdir/total 0-rwxr--r-- 1 root root 0  JUL 30 12:39 ABC2. Modify the permissions of File B with the permissions of the A file [[email protected] tmp]# touch Testdir/b[[email protected] tmp]# ls -l testdir/-rwxr--r-- 1 root root 0 jul 30 12:39 abc-rw-r--r-- 1 root root 0 jul 30 12:43 b[[email protected] testdir]# chmod --reference=abc b-rwxr--r--  1 ROOT ROOT 0 JUL 30 12:43 B3, changing the permissions of a file in octal bit [[email protected] tmp]# ls -l testdir/-rwxr--r-- 1 root root 0 Jul 30 12:39 abc[[email protected] testdir]# chmod 600 abc[[email protected] TESTDIR]# LS -L-RW-------&nbsP;1 root root 0 jul 30 12:39 abc
Chown command
[[Email protected] ~]# type Chownchown is/usr/bin/chown[[email protected] ~]# chown--husage:chown [OPTION] ... [OWNER] [: [GROUP]] File ... or:chown [OPTION] ...--reference=rfile-R,--recursive recursively modifies directories and directories under the owner of the files
1) Modify the owner
[[email protected] tmp]# install-d Hello #创建目录 [[email protected] tmp]# Ls-ltotal 4drwxr-xr-x 2 root root 4096 Jul 30 12 : hellodrwxr-xr-x 2 root root 4096 Jul 12:55 hello-rw-r--r--1 root root 0 Jul 12:55 abc[[email protected] tmp]# C Hown MyUser hellodrwxr-xr-x 2 myuser root 4096 Jul 12:55 hello-rw-r--r--1 root root 0 Jul 12:55 ABC
2) modify the genus Group
[Email Protected]0h6bsz tmp]# chown-r. myuser hello-rw-r--r--1 root myuser 0 Jul 12:55 ABC
3) Modification of the genus and the genus group
[Email protected] tmp]# Chown-r root.root hellodrwxr-xr-x 2 root root 4096 Jul 12:55 hello-rw-r--r--1 root root 0 Ju L-12:55 ABC
Masking code when files and directories are created: umask
Default file must not have execute permission to avoid malicious exploitation of files
Default directory has Execute permissions
Administrator's Umask
[Email protected] tmp]# umask0022
Umask for ordinary users
[Email protected] tmp]# su-user1-sh-4.2$ umask0002
Location defined by Umask
The value of umask is defined in the/ETC/PROFILE,/ETC/BASHRC # by default, and we want Umask to get set. This sets it for login shell# current threshold for system reserved Uid/gids are 200# you could check uidgid reservation VA Lidity in#/usr/share/doc/setup-*/uidgid Fileif [$UID-gt 199] && ["' id-gn '" = "' Id-un '"]; Then umask 002else umask 022fi
Permission to create a file, default
1. admin [[email protected] tmp]# Touch Testfile[[email protected] tmp]# ls-l-rw-r--r--1 root root 0 Jul 13:03 testfil E2, Normal user-sh-4.2$ touch testfile-sh-4.2$ ls-l-rw-rw-r--1 user1 user1 0 Jul 13:02 testfile
Permissions for file: 666-umask
Permissions for directory: 777-umask
This article from "Reading" blog, declined reprint!
Thank you---------Linux privileges