Shulou(Shulou.com)06/02 Report--

This article mainly talks about "the setting of Linux security permissions". Friends who are interested may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "the setting of Linux security permissions".

Catalogue

0x01 introduction

0x02 permission Settings

0x01 introduction

Last time, I only mentioned several kinds of authority division of Linux. R, w, x and the users or groups to which they belong are the following.

Remove the first bit and divide the remaining 9 characters into three groups every 3 bits.

The first group represents the permissions of the user, that is, the permissions of the current file owner

The second group represents the permissions of the user group, that is, the permissions of the user group to which the current file belongs, that is, the permissions of the users belonging to this user group to the file.

The third group represents the permissions of other user groups, that is, the permissions of user groups other than the second group to this file.

0x02 permission Settings

But how to set is a relatively secure situation, the most basic situation is that it can not be changed, the strict point is that the password file can not be read, the executable file can not be executed, the authority of 777 is absolutely impossible to give.

Under normal circumstances, a safety tipping point is

Directory 755 rwxr-xr-x users and groups root root files 644 rw-r--r-- users and groups root root

However, not all permissions can be maintained in this state. For example, if the website directory is not given read permission, users will not be able to access it, which will not be able to provide the required services.

For example, if a website has the need to upload files, the write permission must be enabled. Even if we need to have write permission, our permission allocation is still 755 and 644. You only need to turn the users and affiliated groups into users running the website process. This is the permission setting when you have to turn on permissions.

Directory 755 rwxr-xr-x users and groups www www files 644 rw-r--r-- users and groups www www

Generally do not give the permission to execute, then why should the directory give 755 permissions? it is entirely because without the permission to execute, the directory cannot enter at all and cannot carry out normal access operations.

Finally, it is clear what the default permissions are.

You can find that the permissions created by default by root users are the security critical permissions we mentioned earlier.

What controls the default permission? can you change the default permission to something else? it is controlled by umask. The first bit represents the special permission bit.

The default permission of the directory is 777, so 777 minus 022 is 755

The default permission of the file is 666, so 666 minus 022 is 644.

You can change the permissions at the default creation time by directly changing the umask

At this point, I believe you have a deeper understanding of the "setting of Linux security permissions". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.