Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to improve the privileges of Linux users". Friends who are interested may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to improve the privileges of Linux users.

1. Basic permissions UGO

A file or directory

1. Permission object U, master G, group O, other people, a (u+g+o) owner 2, permission type: read permission, write permission, write permission, executive permission.

one

3. View permissions

(1) View the detailed permissions of the file

Ls-l file

one

(2) View the detailed permissions of the directory

Ls-l-d directory

one

For example: [root@localhost ~] # ls-l / root/1.txt

-rw- rmuri-rmuri -. 1 root root 179 May 25 14:27 / root/1.txt

The authority of the rw- owner, the authority of the master Rmuri-belonging to the group, and the authority of others. Extension of permissions 1 file link (chapter 7 file link) root file owner root file group 179 size May 25 14:27 file last modification time / name and path of root/1.txt file

one

two

three

4. Set permissions

(1) change permissions

Use characters: Chmod object (u+g+o+a) assignment (+ /-/ =) permission type (r+w+x) file / directory use the number: Rene4 wig2 xroom1

one

two

Chmod 761 file / directory

761 indicates that the file type is ugo and the permissions are: u=rws g=rw ostatx

(2) change of ownership and group

The Chown parameter belongs to the master. Group files / directories

one

For example: chown alice.hr file01.txt changes the group and owner

Chown alice file01.txt only changes the owner

Chown .hr file01.txt changes only belonging groups

-R recursive change, generally put on the directory, the file or directory inside the unified design Chgrp-R group name file / directory (- R means recursive change, the file or directory within the unified design, grp=group)

one

two

three

(3) how to run a text file (provided that there are creation commands, such as touch, mkdir)

Suppose a new file file.txt is created

Vim file.txt

Write the following:

Touch aaa.txt

Mkdir aaa

1. Bash file.txt runs the text file file.txt (run directly)

2. Give file permissions

Chmod upright x file.txt

one

Running the text file file.txt

Command:. / file.txt

2. Basic permissions ACL

ACL is an upgraded version of UGO. You can use UGO for relatively simple commands and ACL for relatively complex instructions.

Usage: setfacl-m user or group: user name: permissions file / directory

one

Eg:setfacl-m (parameter) u:alice: rwx / home/aa.txt

For setfacl usage parameter:-m: set subsequent acl parameter-x: delete subsequent acl parameter-b: delete all acl parameters-k: delete default acl parameter-R: recursively set acl, including subdirectory-d: set default acl, only default directory can be set

one

two

three

four

2. View ACL:getfacl files / directories

one

3. Delete ACL:

(1) delete some ACL permissions:

Setfacl-x user / group: username file / directory

one

(2) remove all permissions:

Setfacl-b file / directory

one

3. Special permissions suid, sgid, stickSuid

Enable ordinary users to gain owner permissions for files / programs

Sgid

When you create a child file / subdirectory, make it inherit the parent file / parent directory

Stick

Prevents files in the directory from being deleted

Difference:

In fact, when the number represents permissions, it should be four digits. The first digit is related to special rights. 777 represents 0777.

7777 stands for the special attachment is 7-7-7-4-2-1 (r+w+x), and each represents the sounding suident, the splayed, the leading, the leading, the second, the second, and the second.

7777=rws rws rwt 6777=rws rws rwx 5777=rws rwx rwt 4777=rws rwx rwx

3777=rwx rws rwt 0777=rwx rwx rwx 2777=rwx rws rwx 1777=rwx rwx rwt

How to set special permissions suid:

Ll / usr/bin/cat

Chmod Utility / usr/bin/cat

Ll / usr/bin/cat

Su-alice

Cat / root/file.txt can view the contents of file.txt, but it doesn't have enough permissions to view it before Ubunx.

4. Special permission chattr

Attach permissions to files so that they cannot be viewed, modified, or deleted

Touch file.txt

Lsattr file.txt View File Properties

Chattr + I file.txt

Lsattr file.txt

Rm-rf file.txt cannot be deleted. After revoking the permission of + I, everything will return to normal.

5. Special permission process mask umask

The default permissions of new files and directories are affected by umask. Umask indicates the permissions to be reduced.

The default process mask of the system is 0022. Modify the default process mask of the system (umask modify content), and the default permissions of files and directories created by the system will also be modified.

Formula: default permissions for the new directory = 0777-process mask

Default permissions for new files = new directory permissions-0111

The meaning of the parameter followed by umask:-p displays the detailed process mask of the system;-S displays the permissions of the new directory by default.

At this point, I believe you have a deeper understanding of "how to enhance the privileges of Linux users". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.