Shulou(Shulou.com)06/01 Report--

This article will explain in detail the example analysis of linux file rights management methods, the editor thinks it is very practical, so share it for you to do a reference, I hope you can get something after reading this article.

Why do you need rights management?

1. Computer resources are limited, so we need to allocate computer resources reasonably.

2.Linux is a multi-user system. For every user, the protection of personal privacy is very important.

Rwx permissions of the directory

Current user: vagrant:vagrant

Create the testdir directory and enter the testdir directory. Create the file test.

$mkdir testdir$ cd testdir$ touch test

Change the testdir permission to 000. try to execute ls testdir

$chmod 000000 testdir$ ls testdir/ls: cannot open directory testdir/: Permission denied

Change the testdir permission to 400 and try to execute ls testdir

$chmod 400 testdirls-l testdir/ls: cannot access testdir/test: Permission deniedtotal 0Murray? Test

Result: the list of files in the directory can be read, but no specific file information (permissions, size, user group, time, etc.) can be seen, even though the current user is the owner of / testdir/test and has rwx permissions.

The r permission of the directory can read the list of files in the directory.

Go ahead and try to enter the testdir directory.

$cd testdir/-bash: cd: testdir/: Permission denied

It seems that r permission does not give us access to the directory.

Let's try to add an x permission.

~ $chmod 500 testdir/~$ cd testdir/~/testdir$ ls-ltotal 0When RWMurRT-1 vagrant vagrant 0 Nov 19 08:16 test

Successfully entered.

Having the x permission of the directory allows us to enter the directory. In this working directory, we can view the list of files and the attribute information of the files.

Try deleting the test file or creating a new file test1.

~ / testdir$ rm testrm: cannot remove 'test': Permission denied~/testdir$ touch test1touch: cannot touch' test1': Permission denied

Having r x permissions on a directory does not allow us to change the contents of the directory. The list of files in the directory can be seen as the contents of the directory.

You can add or delete the contents of the directory with the w permission of the directory.

~ / testdir$ chmod 700. ~ / testdir$ rm test~/testdir$ touch test1~/testdir$ ls-ltotal 0murr RWMurRwMurr-1 vagrant vagrant 0 Nov 19 08:30 test1

Umask

In the above example, the permission of the new file we created is 664 (- rw-rw-r--). Why is the default permission 664? what if I want to change the default permission of the new file?

Enter umask in the console:

$umask0002

Umask is the complement of permissions. The default permission for the file is 666-umask.

If we create a file that does not want other users to have r permission, we can change the complement to 0006.

~ / testdir$ umask 0006 Nov touch test2~/testdir$ ls-l | grep test2-rw-rw---- 1 vagrant vagrant 0 Nov 19 08:38 test2

Why isn't the default permission for files 777-umask? Because the newly created file does not have executable permissions by default, if you only consider rw permissions, this wave of operations will naturally be 666.

Directories have x permissions by default. When umask is 0002, the default permissions for created directories should be 777-0002 = 775:

~ / testdir$ mkdir dir1~/testdir$ ls-l | grep dir1drwxrwxr-x 2 vagrant vagrant 4096 Nov 19 08:39 dir1

Special authority

SUID

Generally speaking, the file permission is rwx. Let's take a look at the permissions of passwd (password change command):

~ / testdir$ ls-l / usr/bin/passwd-rwsr-xr-x 1 root root 47032 May 16 2017 / usr/bin/passwd

If you are careful, you will find that the x bit of its user rights is actually s. This permission is called SUID and is valid only for binaries.

When the user has the execute permission of the file, executing the file will briefly get the support of the owner permission of the file.

For example: all users' passwords are stored in the / etc/shadow file, and the file's permissions are-r-root root by default, and only root users have forced write permissions, so why can ordinary users change their passwords? Because the passwd command has SUID permission, users will get permission support from the file owner root when executing the command, thus changing their password.

SGID

When the x position of group becomes s, the file has SGID permissions.

SGID permissions are valid for binary programs. Similar to SUID, when a user has x permission for a file, he or she executes the file and gets permission support from the user group to which the file belongs.

In addition to binaries, SGID can also be set on a directory.

If the user has SGID permission to the directory:

A valid user group for a user in this directory will become a user group in that directory.

If the user has w permission for this directory, the user group for the files created by the user in this directory is the same as the user group in this directory.

This permission is important for project development.

SBIT

This permission is currently only valid for directories:

When the user has wdepartment x permission on this directory, after the user creates a folder or directory in that directory, only himself and root have permission to delete the file.

If the x permission bit of Others is t, the folder has SBIT permission.

For example, the / tmp directory:

$ls-l / | grep tmpdrwxrwxrwt 4 root root 4096 Nov 19 09:09 tmp$ sudo-s # touch testroot@vagrant-ubuntu-trusty-64:/tmp# exitexitvagrant@vagrant-ubuntu-trusty-64:/tmp$ rm testrm: remove write-protected regular empty file 'test'? Yrm: cannot remove 'test': Operation not permitted

How to set the above three permissions

If you add a number before the "three numbers" of a normal permission setting, the previous number represents these permissions:

4 is SUID

2 is SGID

1 is SBIT

For example:

# chmod 777 / tmp# ls-l / | grep tmpdrwxrwxrwx 4 root root 4096 Nov 19 09:17 tmp# chmod 1777 / tmp# ls-l / | grep tmpdrwxrwxrwt 4 root root 4096 Nov 19 09:17 tmpEnd. On the "linux file rights management method example analysis" this article is shared here, I hope the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good, please share it out for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.