Shulou(Shulou.com)06/02 Report--

File permissions

1. The meaning of the existence of file permissions touch can change the file time

One of the lowest level security setting methods of the system

Ensure that the file can be manipulated by available users

2 View of file permissions

Ls-l file

Ls-dl file

Ll file

Ll-d dir

The ls-lR directory recursively displays all the subfiles under the directory

3. Reading of file permissions

| | rw-rw-r-- | 1 | kiosk | kiosk | 0 | Jul 21 09:18 | file |

1 > File type ◦ empty file

D directory

L soft links are similar to shortcuts under windows

S socket socket in the network data connection. You can start a program to listen to the client's requirements, and the client can communicate through sockets

B block block device an interface device that stores data for system access, simply a hard disk

C character device serial port interface device (keyboard and mouse)

Fix: P pipeline files solve errors caused by multiple programs accessing a file at the same time. FIFO first in first out

2 > permissions for files

Rw- | rw- | rmuri-

U: what can the file owner do with the file

G: what can all groups of files do with files

O: what other people can do with the file

R: for files: can you view the contents of the file-- > cat file

For directories: can you check what subfiles or subdirectories are used in the directory-- > ls dir

W: for files: can you change the characters in the file?

To directories: whether the original data of subdirectories or subfiles in directories can be changed

X: for files: whether the program recorded in the file can be called through the file name

To the directory: whether you can enter the directory

Generally speaking, if r permission is given to the directory, it must be given to the source of x 5.

Change method:

Chmod = > file | dir

Chmod-reference=file/dir file/dir copies the specified file permissions to the specified file

Number r 4 (100) w 2 (010) x 1 (001)

Chmod 775 specified file

File 644, directory 755, for security.

Change the owner of the user, all groups.

File

Chown username file | dir

Chown user.group (:) file | dir

Chown-R user.group dir

Chgrp group file | dir

The chgrp-R group dir directory and the files in the directory will be changed

User management

Umask system default permissions 777-022 (directory)-111 (file)

Umask is the default reserved right for the system to establish (binary representation)

Umask 077 temporarily sets the system reservation permissions to 077

Permanently modify the configuration of uamsk under / etc/bashrc and / etc/profile files

Note: how to distinguish between super users and ordinary users

Vim / etc/bashrc 71 ordinary users 73 super users

Vim / etc/profile60 ordinary user 62 super user

Source / etc/bashrc

Source / etc/profile

User management

two。 Special permissions (check the last two sections of the video)

Sticky paste bit swap partition files also use sticky id to load memory in advance.

Function: effective only for directories. When a directory has only sticky permission, files in this directory can only be deleted by the owner of the file

Setting mode chmod ostent dir

Chmod 1### dir

2.sgid forced bit

Function: executable files only for binary files. When there is sgid on the file, anyone's process of executing this file belongs to the filegroup.

: to a directory any files created in a secondary directory belong to all groups of the directory when there is sgid permission on the directory

Setting method: chmod gears file | dir

Chmod 2 thanks # file | dir

3suid adventure position

Only for binary executable files, when there is a Suid on the file, anyone who executes the program process in this file belongs to the file owner

4.acl permission list

1. Role: let specific users have specific permissions on specific files

2.acl list management

The meaning of permission list: to let specific users have specific permissions on specific files

Setfacl-m u:username:rwx file sets username to have rwx permissions for file

Setfacl-mg: group:rwx file sets group group members to have rwx permissions on file

Setfacl-x u:username file removes username from cal list

Setfacl-b file closes the file list

3.acl list View

-rw- | rwx | rmuri + (acl enabled)

Getacl file view the permission of acl to open a file

# file:file file name

# owner: root file owner

# group: root file owner

Permissions of the owner of the user::rw- file

User:kiosk:rwx specifies user permissions

Group::r-- files have group rights

The maximum rights that mask::rwx can give users

Permissions of other people in other::r--

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.