Shulou(Shulou.com)05/31 Report--

This article mainly explains "what are the methods of Linux rights management". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what are the methods of Linux rights management"?

Getting started with permissions

1. File attribute

If you just heard the words file attributes are strange, don't panic, because as long as you have used Linux, you will not be unfamiliar with the commands ls or ll, both of which are commands for viewing files. If you execute ls-l in any directory, the following page will appear:

Let's first take a closer look at what each part represents:

First of all, we understand that ls means list, which is used to display the file name and related attributes of the file, where-l is used to list the details, permissions and attributes of all files.

1) permissions

Let's take a look at the content of this section of drwx-, which we count and find that it contains 10 characters:

The first column: indicates that the file is a directory, file, or linked file, etc.

D: indicates a directory, and the above www is a directory called www

-: represents a file, and the test.txt above is a file

L: represents a linked file [link file]

B: represents the peripheral devices that can be stored in the device file

C: represents the serial port device in the device file, such as keyboard and mouse (read the device at one time)

Second column: three characters in a group, indicating the permissions that the file owner can have

Column 3: the permissions of the account that joins this user group with a group of three characters.

Column 4: three characters in a group, indicating the permissions of other accounts that are not in person and do not join this user group

Note: from the second column to the fourth column, there are three characters in a group, in which the possible characters are r, w, x, -, where [r] means readable (read), [w] means writable (write), [x] indicates executable (execute), and [-] indicates no permission. And the positions of the three rwx are fixed.

Try it out:

-what does rwx-w-r-- mean?

First of all, it is divided into four parts,-rwx-w-r muri-

Indicates that this represents a file

Rwx: the owner of this file has read, write, and executable permissions

-wmurf: indicates that other accounts under the general user group have writable permissions for this file.

RMMI: indicates that other users can only have readable permissions on the file

2) number of links

3 indicates how many file names are linked to this node (inode), and each file records its permissions and attributes to the inode of the file system, but the directory tree we use uses file names to record, so each file name will be linked to an inode, this attribute records how many different file names are linked to the same inode number.

3) owner

Represents the account of the owner of this file (or directory).

4) user groups

Indicates the user group to which this file belongs. In LINUX, an account is added to one or more user groups. Accounts that do not belong to the same user group do not have the appropriate permissions on the file (or directory).

5) File capacity

Indicates the capacity size of the file. The default unit is Bytes.

6) date modified

Indicates the creation date or the most recent modification date of the file. If the file has been modified for too long, the time will only show the year, not the month, day, and time. However, we can use-- full-time to display the full time:

7) File name

Represents the file name, if the file name is preceded by [. ), which means that the file is hidden. Normally, using ls or ll will not show hidden files. We can use ls-a to display all files:

two。 What is permission?

Before we came into contact with Linux, the most contact was the windows system. In the windows system, we do not seem to feel the existence of permissions. Only some files on the system disk require administrator permissions, but these permissions are not directly managed by us.

But each file in Linux adds a lot of attributes and the concept of user groups, which are not useless and, in the final analysis, protect data security.

What is the use of permissions?

Protect system function

In Linux system, root users can read, write and perform operations on system services. If there is no permission limit, each user can operate the operating system file, which is a very dangerous thing, which will cause the server to crash.

Data isolation and sharing

There is the concept of user group in Linux system, and an account can join one or more user groups. A user group is actually equivalent to the concept of a team. Members of the same team can share data without seeing the data information of other teams. If we want to ensure that members of other teams cannot see the team's data, then we should set up a user group and assign rwxrwx---, to the corresponding file so that no one can use it except that the file owner and file user group can read and write to the file.

3. Actual modification

Let's first take a look at three instructions related to permissions:

Chgrp: modify the user group to which the file belongs

Chown: modify the owner of the file

Chmod: permissions to modify a file

1) chgrp

This instruction is used to modify the user group to which the file belongs. Word-sensitive friends may guess that this instruction is an acronym for change group. When you learn that it is an abbreviation for change group, you will remember it more clearly.

Since this directive is used to modify the user group to which the file belongs, the premise is that the user group exists, that is, the file / etc/group exists, otherwise an error will be reported.

Snack expansion:

Create a user group: groupadd user group name. The example is as follows:

Delete user group: groupdel user group name. Example is as follows:

Create a user: create a new user name for the useradd-m-g group. The example is as follows:

We now create a chgrp folder under the / home directory with a text.txt file in it, as follows:

We can see from the figure that the user group of this file is root. At this time, we want to change the user group of this file to test. You need to do the following:

The user group of the file has been successfully changed to test through chgrp test text.txt.

2) chown

This directive is used to modify the owner of a file. Yes, this instruction is the abbreviation of the word change owner.

The premise of using this directive is that the user must already exist in the system, that is, the file name recorded in the / etc/passwd file can be changed. Above we have introduced how to create users in the extension, friends, remember to give it a try.

Chown has many uses, it can directly modify the user group to which it belongs, and if you want to connect all the subdirectories or files under the directory and change the file owner at the same time, you can directly add the-R option.

Basic commands:

Chown [- R] account name file / directory chown [- R] account name: user group name file / directory Note:-R recursively modifies all files under the same subdirectory

Example:

There is a test directory in the / home/chown directory and a test.txt file in the test directory. Both ownership and user groups are root. This is where we use chown to modify the owner of the test directory:

Chown cbuc test

You can see that the owner of the test directory has been modified to the user cbuc, but the test.txt in the test directory has not been modified. At this time, we add the parameter [- R] to try:

Chown-R cbuc test

You can see that both owners have been modified to cbuc. Let's try to modify the user group at the same time:

Chown cbuc:test test

In this way, we can easily use the chown directive to modify the user group and owner of the file.

3) chmod

This directive is used to modify the permissions of the file, which can be divided into two types, namely, numeric modification and symbol modification.

Numeric types modify file permissions

Above, we can see that the permissions include * * read, write and execute * *, and there are three identities at the same time, namely, the owner (owner), the group to which he belongs (group), and the other person (others).

The permission characters are: r w x. The corresponding numbers for each character are as follows:

R: 4

W: 3

X: 1

In this way, if a file permission is:-rwxrwxrwx

Its calculation rules are as follows:

Owner: 4 / 3 / 1 = 7

Group: 4 / 3 / 1 = 7

Others: 4 / 3 / 1 = 7

The way to combine this with chmod is chmod digital files / directories, while chmod also supports recursive operations, plus the parameter [- R]: chmod-R digital files / directories

Example:

We can see that the permission of the user group in the test folder is Rmurw, that is, readable and executable. At this time, if we give the user group read, writeable, and executable permissions, we can do this:

Chmod 775 test

At this point, the user group permissions of the test folder become readable, writable, and executable.

If we want the test.txt file under the test folder to have the same permissions as the test folder, we can add the [- R] parameter, that is, chmod-R 775 test, so that the subdirectories and subfiles under the test folder will be modified accordingly.

Symbol type modifies file permissions

Above we introduced the modification of file permissions through numeric types, and we can also modify them through symbols. We also know that there are three identities in Linux, namely, user, group and others, so we can use the characters u, g and o to indicate the permissions of the three identities. In addition, there is an a, which represents all identities, and is used as follows:

Mode of use:

Chmod upright RWX GOWX text

This directive means to grant rwx permissions to owners, and wx permissions to user groups and other users.

Chmod Aguilw test

This instruction means to add readable permissions to all identities.

Chmod a Murw test

This instruction is meant to remove readable permissions for all identities.

The side dish expands 1. File type

We have seen this picture above, and we have learned that the d column represents the types of files, and the two types we usually see are-and d, so what are the other types of files besides these two types?

1. General File (regular file)

This refers to the type of file that we are reading and writing, and the characters are-- and we can also divide them into the following categories in regular files:

Plain text file (ASCII): this is the most common file type in LINUX, which is data that we can read directly, such as numbers, letters, and so on.

Binaries (binary): generally speaking, executable files (except script files) are of this file type, such as executing instructions ls and cd, which are binary files.

Data files (data): some programs will read files in certain formats while running, and those files in a specific format are data files.

two。 Directory (directory)

This refers to the directory, which means the character is d

3. Linked file (link)

In a type windows system, a shortcut on the desktop that represents the character l

4. Devices and device files (device)

Some files related to the perimeter and storage of the system are usually concentrated in the / dev directory, and are usually divided into two categories:

Block device files: interface devices that store data to provide random access to the system. Indicates that the character is b

Character device file: is the interface device for some serial ports, such as keyboard, mouse, etc. Indicates that the character is c

5. Data interface file (sockets)

This type of file is usually used for data exchange on the network. Generally, in directories such as / run or / tmp, the character is s.

6. Data transfer file (FIFO,pipe)

FIFO is also a special file type. its main purpose is to solve the error problem caused by multiple programs reading and writing a file at the same time.

two。 File extension

In fact, Linux files have no so-called extension. In windows systems, file extensions that can be executed are usually .com, .exe, .bat, etc., while in Linux systems, there is no need for an extension, we just need the file to have executable permissions, that is, x

A file has the permission of x executable, which only means that it has the ability to execute, but not necessarily can be executed successfully. The success of execution depends on the contents of the file.

So what are the common extensions in Linux:

* .sh: indicates a script or batch file

* .Z, * .tar, * .tar.gz, * .zip, * .tgz: these all represent packaged compressed files

* .html, * .php: Web page related files, web page files that represent HTML syntax or PHP syntax

Thank you for your reading, these are the contents of "what are the methods of Linux rights management?" after the study of this article, I believe you have a deeper understanding of what the methods of Linux rights management have, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.