Shulou(Shulou.com)06/01 Report--

This article shows you how to carry out the security and permissions of the file in the Linux command, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

The 1.ls-l command:

The first bit represents the file type:

D directory.

L symbolic link (points to another file).

S socket file.

B block device file.

C character device file.

P name the pipe file.

-ordinary files, or, more accurately, files that do not belong to the above types.

The next nine consecutive digits represent the read and write permissions of the file:

R w x: files belong to primary permissions. These are the first three digits.

R-x: same group of user permissions. These are the middle three.

R-x: other user rights these are the last three

two。 Permissions for newly created files (folders)

Table of contents:

As you can see, the permissions of the newly created directory myshell are: rwx rmurx rmerx, that is:

Onwer users have read, write, execute permissions, group and other users have read, execute permissions.

File:

As you can see, the permissions for the newly created file myfile are: rw- rmuri-rmuri -.

In the newly created state, the file will not be given permission to execute because of security considerations.

File permission modification:

# chmod 777 myfile / / gives all users all permissions to the file.

# chmod amerx myfile / / reclaims the execution permissions of all users (note that there is no space in front of aMeix Maxime).

# chmod upright myfile / / Grant file owner execution permissions while reclaiming other users' write permissions

3. Chmod command has two modes: symbolic mode and absolute mode.

Symbol mode:

# u: file owner

# g: users in the same group

# o: other users

# a: all users

+ increase permissions

-reclaim permissions

Such as:

Chmod Amurx myfile / / deprives all users of file execution rights

Chmod og-w myfile

Chmod Grouw myfile

Chmod upright x myfile

Chmod go+x myf

Chmod uprix.com.oww myfile

Absolute mode:

004 is readable

002 writable

001 executable

000 does not have permission

Chmod 750 myfile

Add permissions to the file myfile:

7 = 4 + 2 + 1 (owner can read, write, execute)

5 = 4 + 1 (readable and executable for users in the same group)

0 = 0 (other users do not have any permissions)

If you execute on a directory:

Chmod 740 *

It means to grant 740 permissions to all files in this directory, but for new directories later, the permissions will still be the default rw- rmuri-rmuri-

4. Permissions of the directory

For catalogs, it means:

Read permission: you can list the files in this directory

Write permission: you can create or delete files in this directory

Execute permission: you can search or enter this directory

The permissions of the directory will override the permissions of the files in that directory. For example, if the directory docs has the following permissions:

The permissions of the file pay are:

Then users of the admin group will not be able to edit the file because the directory to which it belongs does not have such permissions.

The file is readable to any user, but because it is in a directory that does not grant execute permissions to users of the admin group, users of that group will not be able to access the directory and will get an "access restricted" error message.

5.suid and guid (understand)

Suid means that if a user sets this permission on his own shell script, then other users will have the appropriate permissions of their owners when executing the script.

If the file myfile has permissions of 741, to set suid on it, just add 4 to the number of permissions (guid is plus 2, both settings are 4 / 2 / 6).

6. / etc/passwd file

This file lists information about the legitimate users of the system.

7. Chown and chgrp

Chown: the owner and administrator of the file can use this command to change the ownership of the file. After the change, the original owner cannot reclaim his permissions. If you really want to do so, you must turn to the administrator for help.

Such as:

Change the owner of the myfile from root to user zhy (zhy must be legal in / etc/passwd).

Chgrp: change the group to which the file belongs.

Such as:

The group to which myfile belongs has been changed from root to zhy.

(

# groups

View all members of the group in which the currently logged-in user is in.

# id

View the information of the currently logged-in user

# whoami

See which user the system is currently logged in by.

# groups zhy

View the group in which the zhy user belongs and the members of the group.

The characteristics of user groups provide great convenience for system administrators in system management, but security is also worth paying attention to. For example, if a user has the most important content for system management, it is best to let the user have an independent user group, or set the permissions of the files under the user to be completely private; in addition, the root user group generally does not easily add ordinary users.

8.umask command

After a user logs in to the system, the files he creates have a default permission, which can be configured by the administrator or by the user himself with the umask command after logging in, which is valid until you exit the shell or use another umask command.

Generally speaking, the umask command is set in the / etc/profile file, which is referenced by each user when logging in, so if you want to change the umask of all users, you can add the appropriate entry to this file. If you want to set your own umask value permanently, put it in the .profile or .bash _ profile file in your $home directory.

Umask value and weight bit:

Through:

# umask

Command to view the current umask value (the last three digits):

As you can see, the current umaks value is 022. From the table above, you can see that the file permissions for umask are 644 and the directory permissions are 755.

If there is no table above, there is another method of calculation:

777: rwx rwx rwx

022:-W-W-

The bits that do not match in the above two lines are the permissions of the directory:

Rwx rmurx rmurx

Change to a value of 755 (directory permissions)

Then replace the bit "x" in the above calculated result (rwx rmurx rmurx) with -, which is the permission of the file:

Rw- rmuri-rmuri-

Change to a value of: 644 (file permissions)

If you want to change the umask value of the system, you can do this:

# umask 007

Example:

As you can see, the permissions of the file have indeed been changed.

9. Symbolic link

Is a pointer to a file, which I understand as a shortcut under window:

Profile is a shortcut to / usr/local/menus/sales.profile, which is very convenient, for example, we have multiple users, such as 50, and we can create a .profile file for them, all pointing to the same sales.profile file, and we can modify a sales.profile later without having to modify the .profile of each user.

The command format for creating symbolic links:

# ln [- s] source_path target_path

Source_path is the file to point to

Target_path is the pointer (shortcut)

Example:

# ln-s / usr/opt/monitor/regstar/reg.log / var/adm/logs/monitor.log

On newly installed systems, it is common to create a link to the / tmp directory in the / var directory, because some applications think the / var/tmp directory exists (but it doesn't actually exist), and some applications save temporary files in it. To keep all temporary files in one place, you can use the ln command to establish a link to the / tmp directory in the / var directory:

# ln-s / tmp / var/tmp

Later, if an application tries to put some temporary files under / var/tmp, it is actually stored in the / tmp directory, because / var/tmp is just a symbolic link.

The above content is how to carry out file security and permissions in the Linux command. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.