Shulou(Shulou.com)06/01 Report--

This article mainly introduces the example analysis of plus sign and point in Linux permission column, which has a certain reference value, and interested friends can refer to it. I hope you will gain a lot after reading this article.

I. Summary

In Linux, the ls-l command is the most commonly used. The first column of the command display result is also what we are more concerned about. it is generally said that the characters that represent permissions occupy 10 positions. However, we often see that the 11th position in this column also shows that the most common point (.), and the plus sign (+) will also appear in this position, what on earth is going on? Let's put it into practice with our own hands.

Second, about the points in the permission column (.)

2.1 Let's look at the root directory.

[root@DCGH] # ls-lZ / lrwxrwxrwx. Root root system_u:object_r:bin_t:s0 bin-> usr/bindr-xr-xr-x. Root root system_u:object_r:boot_t:s0 bootdrwxr-xr-x. Root root system_u:object_r:device_t:s0 devdrwxr-xr-x. Root root system_u:object_r:etc_t:s0 etcdrwxr-xr-x. Root root system_u:object_r:home_root_t:s0 homelrwxrwxrwx. Root root system_u:object_r:lib_t:s0 lib-> usr/liblrwxrwxrwx. Root root system_u:object_r:lib_t:s0 lib64-> usr/lib64drwxr-xr-x. Root root system_u:object_r:mnt_t:s0 mediadrwxr-xr-x. Root root system_u:object_r:mnt_t:s0 mntdrwxr-xr-x. Root root system_u:object_r:usr_t:s0 optdr-xr-xr-x. Root root system_u:object_r:proc_t:s0 procdr-xr-x---. Root root system_u:object_r:admin_home_t:s0 rootdrwxr-xr-x. Root root system_u:object_r:var_run_t:s0 runlrwxrwxrwx. Root root system_u:object_r:bin_t:s0 sbin-> usr/sbindrwxr-xr-x. Root root system_u:object_r:var_t:s0 srvdr-xr-xr-x. Root root system_u:object_r:sysfs_t:s0 sysdrwxrwxrwt. Root root system_u:object_r:tmp_t:s0 tmpdrwxr-xr-x. Root root system_u:object_r:usr_t:s0 usrdrwxr-xr-x. Root root system_u:object_r:var_t:s0 var1234567891011121314151617181920

2.2 create a file and a directory in the HOME directory and observe the details of the eleventh location of the permissions.

[root@DCGH] # touch DCGH [root@DCGH] # mkdir DCGH-DIR [root@DCGH] # ls-l total dosage 0m RWM. 1 root root March 28 10:23 DCGHdrwxr-xr-x. 2 root root 6 March 28 10:24 DCGH-DIR123456

Check the status of native SELinux and list the basic information of files and directories in this directory about SELinux.

[root@DCGH ~] # getenforceEnforcing [root@DCGH ~] # ls-lZ-rw-r--r--. Root root unconfined_u:object_r:admin_home_t:s0 DCGHdrwxr-xr-x. Root root unconfined_u:object_r:admin_home_t:s0 DCGH-DIR12345

Close SELinux, then create experimental files and directories, and again enumerate the basic information of this directory and root files and directories about SELinux.

[root@DCGH ~] # sed-I "s/SELINUX=enforcing/SELINUX=disabled/g" / etc/selinux/config [root@DCGH ~] # reboot [root@DCGH ~] # getenforceDisabled [root@DCGH ~] # ls-lZ-rw-r--r--. Root root unconfined_u:object_r:admin_home_t:s0 DCGHdrwxr-xr-x. Root root unconfined_u:object_r:admin_home_t:s0 DCGH-DIR [root@DCGH ~] # touch DCGH-later [root@DCGH ~] # mkdir DCGH-later-dir [root@DCGH ~] # ls-lZ-rw-r--r--. Root root unconfined_u:object_r:admin_home_t:s0 DCGHdrwxr-xr-x. Root root unconfined_u:object_r:admin_home_t:s0 DCGH-DIR-rw-r--r-- root root? DCGH-laterdrwxr-xr-x root root? DCGH-later-dir [root@DCGH] # ls-lZ / lrwxrwxrwx. Root root system_u:object_r:bin_t:s0 bin-> usr/bindr-xr-xr-x. Root root system_u:object_r:boot_t:s0 bootdrwxr-xr-x root root? Devdrwxr-xr-x. Root root system_u:object_r:etc_t:s0 etcdrwxr-xr-x. Root root system_u:object_r:home_root_t:s0 homelrwxrwxrwx. Root root system_u:object_r:lib_t:s0 lib-> usr/liblrwxrwxrwx. Root root system_u:object_r:lib_t:s0 lib64-> usr/lib64drwxr-xr-x. Root root system_u:object_r:mnt_t:s0 mediadrwxr-xr-x. Root root system_u:object_r:mnt_t:s0 mntdrwxr-xr-x. Root root system_u:object_r:usr_t:s0 optdr-xr-xr-x root root? Procdr-xr-x---. Root root system_u:object_r:admin_home_t:s0 rootdrwxr-xr-x root root? Runlrwxrwxrwx. Root root system_u:object_r:bin_t:s0 sbin-> usr/sbindrwxr-xr-x. Root root system_u:object_r:var_t:s0 srvdr-xr-xr-x root root? Sysdrwxrwxrwt. Root root system_u:object_r:tmp_t:s0 tmpdrwxr-xr-x. Root root system_u:object_r:usr_t:s0 usrdrwxr-xr-x. Root root system_u:object_r:var_t:s0 var12345678910111213141516171819202122232425262728293031323334

From the above example, we can see that this point (.) is not useless, but has a great effect, and we usually don't pay much attention to it. Files and directories created after SELinux is enabled will display this point in the permission column. Files and directories created after SELinux is closed will not show this point in the permission column, and previously created files or directories will remain unchanged.

3. The plus sign on the permission column (+)

This plus sign is no stranger to friends who have learned about the ACL permission settings in Linux. But let's verify it through experiments.

[root@DCGH] # setfacl-m u:dcgh:rwx * [root@DCGH ~] # ls-lZ-rw-rwxr--+ root root unconfined_u:object_r:admin_home_t:s0 DCGHdrwxrwxr-x+ root root unconfined_u:object_r:admin_home_t:s0 DCGH-DIRdrwxrwxr-x+ root root? DCGH-DIR-later-rw-rwxr--+ root root? DCGH-later [root@DCGH ~] # setfacl-b * [root@DCGH ~] # ls-lZ-rw-r--r--. Root root unconfined_u:object_r:admin_home_t:s0 DCGHdrwxr-xr-x. Root root unconfined_u:object_r:admin_home_t:s0 DCGH-DIRdrwxr-xr-x root root? DCGH-DIR-later-rw-r--r-- root root? DCGH-later123456789101112

We can see that with the addition of ACL permission control, the last location of the permission column of files and directories with the SELinux attribute has become a plus sign (+). After removing the original ACL permission, restore it as it is.

IV. Summary

The dots of the Linux permission column are not meaningless characters. Directories and files created with SELinux enabled have this point, and the permission column indicates that the directory or file and the permissions related to SELinux are set. After the SELinux permission is disabled, the file or directory created when the SELinux permission is turned on previously remains the same, and the point of the permission column is still displayed. The newly created directory or file does not appear in the permissions column.

4.2 if the last location in the permission column is a plus sign, it means that the directory or file has set the content related to the ACL permission. If the plus sign exists, the display of dots in directories or files that are already dotted will be overwritten, but the original SELinux attribute will remain unchanged.

4.3 official point: the dot indicates that the file has a SELinux security context, the plus sign indicates that the file is configured with ACL permissions, and the plus sign will not override the SELinux control.

Thank you for reading this article carefully. I hope the article "example Analysis of plus signs and points in Linux permission column" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.