Shulou(Shulou.com)06/01 Report--

This article mainly introduces "which types of user rights under linux". In daily operation, I believe that many people have doubts about which types of user rights under linux. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the questions of "which types of user rights under linux". Next, please follow the editor to study!

User rights are an aspect of linux security. These permissions fall into several types, including file licenses, file attributes, file system quotas, and system resource restrictions.

(1) File and directory licensing

We can set permissions for files and directories in linux. Prevent others from reading your private files and entering sensitive directories. We can set the file license to a minimum, and then relax the license one by one based on the need. Here is a simple example of a file license:

Dai$ ls-l d.txt

-rw-rw-r-- 1 dai users 20445 Nov 6 05:40 d.txt: license, number of links, user, group, number of bytes, last modification time, first name

The file license information is:

-rw- rw- rmuri-

License group license for file type owner to license others

General file types can be:-normal files, d directories, l symbolic links, s sockets, p FIFO pipes

The three permissions of the file license can be set to license or deny, that is, set or empty, so the license can be regarded as a collection of 0 and 1, such as rwx for read, write, execute, can be written into 111or octal for read, write, clear write permission, so it can be written into 101,5book rxr for 111101001 and 751 for octal.

Change the file license:

Dai$ ls-l d.txt

-rw-rw-r-- 1 dai users 20445 Nov 6 05:40 d.txt

Dai$ chmod 751 d.txt

Dai$ ls-l d.txt

-rwxr-x--x 1 dai users 20445 Nov 6 05:40 d.txt can also use the following symbol mode of the chmod command:

Dai$ ls-l d.txt

-rw-r--r-- 1 dai users 20445 Nov 6 05:40 d.txtdai $chmod + x d.txt

Dai$ ls-l d.txt

-rwxr-xr-x 1 dai users 20445 Nov 6 05:40 d.txt

Here chmod+x means "increase the execution license: + means to add the license-means to remove the license because you can only change the group license."

Dai$ chmod Gmurr d.txt

Dai$ ls-l d.txt

-rw---xr-x 1 dai users 20445 Nov 6 05:40 d.txt

Book files except for other users in a writable directory

As long as he has write permission to this directory, all users can not only create files in the directory, but also create all the files in the initial directory, including files that do not belong to him.

Such as:

Dai$ ls-ld temp

Drwxrwxrwx 2 dai users 20445 Nov 6 05:40 temp

We can see that the directory belongs to dai, but anyone has write permission. Now there is a user ming who wants to register except a file that does not belong to him and does not have the right to read:

Ming$ ls-l

Total 0

-rw- 1 dai users 20445 Nov 6 05:40 a

-rw- 1 ming users 20445 Nov 6 05:40 b

-rw- 1 root root 20445 Nov 6 05:40 c

Ming$ cat a

Cat: a: weijianleirong

Ming$ rm-f a

Ming$ ls-l

Total 0

-rw- 1 ming users 20445 Nov 6 05:40 b

-rw- 1 root root 20445 Nov 6 05:40 c

We can see that file an is not owned by ming, and user ming does not have read or write permission to the file, but he successfully registers except files. He does this because he has write access to the directory-deleting files under linux only changes the directory, that is, as long as the most directory has write permission to allow users to delete their own files, just set the adhesion bit to the directory

Dai$ chmod + t temp

Dai$ ls-ld temp

Drwxrwxrwt 2 dai users 20445 Nov 6 05:40 temp

Now the user ming cannot delete the file a, but he can also delete his own file.

In addition to read (r), write (w), and execute (x) permissions, you can also set two permission bits, the set-user-id (suid) bit set-group-id (sgid) bit. Its function is that the program runs as the owner, ignoring the identity of the user who actually executes the program.

Root# ls-l suiffile

Rwxr-xr-x 21 dai users 20445 Nov 6 05:40 suiffile

Root# chmod Utility suiffile

Rwsr-xr-x 21 dai users 20445 Nov 6 05:40 suiffile

In the s position s that represents the x position of the user permission, s is the suid bit

Sometimes we can use chattr and lsattr for sensitive files, read, write, execute, and permissions that do not make full use of advanced file properties.

Property can increase the protection and security of files and directories, for example, I setting the file can not be changed, so that the file cannot be modified, deleted, renamed, and the s attribute makes the class capacity be completely erased from the disk when the file is cataloged:

I: the file cannot be changed, so that the file cannot be modified, deleted, renamed, linked, and written to data. S: zero from disk when the file book is removed. D: files cannot be dumped. A: files can only be opened in append mode. Only root can set this property.

Dai$ lsattr c.txt

-c.txt

Dai$ chattr + c c.txt

Dai$ chattr + d c.txt

Dai$ chattr + s c.txt

Dai$ lsattr c.txt

Smurc, Mutual, Mutual, c.txt.

Dai$ chattr-d c.tx

Smurc-c.txt

At this point, the study on "which types of user rights under linux" is over, I hope to be able to solve everyone's doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.