Shulou(Shulou.com)06/02 Report--

This article is to share with you about the permissions commonly used in linux, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

1. General permissions (owner, group, others)

D rwx r-xr-x 4 mysql mysql 4096 Oct 8 21:29 databases_backup_20191007111846

The corresponding permission is d, which represents the directory r: 4 w: 2 xpur1.

The corresponding permission is rwx (owner) r-xr (group)-x (others)

2 ACL permission

Why do you need to have ACL permissions (permissions created to solve insufficient permissions)

For example, the permission of a file is 7.50, but this we add a user, the user is in a group of other people, but this user needs access to the file.

Our ordinary permissions can not be solved, so we introduce ACL permissions.

A simple example

Use root

Touch test

Chmod 750 test

Create a new account testuser1

Now it's time for testuser1 to have access to the test file.

Use the setup command setfacl-m user:testuser1:4. / test

Get acl permission

Getfacl. / test

# file: test

# owner: root

# group: root

User::rwx

User:testuser1:r--

Group::r-x

Mask::r-x

Other::

Use ls-l. / test

-rwxr-x---+ 1 root root 8 Nov 6 10:56. / test

You can use the-b option to remove all ACL. All ACL items will be removed.

Setfacl-b file1 (remove all AcL permissions)

Setfacl-x g:testg1 file1 (remove ACL permissions for this group)

Setfacl-x u:testuser1. / test (removes the ACL permissions of the user testuser1 on this. / test file)

-

3. Sudo controls the user's permission to use system commands and the operations allowed by root. (generally speaking, the permissions that root can execute are assigned to ordinary users to execute.)

Changed command visudo

Visudo: edit the sudo configuration file (equivalent to vi / etc/sudoers, but not recommended, check the syntax)

Syntax: user MACHINE=COMMANDS # sudo syntax

Root ALL= (ALL) ALL # (All) indicates the permission of which user is allowed to do something

Omd ALL= (ALL) ALL # omd user on any machine, you can only need any command from any user = = root user

Omd ALL= (ALL) NOPASSWD: ALL # is secret-free and omd users on any machine can only need any command from any user

Ftl ALL= (ALL) / bin/cp,/bin/touch # only allows ftl users to require only the root user's cp,touch command

4Query Chattr lock permission (the deletion and modification of file permissions by root account will be restricted, but only root permission can be unlocked)

Attribute option function I if you set the I attribute to a file, you are not allowed to delete or rename the file, nor can you add or modify data

If you set the I attribute on the directory, you can only modify the data in the file under the directory, but you are not allowed to create and delete the file; an if you set the an attribute on the file, you can only add data to the file, but you cannot delete or modify the data.

If you set a property on a directory, only files are allowed to be created and modified in the directory, but files are not allowed to be deleted; u files or directories that set this property are saved when they are deleted to ensure that they can be restored later, often used to prevent accidental deletion of files or directories. S and u, on the contrary, when you delete a file or directory, it will be deleted completely (directly from the hard disk, and then fill the occupied area with 0) and cannot be recovered.

[root@izkwunweoljbq4z chattrtest] # rm-rf 1.txt

Rm: cannot remove 1.txt Operation not permitted

Mkdir test

Cd test

Touch 1.txt

Chattr + I test

1.txt can be modified but cannot be created and deleted

These are the permissions commonly used in linux, and the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.