1. File permissions and ownership
File: 1. Readable (r): can read the actual content of the file
2. Writable (w): can edit, add, modify, delete the actual content of the file
3. Executable (x): able to run a script program
Directory: 1. Readable (r): Can read the file list in the directory
2. Writable (w): can add, delete, and rename files in the directory
3. Executable (x): able to enter the directory
Character and number representation of file permissions: rwxrw-r-- 764 642 rw-r---w-
rwxrwxrwx file owner file group other users
-rw-r--r-- 1 root root 34298 04-02 00:23 install.log File type Access permission Owner (owner) Group (belonging to group) Occupied disk size Modification time File name
2. Special permissions for files
1. SUID: A special permission to set a binary program, which allows the executor of the binary program to temporarily have the permission of the owner.
rwx becomes rws rw- becomes rwS file is given SUID permissions
2. SGID: Allow the executor to temporarily have the authority to belong to the group; files created in a certain directory automatically inherit the user group of the directory.
rwx becomes rws rw- becomes rwS file is given SUID permissions
3. SBIT: Ensure that users can only delete their own files
rwx becomes rwt rw- becomes rwT file is given SBIT permission
chmod [parameter] permissions file or directory name chmod -R 777 haha
chown [parameter] owner: the name of the group file or directory chown abc:abc haha
rw--wS-wt 3623 rwsrwSr-x 6765 File special permission law
Third, the hidden permissions of the file
1. chattr: used to set the hidden permissions of the file, the format is "chattr [parameter] file"
Parameters: i (files cannot be modified; if this parameter is set for the directory, you can only modify the contents of the sub-files but not create or delete files); a (only allow supplementary content, cannot overwrite/delete content); S (the file content is synchronized to the hard disk immediately after it is changed); s (completely deleted from the hard disk and cannot be restored); A (no longer modify the last access time of this file or directory); b (the access to the file or directory cannot be modified Time); D (check for errors in the compressed file); d (ignore this file or directory when backing up with the dump command); c (compress the file or directory by default); u (leave the file on the hard disk after deleting it) The data in the file is easy to restore in the future); t (let the file system support tail merge); X (you can directly access the content in the compressed file)
chattr + permission file name chattr-permission file name
2.lsattr: used to display the hidden permissions of the file, the format is "lsattr [parameter] file"
lsattr file name
Four, file access control list FACL
setfacl -mu: user name: permission file name setfacl -Rm g: user name: permission directory name
getfacl file name
The last dot (.) of the permissions of the ls -ld /root file has become a plus sign (+) which means that the file has been set to FACL
su-abc There is a-sign between the su command and the user name. Switch to the new user completely, and the environment variable information becomes the corresponding information of the new user instead of retaining the original information.
The sudo command is used to increase additional permissions for ordinary users to complete tasks that could only be completed by the root administrator, and the format is "sudo [parameter] command name"
visudo command: only the root administrator can use to edit the configuration file of the sudo service
Who can use Allowed hosts = (in whose capacity) a list of executable commands
root ALL=(ALL) ALL
abc ALL=(ALL) /user/bin/cat The commands here use absolute path commands, and use the whereis command to query