Article Directory
###一. Permission to view and read###
1. Permission View#
ls -l file ##View file permissions
ls -ld dir ##View directory permissions
#2. Access to read#
"The attributes of a file are called the metadata of the file (meta date)"
##File permission information##
-rw-r--r-- 1 root root 0 Jan 9 11:03 hu file permission information
drwxr-xr-x 2 root root 6 Jan 9 11:05 westos/ directory permission information
1. File Type
# - regular file
#d directory file
#l flexible connection (equivalent shortcut)
#B fast device
#c character device
#s socket socket
#p pipeline |
- ##User rights
rw- |r-- r–
u g o
3 ##The selinux of the system is turned on (because the virtual machine is not displayed, the position is after the permission and the symbol is .)
- ##For files: the number of times the file content is recorded by the system (number of hard links)
##For directories: the number of subdirectories in the directory - ##File Owner##
- ##File Ownership Group##
- ##For files: the size of the file content
##For directories: the metadata size of the sub-files in the directory - ##The time when the content of the file was modified
- ##file name
2. Types and functions of ordinary permissions###
##1. The identity of the user to the file#
u: #user The owner of the file, the fifth column of information seen by ls -l
g: #group The file has ancestors, the sixth column of information seen by ls -l
o: # other Generic term for other users who are neither the owner nor a member of the owning group
#2. Permission Bit#
rwx|r–|r–
ugo
#3. User identity matching
user>group>other
#4. Permission Type#
-
#权力未开启
r # readable
#For files: you can read the contents of the files
#For directories: you can list files in the directory with ls
w #可写
#For files: you can change the content of the files
#For directories: you can create or delete files in the directory
x #exe
#For files: you can use the file name to call the program recorded in the file
#For directories: you can enter the directory
3. Method of setting common permissions
chmod ##Set file permissions
chmod --reference=/tmp /mnt/westosdir ##Copy the permissions of the /tmp directory to /mnt/westosdir
[root@westoslinux mnt]# chmod -R --reference=westosfile1 westosdir #copy
the permissions of the /tmp directory to /mnt/westosdir and
the sub-files in the # directory -R represents the first home operation
#chmod Set permissions in character mode
chmod<u|g|o><+|-|=><r|w|x> file ##Set file permissions in character mode
##chmod Digital Method Setting Authority##
7=rwx
4=r
2=w
1=x
adopts superimposed method
[root@westoslinux Desktop]# chmod 700 /mnt/westosfile1
-rwx------ 1 root root 6 Jan 8 16:04 westosfile1
chmod 600 /mnt/westosfile1
rw-------
4. System default permission setting
#SYSTEM EXISTS Meaning Sharing Resources
# From a security perspective, the smaller the shared resources of the system, the smaller the power to open, and the stronger the security of the
system.# It is necessary to ensure the safety of the system and create value for the system, so it should be open The power is open by default
#Keep insecure power by default
#How to keep power#
#umask Indicates system reserved permissions
umask #View reserved permissions
umask Permission value# Temporarily set system reserved permissions
Default file permissions = 777-umask-111
Directory default permissions = 777-umask
The greater the umask value, the higher the security of the system
#umask indicates that the system temporarily changes
umask 077
#Permanent change
vim /etc/bashrc ##shell system configuration file
ls -ld View the permissions of the directory itself
ls -lR View the permissions of the file
[root@westoslinux Desktop]# watch -n 1 "ls -ld /sc ;ls -ld /cw;ls -ld /js; ls -ld /pub;”
##View the attributes of these files in real time /sc /ld /js /pud
vim /etc/profile ##System environment configuration file
source /etc/bashrc ## When the source is active, the content we change is immediately recognized by the system
source /etc/profile
5. File user user group management
chown username file ##Change file ownership group
chgrp groupname file ##Change file ownership group
chown username: groupname file ##Change file ownership and ownership group at the same time
chown | chgrp -R user | group dir ##Change the directory itself and the directory Ownership or Ownership Group
Six. Special permissions
#stickyid 粘制位#For
directories: #If a directory stickyid is opened, then the files in this directory
# can only be deleted by the file owner
chmod 1 original permission dir
chmod o+t dir The
above two commands can open the pub directory t Permission
Experiment:
Problem:
The owner of the directory and other users in the directory can delete files in the directory.
Solution:
Note: When switching users, do not use nesting among multiple users
#sgid 逼位#For
directories: newly created files in the directory automatically belong to the group of the directory
Set
chmod 2 original file permissions dir
chmod g+s dir
#suid 危位
# Only for binary executable files (c program) #When
running binary executable files, they are run as the file owner, and have nothing to do with the executing user.
chmod 4 Original file permissions
chmod u+s file
Seven. acl permission list
Aiccess Control Lists #Access Control List
#Function:
In the list, you can set special users to have special permissions for special files
#acl List open flag
#aclList permission to read getfacl westosfile
display content analysis
#file :westosfile # File name
#owner:root #FILE Owner# group:root
#File owner
user::rw- #Permissions of the file owner
user:lee :rw- #specified user permissions
group::r- -#File has group permissions
group: westos: — # The permissions of a specially designated user group
mask:: rw- # The maximum permission threshold that can be given to special users and special user groups
other:: r-- #Other people's permissions
Note:
"When the file column permission list is enabled, do not use ls -l to read file permissions"
Note: In the above figure, we see that the permissions of the group owned by the permissions viewed by ls -ld are rws and the actual permissions are rx, so do not use the ls command when the permission list is turned on
#acl List of control
setfacl -mu:lee:rw westosfile #Set
setfacl -mg:westos:rw westosfile
setfacl -mu::rwx westosfile
setfacl -mg::0 westosfile
setfacl -xu:lee westosfile ##Delete from the list lee
setfacl -b westosfile #close
#acl Permission priority
Owner>specially designated users>groups with many permissions>groups with few permissions>others
#acl mask
控# The maximum threshold that can be given to the specified user authority when masking
Problem
When the ACL list of the file is set, the power
mask of the file owner will be changed with chmod.
Note: When the permission list is turned on, the permission seen by ls -ld is the mask (if the given permission exceeds the mask, the permission will not take effect. )
#At this time, if you use the chmod command, the value of mask will be changed
#aclList default permissions
setfacl -mu:lee:rwx /mnt/westosdir ##Only valid for the /mnt/westosdir directory itself
setfacl -Rm u:lee:rwx /mnt/westosdir ##For /mnt/westosdir directories and directories Existing files take effect #The
above commands only take effect for existing files, and will not be set when
creating a new file. setfacl -md:u:lee:rwx /mnt/westosdir ##For new creation in the /mnt/westosdir directory File takes effect
Note: The difference is in "d:"
8. Attr permissions
#atter permissions restrict all users
i #cannot do any operation
a
#Can add but not delete lsattr dir | file ##View the atter permission of the file
chattr +i | +a | -i | -a dir | file ##Set atter Authority
