During this period of time, I thought a lot. Although I was preparing for the postgraduate entrance examination, the final purpose was also for work, so I took an hour every day to consolidate the little knowledge of operation and maintenance. I think what the teacher said to me is right, a smart person will do two things at the same time. I am not blindly confident. After all, time and energy are limited. I fix three knowledge points every day, and I will insist on doing it well. My notes are basically from the Internet. As a college student, I feel that there is no room for negotiation on copyright issues. When borrowing other people's articles, I will post their addresses so that more people can see them. Salute Uncle Bird, salute to those programmers on the road.
1. umask file default permissions (0022)
(1) root user: default 022
file: -rw-r--r--
Directory: drwxr-xr-x
(2) Ordinary users: generally 002
Usage: #umask -S u = rwx, g = rx, o = rx
2. File hidden attributes chattr, lsattr
chattr [+-=] [ASacdistu] file or directory name "set file attributes"
Parameters: + means adding a special parameter, = means only the following parameters (overwriting)
a: This file can only add data, can not delete or modify data (root user can set).
i: "Immortal Permission". The file cannot be deleted, renamed, connected, and cannot be written or added (root).
lsattr [adR] file or directory "View file attributes"
Parameters: -a: also show the attributes of hidden files.
-d: List only the properties of the directory itself.
-R: Expose together with the attributes of subdirectories under the directory.
3. File special permissions SUID, SGID, SBIT
(1) SUID ==> owner authority
a. SUID is only valid for binary programs, not for shell scripts and directories
b. The executor needs to have x permission to the program
c. The executor will have the permission of the owner of the program
(2) SGID ==> group permission
a. SGID is only valid for binary programs and can also be used for directories
b. The executor needs to have x permission to the program
c. The executor will have the permissions of the program user group
(3) SBIT sticky bit ==> others
a. SBIT is only valid for directories
b. The executor needs to have the permissions of w and x to the directory, that is, the permission to write.
c. When a user creates a file or directory in this directory, only himself and root have the right to delete (own) files; similarly, they cannot delete other people's files.
Set SUID, SGID, SBIT
Corresponding to 4 2 1 respectively
Example: ls -l file "permission to view files"
chmod 4755 test // join with SUID permission
chmod 6755 test // with SUID/SGID permissions
chmod 1755 test // function with SBIT
chmod 7666 test //Have empty SUID/SGID permissions as: --rwSrwSrwT
The content of this chapter is taken from "Uncle Bird's Private Kitchen Basics"