1. View file attributes
ls -l filename
- rw-rw-r-- 1 kiosk kiosk 0 Oct 2 17:05 file
[1] [2] [3] [4] [5] [6] [7] [8]
[1] File Type (Metadata)
- normal file
d directory
s socket socket
l Soft link
p pipe
c character device
b block device
[2] Read and write permissions
rw-|rw-|r--
@ $ *
@ Actions the owner of the file can do to the file
$ Actions that members of the group where the file is in can do to the file
* Actions that others can do to the file Action
[3] The number of times the file content was recorded by the system
[4] The owner of the file
[5] The group of the file
[6] The size of the file
[7] The last time the file was changed
[8] The name of the file
2. View directory properties
ls -ld directory
d rwxr-xr-x 3 kiosk kiosk 33 Aug 27 09:47 directory
[1] [2] [3] [4] [5] [6] [7] [8]
[1] Type (same file)
[2] Permission
[3] Number of subdirectories
[4] Directory owner
[5] The group where the directory is located
[6] The size of the attributes of the content in the directory
[7] The files in the directory increase or decrease or when it was renamed
[8] Directory name
3. file user group change
chown user name file change file owner
chgrp group name file change file all group chown -R user directory change the owner of the directory itself and subfiles in the directory
chgrp -R groupname directory Changes all groups of the directory itself and subfiles in the directory
4. Permission identification
2-10 characters in ls -l are file permissions
rwx rx rx
User rights (u) Group member rights (g) Other user rights (o)
Permission typer
r permission is for files, which means that you can view the contents of files
r permissions are for directories, which means you can ls to view the name of files in the directory
w
w permissions are for files, which means you can change the content of files
w permissions are for directories, which means whether you can delete a directory The subfile or subdirectory in the
x
x permission For the file, it indicates whether the program recorded in the file can be opened.
For the directory, it indicates whether it is possible to enter the directory
chmod ugo+-=rwx to change the permission
u=rwx=7 |g=rwx= 7|o=rwx=7
421
u=rw-=6 g=r--=4 o=r--=4 644
r=4
w=2
x=1
-=0
7=rwx,6=rw-,5=r-x,4=r--,3=-wx,2=-w-,1=--x,0=---
5. The default permission
umask of the file shows the system reserved permission value
umask 077 Temporarily modify the umask value
Permanently modify
vim /etc/bashrc Line 71 is the change of the ordinary user, 73 is the change of the super user
vim /etc/profile Line 60 is the change of the ordinary user, 62 is the change of the super user
source /etc/bashrc Refresh the bash configuration
source /etc/profile refresh system configuration
6. The special permission
stickyid is mandatory for the directory
o+t . When a directory has t permission, the files in this directory can only be deleted by the file owner
t=1
chmod o+t directroy
chmod 1777 directory
sgid sticky bit
g+s is for directories, and the files created in the directory are automatically assigned to the group where the directory is located. For binary files, the program recorded in the file has nothing to do with the group identity of the executor when it is executed, but is based on all groups of the binary file.
chmod g+s file|directory
chmod 2777 file|directory
suid adventure bit
u+s is for files, the file record action is performed by the owner of a file when it is executed, it has nothing to do with who initiated it
chmod u+s file
chmod 4777 fileg+s
7. Permission list
acl specifies that a specific user has special rights to a specific file
-rw-rwx---+ 1 root root 0 Mar 28 02:39 file
^
(permission list open)
Then the ordinary permissions of this file are also identified in the permission list, and the permissions seen by ls -l are inaccurate
Permanently modify
vim /etc/bashrc line 71 is the change of the normal user, 73 is the change of the super user
vim /etc/profile line 60 is the normal user's change, 62 is the superuser's change
source /etc/bashrc to refresh bash configurationsource /etc/profile refresh system configuration
2. View
getfacl /mnt/file
1. The content is as follows:
file: mnt/file file name
# owner: owner of the root file
# group: group of the root file
user::rw- the permission of the file owner
user:westos:rw -Specially specified user permissions
group::--- File group permissions
group:student:rwxSpecially specified group permissions
mask::rwx maximum permissions
other::--- permissions for others
setfacl -mu:lee:rwx /mnt/file set the lee user can read and write the file file
setfacl -mg:student:rwx /mnt/file set the student group to read and write files
setfacl -xu:lee /mnt/file deletes the information of user lee from the permission list
setfacl -xg:student /mnt/file deletes the information of the student group in the permission list
setfacl -b /mnt/file closes the permission list then the "+" disappears
default permission is only for the same
directory . Set usermane writable
for files created in the /mnt/directory directory. It does not take effect for files existing in the /mnt/directory directory.
setfacl -md:u:username:rwx /mnt /directory
4.mask value The
mask value is the maximum value that can be given to the user.
When the acl list is set, if the chmod command is used to reduce the permissions of the file, the mask value will be changed.
chmod 600 /mnt/file do such an action mask value Will change
before change
file: mnt/file
owner: root
group: root
user::rw-
user:lee:rwx
#group::---
mask::rwx
other::---
file: mnt/file
owner: root
# group: root
user::rw-
user:lee:rwx effective:--- This position indicates the effective power
group::---
mask::---
other::--
setfacl -mm:rwx /mnt/file Use this command to restore the value of the mask.
The default permissions of the acl list are
effective
for the directory. After setting the ordinary permission list for the directory, it is impossible to determine the specific user's permission in the directory. The new file in the file is specified by the authority.
If the authority needs to be automatically added to the new file, then the default authority of the directory should be set.
setfacl -md:u:student:rwx /mnt/westos set in the westos directory
The new file has rwx permissions
for the student user. It is invalid for existing files. It is invalid
for the directory itself.