1. View file properties
ls -l filename
- rw-r--r-- 1 root root 0 Apr 12 05:11 nba
[1][2][3][4][5][6][7][8]
[1] ##filetype
- #Ordinary file
d
#Directory s #socket socket
l #Soft link
p #Pipe c #Character
device
b #Block device
[2] ##Read and write permission
rw-|rw-|r--
@ $ * @ # Actions that the owner of the file can do to the file
$ # Actions that the group members of the group where the file can do to the file
* # Actions that others can do to the file
[3] #Number of times the file content is recorded by the system
[4] #File Owner
[5] #The group where the file is located
[6] #File size
[7] #The last time the file was changed
[8] #File name
2. View directory properties
ls -ld directory name
d rwxr-xr-x 2 root root 6 Apr 12 05:19 NBA
[1] [2] [3] [4] [5] [6] [7] [8]
[1] ##Type (same file)
[2] ##Permission
[3] ##Number of subdirectories
[4] ##Directory owner
[5] ##The group where the directory is located
[6] ##The size of the attributes of the content in the directory
[7] ##In the directory The time when the file was added or subtracted or renamed
[8] ##Directory name
3. Change of file user group
chown user name file ##Change file owner
chgrp group name file ##Change file all group
chown -R user directory ##Changes everyone in the directory itself and subfiles in the directory
chgrp -R groupname directory ##Changes all groups in the directory itself and subfiles in the directory
4. Permission identification
2-10 characters in ls -l are file permissions
rwx rx rx
user permissions (u) group member permissions (g) other user permissions (o)
###Types of permissions###
r r
permission is for files, which means that you can view the contents
of files Subfile or subdirectory x x permission For a file, it indicates whether the program recorded in the file can be opened. For a directory, it indicates whether it is possible to enter the directory.
chmod ugo+-=rwx ##Change permissions
(ugo represents the read and write permissions of a person to a file, rwx is a command that can be read and written to execute, and it is assigned to ugo by addition and subtraction)
experiment:
Step 1: Create three files and use monitoring commands to monitor permission changes
Step 2: Change the permissions of files and directories
##In the program rwx can also be represented by binary calculation results##
u=rwx=7 |g=rwx=7 |o=rwx=7
u=rw-=6 g=r--=4 o=r--=4 644
r=4 w=2 x=1 -=0
7=rwx,6=rw-,5=r-x,4=r--,3=-wx,2=-w-,1=--x,0=---
5. Default permissions for files
##There is no x in the default permission, that is, the maximum default permission of the file is 666 (-rw-rw-rw)
##Since entering the directory is related to the x permission of the directory, the maximum default permission of the directory is 777 (drwx-rwx-rwx)
umask ##Display the system reserved permission value
umask 077 ##Temporarily modify the umask value
##This umask command only temporarily changes the default permission of the file to 077. When the terminal is closed and reopened, the unask permission is still 022##
##Permanently modify
vim /etc/bashrc Line 71 is the change of the ordinary user, 73 is the change of the super user
vim /etc/profile Line 60 is the change of the ordinary user, 62 is the change of the super user
source /etc/bashrc ##Refresh bash configuration
source /etc/profile ##Refresh system configuration
##before fixing##
##After modification##
###After permanent modification with vim, the configuration must be refreshed with source, otherwise the value of umask will remain unchanged###
6. Special permissions
1) stickyid ###Forced bit
o+t ###For directories, when a directory has t permission, the files in this directory can only be deleted by the file owner
t=1
chmod o+t directroy
chmod 1777 directory
Note: We create a directory under the super user with full permissions, and then log in with two ordinary users to create files in this directory. Then log in to a user again, you can delete the file created by the user just now, which is not safe for our files
Note: Use the command chomd o+t to give permissions to the created directory, other users do not have permission to delete another user's files, which greatly improves the security of the files
2) sgid ###Stick bit
g+s ##For directories, the files created in the directory are automatically assigned to the group where the directory is located. For binary files, the program recorded in the file does not have the group identity of the executor when it is executed. relationship, but execute
chmod g+s file|directory
chmod 2777 file|directory as all groups of the binary
3) suid ###Adventure bit
u+s ###For files, the file record action is executed as the owner of a file, regardless of who initiated it
chmod u+s file
chmod 4777 fileg+s
7. Permission list
acl ##Specify that a specific user has special power on a specific file
-rw-rwx---+ 1 root root 0 Mar 28 02:39 file
^ The
permission list is turned on
, then the ordinary permissions of this file are also in the permission list The permissions seen by ls -l are inaccurate
#View
getfacl /mnt/file #The
content is as follows:
file: mnt/file #File name
# owner: root #The owner of the file
# group: root #The group of the file
user::rw- #Permissions of the file owner
user:westos:rw- #Permissions of special designated users
group::--- #Permissions of file groups
group:student:rwx #Permissions of special designated groups
mask::rwx # Maximum permission
other::--- # permission of others
##Set
setfacl -mu:lee:rwx /mnt/file #Set the lee user can read and write the file and execute
setfacl -mg:student:rwx /mnt/file #Set the student group to read and write the file
setfacl -xu:lee /mnt/file #Delete the information of user lee in the permission list
setfacl -xg:student /mnt/file #Delete the information of the student group in the permission list
setfacl -b /mnt/file #Close the permission list then, "+" disappears
##mask value# The mask value
is the maximum value that can be granted to the user
#When the acl list is set, if the chmod command is used to reduce the permissions of the file, the mask value will be changed
#
chmod 600 /mnt/file #Do this action mask value will change
#####before change #####
file: mnt/file
owner: root
# group: root
user::rw-
user:lee:rwx
group::---
mask::rwx
other::---
#####After change######
file: mnt/file
owner: root
# group: root
user::rw-
user:lee:rwx #effective:--- This location indicates effective power
group::---
mask::---
other::--
###Restore###
setfacl -mm:rwx /mnt/file #Use this command to restore the value of mask
####Default permissions of the acl list##### #Permissions
are valid for directories
#When a common permission list is set for a directory, it cannot be determined that a specific user has the specified permissions for newly created files in the directory
# If you need permissions to be automatically added to new files, then set the default permissions of the directory
setfacl -md:u:student:rwx /mnt/westos ##Set in the westos directory
##The new file has rwx permissions for the student user
##Invalid for existing files
##Invalid for the directory itself
