ls -l filename
- rw- rw- r-- 1 kiosk kiosk 0 Oct 2 17:05 file
[1] [2] [3] [4] [5] [6] [7] [8]
[ 1] ##File type- #Ordinary
file
d
#Directory s #socket socket
l #Soft link
p #Pipe c #Character
device
b #Block device
[2] ##Read and write permission
rw-|rw-|r- -
@ $ *
@ #The actions that the owner of the file can do to the file
$ #The actions that the group members of the group where the file can do to the file
* #The actions that others can do to the file
[3] #The content of the file is recorded by the system Times
[4] #File owner
[5] #File group
[6] #File size
[7] #When the file was last changed
[8] #File name
For example, the following figure creates a file file
Run the ls -l command on the file to display the following
Read and write permissions are read r write w record x
"1":
For files: the number of times the file content was recorded by the system
For directories: the number of bytes of file attributes in the directory (number of subdirectories)
first root
file owner
second root
file owner group
0
the size of the file content
Apr 10 10:13
The last time the file was modified
file
file name
View directory properties
ls -ld directoy
[1][2][3][4][5][6][7][8]
[1] ##type
[2]# #Permission
[3] ##Number of subdirectories
[4] ##Directory owner
[5] ##The group where the directory is located
[6] ##The size of the attributes of the content in the directory
[7] ##Increase or decrease the files in the directory or when it was renamed
[8] ##Directory name
File user group changes
chown user name file|dir ##Change file owner
chgrp groupname file ##change file all groups
chown username.groupname file|dir ##Change owner all groups
chown -R user directory ##Change owner of the directory itself and subfiles in the directory
chgrp -R groupname directory ##Change all groups of the directory itself and subfiles in the directory
A watch command is used here to see the changes of the file user group more clearly
watch -n 2 ls -lR directory/file
chown user name file|dir ##Change file owner
chown username.groupname file|dir ##Change everyone and all groups
From the above, it can be found that users and groups must exist before they can be changed
Permission identification
rwx rx rx
user permission (u) group member permission (g) other user permission (o)
permission type
r
r permission is for files, which means that the content of the file can be viewed
r permission is for the directory, which means that ls can view the files existing in the directory Name
w
w permissions for files, indicating that the content of files can be changed
w permissions for directories, indicating whether sub-files or sub-directories in the directory can be deleted or sub-directories
x
x permissions For files, indicating whether the programs recorded in the files can be opened
x permission for a directory, indicating whether it is possible to enter the directory
e.g. rwx rx rx
rwx represents the owner of the file can read and write the file to open the record/enter the directory operation
rx represents the file group member to read the file to open the record/enter the directory operation
r -x on behalf of other members can read the file to open the record / enter the directory operation
chmod ugo+-=rwx ##Change permissions
chmod [-R] <u|g|o><+|-|=><r|w|x> file|dir
chmod u+x file ##file拥有者加上x权限
chmod g+w file ##file拥有组添加w权限
chmod u-x,g+w file ##file拥有者去掉x权,file1拥有组添加w权限
chmod ugo-r file ##file的用户组其他人去掉r权限
chmod ug+x,o-r file ##file用户和组添加x权限,其他人去掉r权限
u=rwx=7 |g=rwx=7|o=rwx=7
421
u=rw-=6 g=r--=4 o=r--=4 644
r=4
w=2
x=1
-=0
7=rwx,6=rw-,5=r-x,4=r--,3=-wx,2=-w-,1=--x,0=---
rw-|r--|r--
u g o
u=rw-=4+2+0=6
g=r--=4+0+0=4
o=r--=4+0+0=4
所以文件权限表示为644
chmod 修改后权限值 file
chmod 777 file
7=rwx
6=rw-
5=r-x
4=r--
3=-wx
2=-w-
1=--x
0=---
Modify permissions by character as shown above
The setting of system default permissions
From perspective of system existence, the greater the open power, the higher the significance of the system's existence; from the perspective of system security, the less open power, the higher the system security. Therefore, the system setting to create a new file or directory will remove some permissions.
Setting method:
umask ##View the system reserved permission default is 022
umask 077 ##Modify the system reserved permission to 077, this setting is a temporary setting, only valid in the current shell
As shown in the figure below, directly enter umask to view the system reserved permission, and umask 077 will modify the system reserved permission to 077
The above is a temporary modification. If you want to modify it permanently, you can use the subordinate method.
Execute vim /etc/profile, enter the file to modify, as shown in the following figure
vim /etc/bashrc line 71 is the change of the normal user, 73 is the change of the super user
Then
vim /etc/profile line 60 is the normal user's change, 62 is the superuser's change
source /etc/bashrc ##Refresh bash configuration
source /etc/profile ##Refresh system configuration
The umask setting values of the above two files must be consistent
Setting refresh takes effect immediately
Special permission
stickyid ###Forced bit
o+t ###For directories, when a directory has t permission, the files in this directory can only be deleted by the file owner
t=1
chmod o+t directroy
chmod 1777 directory
sgid ###sticky bit
g+s ##For directories, the files created in the directory are automatically assigned to the group where the directory is located. For binary files, the program recorded in the file has nothing to do with the group identity of the executor when it is executed. Instead, do
chmod g+s file|directory
chmod 2777 file|directory
suid ###adventure bit as all groups of the binary
u+s ###For files, the file record action is executed as the owner of a file, regardless of who initiated it
How to set
chmod u+s file
chmod 4xxx file
File access control (acl list)
(1) acl defines
acl = access control
Specifies that special users have special permissions on special files
drwxrwx---+ 2 root root 17 Jul 18 01:39 /westos/
^
表示/westos目录时有权限列表getfacl /westos/
file: westos/ ##文件名称
owner: root ##文件所有人
group: root ##文件所有组
user::rwx ##拥有者权限
user:student:rwx ##特殊用户权限
group::--- ##组权限
mask::rwx ##权限掩码
other::--- ##其他人权限Note: When there is a list of permissions on the file, the permissions that ls -l can see are false
#Check
getfacl file
#The content is as follows:
file: file #File name
# owner: root #The owner of the file
# group: root #The group of the file
user::rwx #The permission of the file owner
group::rwx #The permission of the file group
mask::rwx #Maximum permissions
other::rwx #Permissions of others
##Setting the
setting acl list The
setting method is:
setfacl -m <u|g>:<username|groupname>:权限 文件|目录
-m #设定
u #用户
g #组
d ##默认设定权限,只对该目录内新建的文件和目录有效,对本目录及目录内原有的文件和目录无效。
- 1
- 2
- 3
- 4
- 5
As shown in the figure below, after setting the acl list of setfacl, ls -l queries the file permissions, with + in the permissions, you should use the getfacl file name at this time, you can view the detailed and complete permissions of the file (ls -l
Query permissions are incomplete).
Delete a user or group from the list
setfacl -x <u|g>:<username|groupname> 文件|目lu
Delete the users in the list, and use getfacl to find that the users added before are not in the list. As shown in FIG.
close list
setfacl -b file|directory
As shown below
6. acl mask value
(1) mask permission mask
mask is used to indicate that it can give users the maximum permissions.
When chmod is used to change the normal permissions of the file, it may be destroyed
repair
setfacl -mm:rwx /mnt/file #Use this command to restore the value of the mask
The authority of user westos is rwx, the mask is set to rw, and getfacl prompts that the effective authority of westos is rw. As shown below
####Default permissions of the acl list##### #Permissions
are valid for directories
#When a common permission list is set for a directory, it cannot be determined that a specific user has the specified permission to create a new file in the directory
# If you need permissions to be automatically added to new files, then set the default permissions of the directory
setfacl -md:u:student:rwx /mnt/westos ##Set in the westos directory
Note:
The default permissions are only valid for newly created files or directories in the directory, not valid for files that have already been created, and are also invalid for the directory itself
As shown in the figure below, after setting the default permissions for the directory linux, switch to the hello user, and delete the original files in linux, the system reports an error: no permission
