Article directory
1. Users under Linux
Here we have explained a little bit at the beginning of the previous article: Basic Instructions , and then we will talk about it in detail:
There are two types of users under Linux: super user (root) and ordinary user.
- Super user: can do anything under the linux system without restriction
- Ordinary users: do limited things under linux.
- The command prompt of a super user is "#", and the command prompt of a normal user is "$".
Command: su [user name] (su - [user name]) (the latter directory can be switched to the user's home directory, the path changes, but the former path does not change) Function: Switch
users .
For example, to switch from the root user to the normal user user, use su user. To switch from a normal user to a root user, use su root (root can be omitted), and the system will prompt you to enter the password of the root user.
Command: sudo
function: without switching users, just allow ordinary users to elevate their rights in one line, and execute corresponding instructions as root
sudo command,短暂提权 --> root执行命令
Suggestion: It is not recommended to set the root password and ordinary user password to be the same
2. File permissions
Permissions = people + attributes of things
Permissions describe the relationship between people and the attributes of things. The next file visitor is a person, and the file attribute is a thing attribute.
1. Classification of file visitors
File visitors fall into three categories:
- Owner: the user who created the file
- Belonging group (group): The group the owner belongs to. If the file access is only divided into the owner and others, it is not convenient for multi-user collaboration
- Others: Everyone except the owner and the group they belong to.
The first column framed in the above figure is the owner of the file, and the second column is the group to which it belongs. Due to the small number of users, it forms a group of
its own. The owner, group and others are all roles for files, while root and ordinary users refer to specific users.
The next column is the size of the file, and the next column is the creation time or last modification time of the file.
2. File Types and Access Rights
We also mentioned a little bit in the previous article, file = content + attribute
However, we know too much about the attribute data of the file. Here we will explain two important points, first look at the following picture:
From the picture above, it can be clearly seen that there are 10 columns in the front block, which are divided into 4 groups. The first column forms a group by itself, and then every three columns form a group, which are framed in different colors.
And from the moment we learn instructions, we can find that we only need to create a file or directory. When we view the detailed attribute information of the file, there is such a large block in front of it, and what does this large block represent?
1. File type:
The first column among llthe many attribute columns displayed is used to distinguish the file type in Linux. There are generally two types: -representing ordinary files and drepresenting directories.
Note: In Linux, file suffixes are not used as a way to distinguish files, only the first column of attributes is used to distinguish them.
Although the file type of Linux has nothing to do with the file suffix, it does not mean that we cannot use the suffix to distinguish the file type, and some tools in our Linux may have requirements for the file suffix, such as creating a .c file in Linux, we You can write code in it, and then compile and run it through the gcc tool to generate an executable program, but if it is a .txt file, even if we write code in it, our gcc cannot compile it, let alone generate an executable program.
Common file types are as follows:
the two marked in red in front are what we must master.
2. Permission attribute of the file:
So much has been said above, only the first column of the attribute is mentioned, what about the remaining 9 columns?
The remaining nine columns, three or three in groups, respectively represent the permissions of the file owner , the group to which it belongs , and others on the file.
There are three types of file permissions :
r: read permission, for a file, read has the permission to read the content of the file; for a directory, it has the permission to browse the directory informationw: Write permission, for a file, write has the permission to modify the content of the file; for a directory, it has the permission to create or delete files in the directoryx: Execute permission, for a file, execute has the permission to execute the file; for a directory, it has the permission to enter the directory- "
—"means not having this permission
Note: The corresponding positions of the permissions you have are fixed, from left to right, r, w, x. If the corresponding location does not have this permission, it will be
-indicated by .
3. Representation method of file permission value
- Character representation
The character representation is as shown above.
| Linux means | illustrate | Linux means | illustrate |
|---|---|---|---|
r-- |
read only | -wx |
Writable and executable |
-w- |
just write | r-x |
readable and executable |
--x |
executable only | rwx |
Readable, writable and executable |
rw- |
readable and writable | --- |
no permissions |
- Octal number representation
| permission symbol | Octal | binary |
|---|---|---|
r-- |
4 | 100 |
-w- |
2 | 010 |
--x |
1 | 001 |
rw- |
6 | 110 |
r-x |
5 | 101 |
-wx |
3 | 011 |
rwx |
7 | 111 |
--- |
0 | 000 |
Summary:
The permissions of the files we talked about above are summarized in the following figure, which is more clear:
3. How to set file access permissions
There are two types of permission to modify a file, one is to modify the read, write and execute attributes of the file, and the other is to modify the owner and group of the file. Look at the first one first:
1. chmod
chmodThe read, write, and execute permissions of files can be modified for three kinds of visitors
Note: Only the owner of the file and the root user can change the permissions of the file
The chmod command modifies the format of file permission values
① User indicator +/-/= permission character
+: Add permission
-: Cancel permission
=: Grant permission - - It is equivalent to assignment and will overwrite other permissions
User symbol:
u: Owner
g: Group
o: Other users
a: All users
details as follows:
# u表示拥有者user
[wyt@VM-20-4-centos lesson3]$ chmod u+x test.c #给拥有者添加执行权限
[wyt@VM-20-4-centos lesson3]$ chmod u-w test.c #给拥有者取消写权限
[wyt@VM-20-4-centos lesson3]$ chmod u=r test.c #给拥有者赋予读权限
# g表示所属组group
[wyt@VM-20-4-centos lesson3]$ chmod g+w test.c # 给所属组添加写权限
[wyt@VM-20-4-centos lesson3]$ chmod g-r test.c # 给所属组取消读权限
[wyt@VM-20-4-centos lesson3]$ chmod g=x test.c # 给所属组赋予执行权限
# o表示其他人other
[wyt@VM-20-4-centos lesson3]$ chmod o+w test.c # 给其他用户添加写权限
[wyt@VM-20-4-centos lesson3]$ chmod o-r test.c # 给其他用户取消读权限
[wyt@VM-20-4-centos lesson3]$ chmod o=x test.c # 给其他用户赋予执行权限
The execution effect is as shown in the figure (only one of them is listed):
chmod supports continuous modification of the permissions of multiple visitors, multiple permissions of a single visitor, continuous modification of multiple permissions of multiple visitors, and continuous operation of multiple files.
② Use the octal method to modify permissions
illustrate:
[wyt@VM-20-4-centos lesson3]$ chmod 000 test.c # 权限值为0也就是---
[wyt@VM-20-4-centos lesson3]$ chmod u-rwx,g-rwx,o-rwx test.c #这两种写法是一致的
[wyt@VM-20-4-centos lesson3]$ chmod 664 test.c #权限值为664也就是rw-rw-r--
[wyt@VM-20-4-centos lesson3]$ chmod u+rw,g+rw,o+r test.c #这两种写法是一致的
2. chown
chown can be used to modify the owner of the file, or modify the owner of the file and the group to which it belongs
Format: chown username filename
Example 1: Modify the file owner
It can be seen that the owner of the file cannot be changed to other users casually, even if it is the file owner .
So how to modify it?
As we mentioned at the beginning of this article, the root user is a super administrator user, which is not restricted by permissions. We also learned a command in the previous article, which can temporarily sudoelevate permissions, so the modification method is as follows:
Example 2: Modify the file owner and group together
3. chgrp
chgrp is used to modify the group
format of the file: chgrp user group name file name
Example:
4. umask (emphasis)
Why is the default permission of the directory or ordinary file we created is what we see? for example:
In fact in Linux stipulates :
- The initial permission of the directory is : 777
- The initial permission of ordinary files is : 666
But the permissions we see are not 777 and 666, why?
In fact, there is another one in the system umask: it is called 权限掩码
We only need to pay attention to the last three numbers, and the first number does not need to be concerned.
The system will configure umaskthe permission mask by default:
- Superuser default mask value is 0022
- Ordinary users default to 0002
Having said so much, what is the relationship between the permission mask and the file permission we created, and what function does it have?
Permission mask: All permissions that appear in the umask must be removed from the initial permissions
Take the directory and files we created above as an example:
In addition to viewing the value of the umask permission mask, we can also modify it:
# umask //查看
# umask 044//设置
Example 1:
Example 2:
Having said so much, and the above examples are also listed, how is this calculated? Is it subtraction? ----no!
The calculation method is as follows:
Example: Taking ordinary files as an example
is consistent with the actual results:
Fourth, the file command
Function description : Identify file type
Syntax : file [option] file or directory.
Common options:
-c Displays the execution process of the instruction in detail, which is convenient for troubleshooting or analyzing the execution of the program.
-z Attempt to decipher the contents of the compressed file.
Five, directory permissions
After the above explanation, it is very clear to us what the reading and writing execution of ordinary files means. But what does it mean to read, write, and execute directories separately? How is it different from normal files?
Three permissions under the directory
可执行权限(x): If the directory does not have executable permissions, you cannot cd into the directory.可读权限(r): If the directory does not have read permission, you cannot view the contents of the files in the directory with commands such as ls可写权限(w): If the directory does not have writable permissions, files cannot be created in the directory, and files cannot be deleted in the directory
Example 1: Remove the executable permission of the directory and observe whether the directory can be entered
Example 2: Remove the readable permission of the directory to see if you can ls the directory to view the files under it
Example 3: Remove the writable permission of the directory to see if files can be created or deleted in the directory
sticky bit
There are many people in the Linux system. When we need to operate temporary files in a public directory (add, delete, check and modify)
According to the permissions of the directory, as long as the user has write permission to the directory, the files created by others in the directory can be deleted by the user without the consent of others.
So make a public directory, everyone can perform rwx operations independently, but everyone is forbidden to delete each other's files! We can set (a special case of permissions) for directories粘滞位
When a directory has the sticky bit set, the directory can only be deleted by three types of users:
- root
- user owner
- The group the user belongs to
There is a default public directory under the root directory of the Linux system: tmp
Note: To set the sticky bit, you need to use the root user to set it, and ordinary users cannot set it.
Note that the sticky bit is to modify the directory and take effect for all files in the directory