written in front
In this article, let's talk about the knowledge related to permissions under Linux. I plan to expand from these aspects:
1. Know the classification of users under Linux
2. What is authority
3. What would it be like to have no permissions?
4. How to modify permissions
5. Other important issues
So without further ado, let's start now.
Table of contents
1. Classification of users under Linux
How to increase user privileges
3. What does it look like if there is no permission
6. The first question: the initial permissions of the file
7. The second question: directory permissions
8. The third problem: the sticky bit
1. Classification of users under Linux
There are two types of users under Linux:
1. root (super user)
2. Ordinary users
What we adduser adds is ordinary users.
What is the difference between them?
Root is basically not restricted by permissions, while ordinary users are restricted by permissions.
How to switch users
How do we switch between two users?
All users under Linux have their own passwords,
We can switch users with the su/su- command:
Example: (Switch to root user)
The password entered is root's password,
In addition, the su- command is to switch to the root directory of root, and su is still under the current directory.
We can use the shortcut key Ctrl d to return to the previous user:
Of course, typing exit directly has the same effect.
How to increase user privileges
We can temporarily elevate the user's privileges through the sudo command (the duration may vary from ten minutes)
example:
We can observe that by adding sudo in front of the command, the user temporarily switches to root
The password entered here is the password of the current user.
You may ask: Why can I get root user privileges when I enter my user password?
In fact, we need to add this user to the whitelist trusted by the system to enjoy the sudo command,
As for how to add it, I will introduce it when I talk about Linux tools. If you are interested, you can search for tutorials online.
2. What is authority
Permissions are actually whether you are allowed to do something.
Authorization authentication is an attribute of identity and things. Let's take a file as an example:
For example, the test.txt file and directory we just created:
This one on top:
is the type representing the file:
- Represents ordinary files (text, executable, etc.)
d stands for directory file
b stands for block device file (disk file)
c stands for character device files (keyboard, monitor)
p represents the pipeline file (used for communication)
We mainly discuss ordinary files and directory files here.
Supplement: (file type)
The file suffix name in the Linux system has no direct meaning (the system kernel does not rely on this to distinguish file types)
(Note: It is only the system kernel, it does not mean that some software under Linux does not need a suffix name)
(For example, the gcc compiler still needs you to have the suffix of .c when compiling)
Let's continue to look at permissions:
In Linux, the file permissions are represented by the characters in this place.
The three of them form a group, representing the owner, the group they belong to, and the permissions of other, respectively.
The meanings of these characters are:
r stands for read permission
w stands for write permission
x stands for execute permission
- Indicates that there is no permission for this location
in addition:
These two places in the file represent the owner and group of the file respectively.
3. What does it look like if there is no permission
Normal file:
Here, we redirect a sentence into the test.txt file:
And checked the contents of the test.txt file,
What happens if the file does not have write permission?
We found that when the file does not have write permission, our append redirection fails
Did not add this sentence into the file, Permission denied.
What if there is no read permission?
We can find that the cat command is no longer used, and the file cannot be read.
When we add executable permissions to test.txt:
We can even execute the file, of course, nothing will be sent.
This is the file permissions.
What if we operate with the root user?
Let's try:
We can see that this file has no permissions
But root can do whatever it wants, this is a super user.
Catalog file:
Let's test the permissions of some directory files next:
We found that when the directory does not have executable permissions, we cannot enter
What if you don't have write permission:
We found that if the directory file does not have write permission, we cannot create new files in the directory
What if you don't have read permission:
We found that there is no read permission, you can view the contents of the file,
But we can't see what files are in this directory.
Of course, the root user can use any function anyway.
One more thing to add here is that the permission of other refers to the permission of other users to access my files.
4. How to modify permissions
We can use the chmod command
Just look at the example:
Add read permissions to myself: (chmod u+r filename)
Add write permission to the group to which it belongs: (chmod g+w file name)
给other增加可执行权限:(chmod o+x 文件名)
通过这三个例子,
我们可以观察出:u就是用户,g就是所属组,o就是other,+就是添加权限
取消所有人的权限:(chmod a-rwx 文件名)
总结:a 是所有人,-就是取消权限。
补充,我们还能这样理解权限:(通过八进制的形式)
实际上,每个位置的权限都是用二进制来表示的:
比如:(我们的test.txt文件)
他的权限现在是 rw- rw- r--
用二进制表示就是:110 110 100
转换成八进制就是:6 6 4
例:(通过数字修改权限)
我们当然也可以:
这就是权限的修改,
实际上我们还可以修改文件的拥有者和所属组,
分别是:
chown + 用户名 + 文件名
chgrp + 所属组名 + 文件名
选项 -R 可以修改目录。
这里我就不演示了,感兴趣的话可以自己去试试。
6. 第一个问题:文件的起始权限
为什么我们一创建文件,他的权限是这样的?
普通文件是:664
目录文件是:775
实际上,Linux系统给普通文件的起始权限是666
而默认给目录文件的起始权限是777
而Linux中存再权限掩码,我们可以用umask查看:
666的权限是:110 110 110(666)
而权限掩码是:000 000 011(0002)
最终的权限是:110 110 100(664)
我不废话,直接说计算规则:
最终权限 = 起始权限 & (~umask)
补充,当然,我们也可以自己修改umask:
我们可以看到,改了umask 之后,起始权限确实变化了。
7. 第二个问题:目录的权限
前面我已经介绍了目录权限相关的操作和现象,
现在有个场景:
有两个用户同时在一个公共目录下工作:(在d1目录下)
xl用户写了个文件,
test 用户可以查看这个文件
因为这个文件给other开发了读权限:
那么,如果我们把读权限取消呢?
这样,test 用户就无法阅读了:
这个时候,test 用户一气之下,想着不给我读是吧,你也别想好过
就想把这个文件删除:
结果这个文件真的被他删了,
Obviously this file does not belong to the test user, but he can delete the file,
Obviously, such a design is unreasonable.
In fact, we just explored the permissions of directories,
The permissions of the directory are:
r represents whether we can view the files in the specified directory
w stands for whether we can create, change and delete files in the current directory
In this way, you may think, then we can directly cancel the w permission of the directory,
Has someone been unable to delete the file soon? Yes, but you will not be able to manipulate the file.
So what should we do?
8. The third problem: the sticky bit
In order to solve the previous problems, we can set the sticky bit to the directory.
How does it work?
We add a hidden permission t to other, t is actually a special x permission.
This is called the sticky bit,
Let's see how it works:
xl user created a test file
We found that the test user can no longer delete this file:
This is the sticky bit.
In fact, only the owner of the directory and the owner of the file can delete the file in the directory with the sticky bit set.
In fact, the operating system also provides a shared sticky bit directory under the root directory:
If you are interested, you can also experience it.
Summarize
This article basically introduces all the knowledge points covered by permissions, and I believe your understanding of permissions can be improved to a higher level.
Write at the end:
The above is the content of this article, thank you for reading.
If you feel that you have gained something, you can give the blogger a like .
If there are omissions or mistakes in the content of the article, please private message the blogger or point it out in the comment area~