Operating principles and permissions of Linux commands
1. Naming the line interpreter
Then the significance of the existence of the command line interpreter: 1. Interpret the command. 2. Protect the os, and directly intercept illegal requests.
2. Authority
1. User classification (su and exit)
1. Modify user
Enter root authority
Return to normal user
Become another user. If it is the root account, you do not need to enter a password. If you are an account of the same level, you need to enter a password.
Briefly elevate user privileges
After this command, enter your own password, so that you can temporarily enter the root authority. But in fact not all users can enter the root authority, your user must be in the trust white list.
2. Add white list
The following will use a little vim knowledge, you can check this blog portal
We need to use the root account to enter the sudoers file and add users to it.
After entering the small prompt, enter the following code to automatically standardize the line number
Pay attention to mandatory save
That's it
2. What is permission
1. Whether you are allowed to do a thing (related to the visitor)
2. File type and access permission (related to the attribute of the thing)
people
The people here refer to specific roles and authority identities. It is a mutual support relationship with our specific users, and different users can play different roles. Just like a person can be both a doctor and a father.
Attributes
3. Add and delete permissions (chmod)
Note that only the owner and root can use the addition and deletion permissions.
Add and delete permissions to the owner
Add and delete permissions to the group and others
Add and delete permissions for everyone
Because there are only two options of permission and no permission, if we regard permission as 1 and no permission as 0, then rwx can be written as 111, and converted to octal is 7, if we add rwx permission to everyone , then it is 777.
4. Change the owner of the permission (chown)
But when we operate directly, the operation is not allowed. This is because this kind of operation requires the consent of others, which is obviously difficult to operate here. So we can also force grant (requires privilege escalation to root).
You can also change the owner and group at once
Summarize
If I am both the file owner and the group I belong to, but as the file owner I only have read permission, and as the owner group I have both read and write permissions, can I write the file?
The answer is no. This is because only one authority can be selected for authentication, that is to say, because the owner authority has been authenticated first, then the authority of the group to which it belongs cannot be authenticated.
5. Three concepts
1. Permission mask (umask)
Why is the default permission for normal files rw-rw-r–(664)?
Why is the default permission of the created directory rwxrwxr-x (775)?
There is actually a permission mask umask here, which is actually octal, and the first 0 represents octal. Its function is that all permissions that appear in the umask will not appear in the final file permissions.
This looks a lot like subtraction, but in fact it cannot be viewed as subtraction. We can modify the permission mask here.
According to the deduction of subtraction, the permission of test3 here should be changed to 665, but in fact its permission is 666.
According to the definition of umask, in fact, the last digit of umaks here is 1, which means that the last digit of test3 is 0, but in fact the last digit of test3 is originally 0, so actually umaks does not work.
2. Directory permissions
The reading and writing of a document is easy to understand, so what does the reading and writing of a directory mean? First of all, step by step, why can we enter the directory?
Is it because we have read permissions, then remove this permission and see what happens.
We can find that we can still enter, but cannot view. This shows that the read permission is an operation that affects the view list. What about writing?
It is impossible to create files in the directory.
Summarize
3. Sticky bit
Then at this time, we can directly create a shared file in the root directory, and anyone can read and write in this file. But the problem is that anyone can write, which means that everyone can delete files arbitrarily, which is obviously unreasonable. So how do we avoid this problem? Can you remove the permission to write? The answer is no, if it is removed, then this shared file is meaningless, so we have to have a new concept to solve this problem. It's the sticky bit.
We can see that x here has changed to t, and t is actually an executable permission, but this permission is a bit special. This means you can create new files, but only delete or modify files you created yourself.