Linux Knowledge Points – Linux Permissions
Article directory
1. Shell command and operating principle
Strictly speaking, Linux is an operating system, we call it the kernel (kernel), but our general users cannot use the kernel directly, but communicate with the kernel through the shell program of the kernel, that is, the shell; from a technical point of view
, The simplest definition of shell:command line interpreter
(1) Translate the user's command to the kernel for processing;
(2) At the same time, translate the kernel's processing result to the user;
The significance of the shell program:
(1) It is the software layer between the interaction between the user and the operating system;
(2) It can protect the operating system to a certain extent;
Two, Linux permissions
1. Concept
There are two kinds of users under Linux: super user (root), ordinary user;
super user (root): only one, can do anything under the linux system without restriction;
ordinary user: do limited things in linuxia, subject to restrictions Constraints on permissions;
the command prompt for super users is #, and the command prompt for ordinary users is $;
User switching:
Switch to root: su
-Switch back from root to the previous user: CTRL + D
Switch from root to other users: su user name
root to switch to a normal user without a password;
a normal user needs a password to switch to a normal user;
Add user: adduser username
need to switch to root user;
[root@VM-8-2-centos ~]# add user
-bash: add: command not found
[root@VM-8-2-centos ~]# adduser tmp
[root@VM-8-2-centos ~]# passwd tmp
Changing password for user tmp.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
passwd is to change the user password;
Delete user: userdel -r username
2. File Types and Access Rights
file type:
access permission:
r: read;
w: write;
x: execute;
(1) The first character displayed by the ll command indicates the file type of the file;
(2) The visitors of the file are divided into three categories:
owner: who the file belongs to
; group: which group the file belongs to
; other: does not belong to the owner The
ll command information will indicate the owner and group of the file;
(3) The 9 characters after the file type displayed by the ll command respectively indicate the permissions of the three types of visitors to the file
rwx Represents both read, write and execute permissions, rw-represents only read and write, but not executable (-represents that the visitor does not have this permission);
3. Change file permissions
(1) Change owner permissions
chmod u+ added permission file name
u is the file owner, + is to increase permissions;
delete permissions:
(2) Change the permissions of the group to which
g is the group to which it belongs;
(3) Change other permission
o is other;
(4) Change the owner's permission
a to indicate everyone;
(5) Multiple people and multiple permissions
are separated by ' , ' in the middle
(6) Octal scheme to change permissions
A person's permissions can be represented by a 3-digit binary number, for example:
111 corresponds to rwx, 100 corresponds to r - -;
treat this three-digit binary number as an octal number, for example:
111 is 7 , 100 is 4;
then the three types of user permissions can be represented by three octal numbers:
777 means rwxrwxrwx;
4. When there is no authority
If the owner has no read permission, the cat command will be rejected;
Note: The permission will only be authenticated once, and the owner will be authenticated if the user is the owner. Even if the user is also a member of the group, it will not be re-authenticated;
5. Change the owner and group of the file
Change owner: need to elevate privileges, switch to root user;
chown is to change the owner
As can be seen from the above figure, ordinary users cannot change the file owner;
only by switching to the root user can they be changed;
Change the group you belong to: also need to switch to the root user
chgrp is to change the group
If ordinary users want to change the file owner and group, they need to usepunishmentcommand;
the sudo command requires ordinary users to elevate their privileges, and the user needs to be in the trust list to execute sudo. Adding a user to the trust list requires root identity;
6. Add users to the trust list
first step:
vim /etc/sudoers
Open the sudoers file;
second step
Find this part of the text in the file, and then enter the user name that needs to be elevated according to the format;
third step
Force save and exit;
After this operation, ordinary users have sudo authority and can execute sudo commands;
7.umask permission mask
[lmx@VM-8-2-centos lesson07-20]$ umask
0002
All permissions that appear in the umask should not appear in the final permissions;
umask permissions only look at the last three digits;
final_permissions = starting_permissions & (~umask)
set umask
[lmx@VM-8-2-centos lesson07-20]$ umask 0777
[lmx@VM-8-2-centos lesson07-20]$ umask
0777
8. Sticky bit
The deletion of a file is not an attribute of the file itself, but an attribute of the directory where the file is located;
creating a file in a public directory can only prevent others from viewing the file, but cannot prevent others from deleting it, which is determined by the directory write permission;
sticky bit
The sticky bit can only be set for the directory, which user can generally set it, and which user can cancel it;
all users are in a common path, and have read, write and execute permissions for the directory;
(1) When multiple users share a directory , you need to read and write in this directory, create and delete files;
(2) But you can only delete your own, not others;
chmod +t directoryIt is to add sticky bits to the target directory;
in this directory, you can only delete your own files, but cannot delete other people's files;