Linux, as an operating system, is called "kernel". General users cannot use the kernel directly, but communicate with the kernel through the shell program "Shell" of the "kernel".

Therefore, in a broad sense, Linux distribution = Linux kernel + shell, and in a narrow sense, Linux distribution = Linux kernel.

Shell, as a shell program, is wrapped in the outer layer of the Linux kernel. It is an application program that issues relevant treatments to the operating system through a series of Linux commands to provide a human interface. It connects users and the Linux kernel, allowing users to use the Linux kernel more efficiently, safely, and at low cost. This is the essence of Shell. bash is a type of Shell.

Shell command execution process:

Shell has two functions:

(1) Pass the request command and let the operating system execute the command

(2) Protect the kernel

2. Why does Linux not allow users to use the kernel directly?

Compared with the Windows GUI, users do not directly operate the Windows kernel when operating Windows, but click through the graphical interface to complete user operations (for example, to enter the D drive, the user usually enters the D drive by double-clicking the D drive letter).

The shell has the same function for Linux, mainly parsing user instructions and parsing the instructions to the Linux kernel. The feedback results are run through the kernel and parsed to the user through the shell.

2. Linux permission concept

Permissions specify whether something is allowed to be done by a specific person. Linux permissions can specify who can perform what operations on a file or directory. There are two types of users under Linux, namely super users and ordinary users. The command prompt of the super user is "#", and the command prompt of the ordinary user is "$".

Super user : can do anything under the Linux system without restrictions. The superuser command prompt is "#"

Ordinary users : Do limited things under Linux. The command prompt for ordinary users is "$"

The two types of users can switch between each other:

You can also use ctrl + d to switch to the root user under an ordinary user. After switching to root, the user identity can be upgraded and the corresponding commands can be executed.

3. Linux permission management

1. User classification of file access

Users are divided into 3 categories:

(1) File owner User---u

(2) Group---g to which the file belongs

(3) Others---o

2. File Types and Access Permissions

(1) File type

In Linux, the file suffix is not used as a way to distinguish file types, but the first one in the detailed list of files is used to identify the distinction:

As shown above, the file types include - and d. The file types in Linux are divided into the following categories:

d：文件夹
-：普通文件(包括文本、各种静态库、可执行程序、源程序)
l：软链接（类似Windows的快捷方式）
b：块设备文件（例如硬盘、光驱等）
p：管道文件
c：字符设备文件（例如屏幕等串口设备）
s：套接口文件

(2)Access rights

Linux has three types of access rights to files:

r: read, for files, it has the permission to read the file content; for directories, it has the permission to browse the directory information.

w: write, for files, it has the permission to modify the file content; for directories, it has the permission to delete files in the mobile directory.

x: execute, for files, it has the permission to execute the file; for directories, it has the permission to enter the directory

3. How to express permissions

Permissions can be expressed in characters or octal

(1) Character representation

linux means	illustrate
r--	read only
-w-	Writable only
--x	Executable only
rw-	Readable and writable
-wx	writable and executable
r-x	Readable and executable
rwx	Readable, writable and executable
---	No permission

For each file, there are three types of users, and each user has three permissions:

(2) Octal notation

Permission symbols (read-write-execute)	Octal	binary
r--	4	100
-w-	2	010
--x	1	001
rw-	6	110
-wx	5	101
r-x	3	011
rwx	7	111
---	0	000

4. Permission settings

Root is not subject to any permission restrictions, and permissions are only limited to ordinary users.

(1) chmod changes file access permissions

Only the file owner and root can set file access permissions:

chmod 【参数】 权限 文件名

Options:

R -> 递归修改目录文件的权限

①User symbol +/-/=authority character

+:向权限范围增加权限代号所表示的权限
-:向权限范围取消权限代号所表示的权限
=:向权限范围赋予权限代号所表示的权限
用户符号：
u：拥有者
g：拥有者同组用
o：其它用户
a：所有用户

For example, modify the access permissions of IP.log and add executable permissions to user:

②Three octal digits

For example, change the permissions of IP.log to the owner's non-readable, non-writable and executable (1), the array cannot be read, non-writable and executable (1), and others can't read, non-write and executable (0):

Although the delia user cannot read IP.log, root can read IP.log. This is because root is not subject to any permission restrictions:

If you need to cd into a directory, you need to have x permissions. If you don't have x permissions, you can check the file name with ls, but you can't cd into it.

(2) chown changes the file owner

Change file owner:

chown 【参数】 用户名 文件名

Options:

-R 递归修改目录的拥有者

For example, to change the owner of the IP2.log file to user Gino, it must be modified with root permissions. You can switch to root:

Then modify the file owner:

(3) chgrp modifies the group to which a file or directory belongs

Modify the group to which a file or directory belongs:

chgrp 【参数】 用户组名 文件名

Options:

-R  递归修改文件或目录的所属组

You also need root permissions to modify it. For example, change the group of the IP2.log file to Gino:

If you want to modify the owner and group at the same time, you still need to have root permissions:

chown 拥有者:所属组 文件名

For example, if you want to change the owner and group of IP2.log to root, you can change it like this:

(4) umask to view or modify the file mask

When you create a new file, the access permissions should be 777, but you find that the permissions of the newly created directory are 755:

This is because when creating a file or directory, it is also affected by umask. Assuming that the default permission is mask, the permissions of the actually created file are mask & ~umask.

View file mask:

umask

It is found that the umask of the system is 0022:

You only need to care about the last three digits. The permissions of the actually created file are mask & ~umask. Any bit that is 1 in umask must be removed from the starting permission:

Modify file mask:

umask 八进制

Change the file mask from 022 to 333, and find that the permissions of the new directory created also correspond to 333:

But if you log out, log in again, and create a new directory, you will find that the modified mask is invalid and becomes 022 again.

This is because the mask setting is only effective during this login and will become invalid when you log out.

(5) Directory permissions

① Readable permissions: If the directory does not have readable permissions, you cannot use commands such as ls to view the contents of the files in the directory.
②Writable permissions: If the directory does not have writable permissions, files cannot be created in the directory, and files cannot be deleted in the directory.
③Executable permissions: If the directory does not have executable permissions, you cannot cd into the directory.
Then there is a problem. As long as the user has write permissions for the directory , the user can delete files in the directory , regardless of whether the user has write permissions for the file. Isn't this a contradiction?

(6) Sticky bit

In the root directory of root, there is a tmp folder. Temporary files are stored in this folder. Before the user saves the file, the files are stored in the tmp folder. This folder stores the user's temporary files. You can see There is a t to its permissions:

The permissions of this folder are rwx for the owner and the group it belongs to, and the permissions for other are rwt. What is the attribute of this t? What is the difference between r, w and x?

Let’s look at the following example first. The root user created a folder test in the root directory, and created 2 files test1 and test2 in this folder. Then the root user switched to the delia user. At this time, it was found that delia could actually Delete files in test:

How can this be tolerated? How can the files I created be deleted casually by others? The test directory has w and x permissions on other. Once it has w permissions, other can create files and delete files on it. But what should I do if I don’t want files created by one user to be deleted by other users?

In this scenario, the sticky bit is needed. When the sticky bit is set on a directory, even if the user has write permissions to the directory, other users' files in the directory cannot be deleted. Only the owner of the file and the root user can delete the files. can be deleted. This achieves the purpose that each user can read, write, modify, and delete files in the directory, but cannot delete other users' files at will.

Set the sticky bit:

It was found that after the sticky bit is set, other users cannot delete files created by this user.

Therefore, when a directory is set to the "sticky bit" (chmod +t), the files in the directory can only be
deleted by (1) the super administrator
(2) the owner of the directory
(3) the file's owner owner delete

[Linux]--Detailed explanation of the operating principle and permissions of Shell commands

1. Shell command operation principle

1.Shell

2. Why does Linux not allow users to use the kernel directly?

2. Linux permission concept

3. Linux permission management

1. User classification of file access

2. File Types and Access Permissions

(1) File type

(2)Access rights

3. How to express permissions

(1) Character representation

(2) Octal notation

4. Permission settings

(1) chmod changes file access permissions

(2) chown changes the file owner

(3) chgrp modifies the group to which a file or directory belongs

(4) umask to view or modify the file mask

(5) Directory permissions

(6) Sticky bit

Guess you like