linux rights management - basic rights

Others 2019-07-02 05:36:37 views: null

table of Contents

Linux privilege management - basic rights

First, the basic outline permission

1. What is authority?

Permissions are for certain files or processes, user restrictions

2. Why have the authority?

Because in the company, the server may be so few units, but may have multiple operation and maintenance, operation and maintenance more we want to log the same server, it can not be just a root user, we need to level operation and maintenance, to assign users authority.

3. The relationship with the user's permission?

Linux users and privileges associated with the file or directory and a large user group, Linux, each file or directory has a set of 9 basic permission bits, each of the three characters are grouped together, they are the owner permissions bit (accounting for three characters), is a group permission bits (accounting for three characters), other users permission bits (accounting for three characters)
such as rwxr-xr-xlinux in exactly the nine permission bits to control the file owner (user), is a group ( Group), others (other) basic rights.

Each identity, and the corresponding three kinds of permissions: r (readable), w (writeable), x (excutable)

目录示例:
drwxr-xr-x. 2 root root    6 Jul  2 00:29 abc

文件类型    文件属主权限位     属组权限位   其他用户权限位    硬链接数    文件的属主(所属用户)
d            rwx            r-x           r-x           2                 root

文件的属组(所属用户组)    文件的大小(文件中的字节数)  文件的修改时间       文件名
    root                        6                  Jul  1 02:00      abc
       
注意:
普通文件:        -
软链接文件:      1
socket,套接字:  s
块设备:         c
目录  :         d

Users of resources, there are three roles:

User(u): 属主用户(文件所有者)
Group(g): 属组用户(包含组成员)
Other(o): 其他用户 
一个用户访问文件流程如下:
判断用户是否为文件的所有者,如果是,按所有者的权限进行访问
判断是否为文件的所有组成员,如果是,就按组的权限去访问
最终用户就是文件的其他的人,按其他人的权限去访问

4. The authority rwx What do you mean?

When we use ls -lthe time to view the detailed properties of a file, you can see each file has a 9-bit basic rights
such as: rwxr-xr-xeach of three characters as a group, represent the sovereignty belongs to the limit, is a group permission bits, other users permission bits.

letter meaning The corresponding authority
r(read) Read Permissions 4
w(write) Write permissions 2
x(execute) Execute permissions 1
-(Permission denied) Permission denied 0

If permission bits unreadable, can not write, can not be executed, the use - to represent.

Example 5. permissions:

[root@centos7 ~]# mkdir aaa        #创建目录
[root@centos7 ~]# touch bbb.txt    #创建文件
[root@centos7 ~]# ll
drwxr-xr-x. 2 root root    6 Jul  2 00:47 aaa       #目录权限
-rw-r--r--. 1 root root    0 Jul  2 00:48 bbb.txt    #文件权限

Second, the permission to modify the command chmod

1. +: Increase permissions

2. -: Delete permissions

3. =: Set permissions

创建文件:
[root@centos7 ~]# touch ccc   
#查看文件,文件权限默认为644
[root@centos7 ~]# ll ccc
-rw-r--r--. 1 root root 0 Jul  2 01:06 ccc

#a=rwx 修改权限
[root@centos7 ~]# chmod a=rwx ccc  

#查看权限,权限为777
[root@centos7 ~]# ll ccc                
-rwxrwxrwx. 1 root root 0 Jul  2 00:54 ccc
#修改权限为000
[root@centos7 ~]# chmod 000 ccc
[root@centos7 ~]# ll ccc
----------. 1 root root 0 Jul  2 00:54 ccc
#增加权限:    
[root@centos7 ~]# chmod a+rwx ccc
[root@centos7 ~]# ll ccc
-rwxrwxrwx. 1 root root 0 Jul  2 00:54 ccc
#减少权限:
[root@centos7 ~]# chmod a-rwx ccc
[root@centos7 ~]# ll ccc
----------. 1 root root 0 Jul  2 00:54 ccc

4.number digitally

mkdir dir       #建立目录
touch dir/file  #建立文件

示例1:
chmod 777 dir/   #修改dir目录权限为777
chmod u+rwx,g+rwx,o+rwx 

示例2:
chmod 666 dir/file     #修改file文件权限为666
chmod u+rw,g+rw,o+rw 

示例3:
-R 把目录连带目录下的目录和文件同时一起修改:
chmod -R 766 dir/  #修改目录及子目录权限

Third, the basis of permissions Case

Competence The impact of the document Impact on the directory
Read permission (r) Has read / read the contents of the file permissions Has browse directories and subdirectories document
Write permissions (w) It has a new, modified contents of the file permissions It has to add and delete files in the directory
Execute permissions (x) Have permission to execute the file Content with access directory (depending on directory file permissions)

1. File Permissions test case:

[root@centos7 ~]# echo "date" >> ddd
[root@centos7 ~]# ll ddd
-rw-r--r--. 1 root root 5 Jul  2 01:17 ddd
[root@centos7 ~]# echo 123 >> /opt/eee
[root@centos7 ~]# su - gjy
Last login: Tue Jul  2 02:26:54 CST 2019 on pts/0
[gjy@centos7 ~]$ cat /opt/eee
123

注意:
1.su - username ,进入到普通用户,只可以对其他目录进行查看,cenos7 普通用户不能查看root目录下的文件内容。centos6里面是可以的。
2.验证执行权限的时候,不要使用. 和sh,直接敲文件名。如果有执行权限,直接敲文件名,就可以执行。

2.rwx impact on the file (only effect on the content of the document)

文件只有r权限: 具有读取\阅读文件内容权限
1.能使用查看类命令cat、head、tail、less、more
2.不能复制、不能移动、不能编辑,不能删除 

写入权限(w)
如果文件只有w权限: 具有新增、修改文件内容的权限
1.使用vim编辑会提示权限拒绝, 但可强制保存,会覆盖文件的所有内容
2.使用echo、cat命令重定向或追加重定向技术可以往文件内写入数据
3.不能复制、不能移动、不能删除,(删除需要看上级目录w的权限) 

执行权限(x)
文件只有x权限,具有执行文件的权限。
//注意: 普通用户需要有r权限,管理员不需要
1.不能执行、查看、编辑、复制、移动、删除

3.rwx impact on directory

 目录只有r权限: 具有浏览目录及子目录权限
不能进入目录
1.能使用ls命令浏览目录及子目录, 同时会提示权限拒绝
2.能使用ls -l命令浏览目录及子目录, 会带问号,同时只能看到文件名
总结: 目录只有r权限,仅仅只能浏览内的文件名,无其他操作权限 
写入权限(w)
单纯的w权限没有任何意义。
如果目录只有w权限: 具有增加、删除或修改目录内文件名权限(需要x配合)
//注意: 如果目录有w权限, 可以在目录内创建文件, 删除文件(跟文件本身权限无关)
不能进入目录、不能复制目录、不能删除目录、不能移动目录
执行权限(x)
目录只有x权限
1.只能进入目录
2.其他什么都做不了

Note: Permissions must be used in combination

4. Permissions Summary:

1.文件rw权限, 可以查看和编辑文件内容
2.文件rx权限, 只能查看和执行文件、不能编辑、复制、移动、删除
3.目录rx权限, 允许浏览目录内文件以及子目录、并允许在目录内新建文件, 不允许创建、删除文件和目录
4.文件, x权限小心给予,建议赋予r或rw即可
5.目录, w权限小心给予,建议无特殊需求赋予rx即可

5. is a group owner permissions

chown:Linux used to change a file in the owner's command, as shown in the comic book, the one "resource" (door) access to give to others. (Sellers)
chmod:Linux in order to change a file access patterns, as shown in the comic book, chmod 777will open the door, anyone can access. (Rental)

experiment

1. Create a andy,tomuser oldboygroup, unified user using passwordthe password
2. Demands that oldboymembers of the group can access the /home/oldboydirectory, and can be created in the directory, delete files in the directory andyfile created you can make tomchanges.

Fourth, it is a group owner to modify the command chown

chown   //更改属主以及属组 -R:递归修改


mkdir dir               //创建目录
touch dir/file_test     //创建文件
mkdir dir/dir_test      //创建目录

示例1:
chown bin dir/  //修改所属主为bin
ll -d dir/      //检查属主
drwxr-xr-x 2 bin root 4096 7月  22 00:50 dir/


示例2:
chown .adm dir/     //修改所属组为adm
ll -d dir/          //检查属组
drwxr-xr-x 2 bin adm 4096 7月  22 00:50 dir/


示例3:
chown -R root.root dir/ //递归修改目录及目录下的所有文件属主和属组

Guess you like

Origin www.cnblogs.com/gongjingyun123--/p/11116638.html
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com