Linux / Centos7 account and rights management
- Manage user accounts, group accounts
- Query account information
- Setting permissions for files and directories
- Set ownership of files and directories
I. Introduction Overview
As a multi-user, multi-tasking (Multi-Users, Multi-tasks) server operating system, Linux provides strict access management system, mainly from the user, the file permissions on two aspects of resource constraints. Linux to control access to resources based on user identity.
- User Account Type:
- Superuser --root, the highest authority
- Ordinary - A custom user anonymous user (nobody) similar to Windows in the Guest
- User program - control programs and services, not land
- Group accounts - a collection of users (in fact, can be considered a set of user rights)
- The basic group (private groups) - along with user-created and user-created with the same name (you can also set up their own) but to create a user group must have its time
- Additional groups (public group) - directly create empty groups, can be added to an existing user, set permissions to the group, the group that all users have this permission
- UID and GID
- UID (User IDentity) - the user identification number (default 0 represents the root 1 ~ 999 represents (System) program 1000 to 60000 user (login) normal user)
- GID (Group IDentity) - group ID
Second, the user account file
/ Etc / passwd-- save the user name, host directory, login shell and other basic information
[root@lokott ~]# head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologinroot: x: 0: 0: root: / root: / bin / bash-- separated by colons explained one by one below
- root-- user account name
- x-- using an encryption algorithm to encrypt passwords is not shown here
- 0-- user UID number
- 0-- basic set of accounts owned UID
- root-- user's full name, the user can fill in the details
- / Root-- home directory
- / Bin / bash-- specified user's login Shell
/ Etc / shadow-- stores users' passwords, account information and other effective
[root@lokott ~]# head -2 /etc/shadow //查看头两行信息
root:$6$P0mVYDgJo8HZnZWl$oYlITJyv.hP.6wS/OCuAdc61QoWTkYJMcONdy9aAjRW4Cpmc5Mor40xn/RiZ9Hi1PzhVoX5Chur4VfFB8JmKO1::0:99999:7:::
bin:*:17110:0:99999:7:::
[root@lokott ~]# the root: $ $ oYlITJyv.hP.6wS P0mVYDgJo8HZnZWl. 6 $ / OCuAdc61QoWTkYJMcONdy9aAjRW4Cpmc5Mor40xn / RiZ9Hi1PzhVoX5Chur4VfFB8JmKO1 :: 0: 99999: :::. 7 - separated by a colon, explained one by one below
-
root-- user account name
-
Bold - indicates the encryption algorithm to encrypt the password, enter the login password is invalid
-
:: - content is between Last Modified
-
Number of days 0-- password minimum (0 means can be changed at any time)
-
The maximum number of days a password 99999--
-
7--7 days in advance to alert the user password expires
::: - represents the operating handle (can be ignored) after the password and account expiration
Second, manage user accounts
1. Add user accounts --useradd command
Options
- -u - Specifies the number of user's UID, and the UID number is not used by other users
- -d - Specifies the position of the user's home directory (not active when used with -M!)
- -e-- account expiration time (expiration date)
- -g-- basic group
- -G-- additional groups
- -M-- not create home directory
- -s - Specifies the user's login shell
实例:useradd -d /opt/mike (-g mike) -G caiwu -s /sbin/nologin mike
[root@lokott ~]# useradd -d /opt/mike -G caiwu -s /sbin/nolgin mike //注意需要先有caiwu组——groupadd caiwu
[root@lokott ~]# tail -2 /etc/passwd //查看passwd文件最后两行信息
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
mike:x:1001:1001::/opt/mike:/sbin/nolgin
[root@lokott ~]# tail -2 /etc/group
caiwu:x:1002:mike
mike:x:1001:
[root@lokott ~]# tail -2 /etc/shadow
lokott:$6$aq3AU9oDZf/ERE2D$Ol.zBTLNqbsPDdsJYE0yU3Wa7EUU1SonR3rUQ616PsgA2u.DtQ99ecTUbdw2y2RhmlaL75WlcqMsfEUNretgb0:18192:0:99999:7:::
mike:!!:18200:0:99999:7:::
[root@lokott ~]# id mike //查看mike的id信息
uid=1001(mike) gid=1001(mike) 组=1001(mike),1002(caiwu)
[root@lokott ~]# ls /home/ //因为-d 指定了用户的宿主目录,所以家目录创建在了指定的/opt/mike目录中
demo lokott
[root@lokott ~]# ls /opt/
demo01.txt mike rh test
[root@lokott ~]#2. Set / change the user password (password) passwd
passwd username option ....
- -d Clear Passwords
- -l Lock
- -S see if the lock is unlocked (uppercase !!!)
- -u Unlock
[root@lokott ~]# useradd -d /opt/lisi -s /sbin/nologin lisi
[root@lokott ~]# tail -2 /etc/passwd
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
lisi:x:1001:1001::/opt/lisi:/sbin/nologin //这里/sbin/nologin是表示用户无法登录
[root@lokott ~]# passwd lisi
更改用户 lisi 的密码 。
新的 密码: //需要你输入密码
无效的密码: 密码少于 8 个字符 //因为输入了简单密码,可以继续输入一次也行,当然复杂密码就没问题
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@lokott ~]# su - lisi
最后一次失败的登录:四 10月 31 18:49:45 CST 2019从 :1:1 上
最有一次成功登录后有 1 次失败的登录尝试。
This account is currently not available. // 无法登录,因为登录的shell是/sbin/nologin
[root@lokott ~]# pwd
/root
[root@lokott ~]# vim /etc/passwd //进入passwd文件中将该用户的/sbin/nologin改为/bin/bash
[root@lokott ~]# su - lisi //root切换用户时不需要输入密码
上一次登录:四 10月 31 18:52:42 CST 2019pts/2 上
[lisi@lokott ~]$ pwd //登录lisi用户
/opt/lisi
[lisi@lokott ~]$ su //相当于su - root 下面的结果表明普通用户切换root时需要密码,输入的密码不会显示
密码:
[root@lokott lisi]# pwd
/opt/lisi
[root@lokott lisi]# cd
[root@lokott ~]# pwd //表明切换到root用户
/root
[root@lokott ~]#passwd -l lisi //锁定lisi的密码
锁定用户 lisi 的密码 。
passwd: 操作成功
[root@lokott ~]# passwd -S lisi //查看lisi用户的密码状态
lisi LK 2019-10-31 0 99999 7 -1 (密码已被锁定。)
[root@lokott ~]# su - lisi
上一次登录:四 10月 31 19:01:10 CST 2019pts/2 上
[lisi@lokott ~]$ pwd //可以看出虽然被锁定了但是root可以切换登录且无需密码
/opt/lisi
[lisi@lokott ~]$
[root@lokott ~]# passwd -u lisi
解锁用户 lisi 的密码。
passwd: 操作成功
[root@lokott ~]# passwd -S lisi
lisi PS 2019-10-31 0 99999 7 -1 (密码已设置,使用 SHA512 算法。)This example can be summarized as the following:
- Where the / sbin / nologin Users can not log on and switched Login
- After performing passwd -l lisi user is locked in a graphical user interface it is unable to log in, but you can switch from the root user login (and do not require a password when root switch)
3. Modify the properties of the user account usermod
- -u modify the user's UID number
- -d modify the position of the user's home directory
- -e modify user account expiration time
- -s Specifies the user's login shell
- -l Change the user login account name
- -L lock ----- equivalent passwd -l
- -U Unlock ----- equivalent passwd -u
And wherein 1-4 useradd Similarly, demonstrates the following operation -l
[root@lokott ~]# usermod -l zhangsan lisi
usermod: user lisi is currently used by process 71736
[root@lokott ~]# ps -ef | grep lisi
root 71735 71117 0 19:01 pts/2 00:00:00 su - lisi
lisi 71736 71735 0 19:01 pts/2 00:00:00 -bash
root 72433 71829 0 19:11 pts/2 00:00:00 su - lisi
lisi 72435 72433 0 19:11 pts/2 00:00:00 -bash
root 73325 72935 0 19:24 pts/2 00:00:00 grep --color=auto lisi
[root@lokott ~]# kill 71735 //也可以重启,自动就会结束进程
[root@lokott ~]#
Session terminated, killing shell... ...已杀死。
[root@lokott ~]# exit
[root@lokott ~]# usermod -l zhangsan lisi
[root@lokott ~]# tail -2 /etc/passwd
mike:x:1001:1001::/opt/mike:/sbin/nolgin
zhangsan:x:1002:1003::/opt/lisi:/bin/bash //只是把lisi用户名字改了但是家目录的名字还是lisi
[root@lokott ~]#ls /opt
demo01.txt lisi mike rh test
[root@lokott ~]# 4. Delete the user account userdel
Deleted together -r home directory, then the following operation of the above presentation
[root@lokott ~]# tail -2 /etc/passwd //显示两个用户
mike:x:1001:1001::/opt/mike:/sbin/nolgin
zhangsan:x:1002:1003::/opt/lisi:/bin/bash
[root@lokott ~]# userdel -r mike //删除mike用户并且“抄家”
[root@lokott ~]# tail -3 /etc/passwd
tcpdump:x:72:72::/:/sbin/nologin
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
zhangsan:x:1002:1003::/opt/lisi:/bin/bash
[root@lokott ~]# ls -l /opt/mike //表明-r的作用将指定的家目录删除
ls: 无法访问/opt/mike: 没有那个文件或目录
[root@lokott ~]# ls /opt //当前在/opt下有lisi家目录(名字在上面改成了zhangsan)
demo01.txt lisi rh test
[root@lokott ~]# userdel -r zhangsan //删除zhangsan用户,同时也会将lisi目录删除
[root@lokott ~]# tail -3 /etc/passwd
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
[root@lokott ~]# ls -l /opt //因删除了zhangsan用户且-r删除家目录,不加-r则不会删除
总用量 0
-rw-r--r--. 1 root root 0 10月 31 16:19 demo01.txt
drwxr-xr-x. 2 root root 6 3月 26 2015 rh
drwx-wx-wx. 2 root root 32 10月 31 18:33 test
[root@lokott ~]# useradd wang //创建一个新的用户
[root@lokott ~]# usermod -l sung wang //改用户名
[root@lokott ~]# tail -2 /etc/passwd //查看passwd信息
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
sung:x:1001:1003::/home/wang:/bin/bash
[root@lokott ~]# userdel sung //删除sung用户但是不会删除wang
[root@lokott ~]# ls /home/
demo lokott wangThe initial user account profile
File Source - New user account is copied from / etc / skel directory over (cd home directory using ls -a)
- ~ / .Bash_profile expressed after loading into the bash
- It is loaded when ~ / .bashrc user login
- ~ / .Bash_logout logout time execution
Third, the management group accounts
Group account files - similar to the user account file
- / Etc / group: save the group account basic information
- / Etc / shadow: save the group account password information (generally not set)
1. Add group accounts groupadd command
groupadd option group name
-g - specifies the GID
[root@lokott ~]# groupadd lisi //添加lisi组
[root@lokott ~]# tail /etc/group //查看group信息
postdrop:x:90:
postfix:x:89:
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
tcpdump:x:72:
lokott:x:1000:
printadmin:x:985:
caiwu:x:1002:
lisi:x:1003:
[root@lokott ~]# groupadd -g 1005 wangwu //添加wangwu组且给其配置GID为1005
[root@lokott ~]# tail -2 /etc/group
lisi:x:1003:
wangwu:x:1005:
[root@lokott ~]# 2. Add and remove group members group members
Add --gpasswd
- -a added to a user in a group does not overwrite
- -d delete a user from a group
- -M comma-separated list of members of the group setting, group members will cover the original to kick
[root@lokott ~]# tail -2 /etc/group //查看组信息
lisi:x:1003:
wangwu:x:1005:
[root@lokott ~]# tail -2 /etc/passwd //查看用户信息
tcpdump:x:72:72::/:/sbin/nologin
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
[root@lokott ~]# useradd lisi //添加lisi用户会失败,因为上面显示lisi组已经存在
useradd:lisi 组已经存在 - 如果您想将此用户加入到该组,请使用 -g 参数。
[root@lokott ~]# useradd -g lisi lisi //将lisi用户添加到lisi组中
[root@lokott ~]# useradd zhangsan //再添加一个zhangsan用户
[root@lokott ~]# tail -2 /etc/passwd //查看用户信息
lisi:x:1001:1003::/home/lisi:/bin/bash
zhangsan:x:1002:1006::/home/zhangsan:/bin/bash
[root@lokott ~]# gpasswd -a lisi wangwu //添加lisi到wangwu组中(先得有wangwu组)
正在将用户“lisi”加入到“wangwu”组中
[root@lokott ~]# id lisi //查看lisi的UID
uid=1001(lisi) gid=1003(lisi) 组=1003(lisi),1005(wangwu)
[root@lokott ~]# gpasswd -d lisi wangwu //从wangwu组中删除lisi
正在将用户“lisi”从“wangwu”组中删除
[root@lokott ~]# id lisi //查看lisi的UID,已经不属于wnagwu组了
uid=1001(lisi) gid=1003(lisi) 组=1003(lisi)
[root@lokott ~]# tail -5 /etc/passwd //显示用户信息
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
lisi:x:1001:1003::/home/lisi:/bin/bash
zhangsan:x:1002:1006::/home/zhangsan:/bin/bash
[root@lokott ~]# tail -5 /etc/group //显示组信息
printadmin:x:985:
caiwu:x:1002:
lisi:x:1003:
wangwu:x:1005:
zhangsan:x:1006:
[root@lokott ~]# gpasswd -M lisi,zhangsan wangwu //将两个用户批量添加到wangwu组中
[root@lokott ~]# tail -5 /etc/group
printadmin:x:985:
caiwu:x:1002:
lisi:x:1003:
wangwu:x:1005:lisi,zhangsan //查看到信息
zhangsan:x:1006:
[root@lokott ~]# useradd hh //添加两个新的用户,为了验证-M的覆盖功能
[root@lokott ~]# useradd ww
[root@lokott ~]# gpasswd -M hh,ww wangwu
[root@lokott ~]# tail -5 /etc/group
lisi:x:1003:
wangwu:x:1005:hh,ww //原本的lisi和zhangsan都被踢出去了
zhangsan:x:1006:
hh:x:1007:
ww:x:1004:Delete --groupdel group accounts
note! ! ! Groupdel command can not be used arbitrarily delete groups. This command applies only to delete those "not initial any user group (main group)," the group, in other words, if there is an initial group or a user group (main group), you can not use groupdel command successfully deleted. E.g:
[root@lokott ~]# tail -10 /etc/group
stapdev:x:158:
tcpdump:x:72:
lokott:x:1000:
printadmin:x:985:
caiwu:x:1002:
lisi:x:1003:
wangwu:x:1005:hh,ww
zhangsan:x:1006:
hh:x:1007:
ww:x:1004:
[root@lokott ~]# groupdel caiwu
[root@lokott ~]# groupdel lisi
groupdel:不能移除用户“lisi”的主组
[root@lokott ~]# groupdel wangwu
[root@lokott ~]# groupdel zhangsan
groupdel:不能移除用户“zhangsan”的主组
[root@lokott ~]# groupdel hh
groupdel:不能移除用户“hh”的主组
[root@lokott ~]# groupdel ww
groupdel:不能移除用户“ww”的主组
[root@lokott ~]# If you really want to delete, you can create the initial members of the group and then delete delete
[root@lokott note]# tail -1 /etc/passwd
ww:x:10000:10000::/home/ww:/bin/bash
[root@lokott note]# groupdel ww
groupdel:不能移除用户“ww”的主组
[root@lokott note]# userdel ww
[root@lokott note]# tail -1 /etc/group
zhangsan:x:1006:
[root@lokott note]# Lastb command is used to view information about the last login
[root@lokott ~]# lastb
lisi :1 :1 Thu Oct 31 18:49 - 18:49 (00:00)
root pts/1 Thu Oct 31 17:07 - 17:07 (00:00)
root :0 :0 Thu Oct 24 14:43 - 14:43 (00:00)
root :0 :0 Thu Oct 24 14:43 - 14:43 (00:00)
root :0 :0 Thu Oct 24 14:43 - 14:43 (00:00)
btmp begins Thu Oct 24 14:43:01 2019
[root@lokott ~]# Fourth, the permissions and ownership of the file / directory
1. Access
Read r: allows you to view the contents of a file, directory listing
Write w: allows you to modify the contents of the file, allowing the new directory, move, delete files or subdirectories
Executable x: allowed to run the program, change directory
2. ownership (ownership)
Owner: a user account for the file or directory
Is a group: group account for the file or directory
3. Introduction with examples authority
[root@lokott ~]# ls -l
总用量 8
-rw-------. 1 root root 1785 10月 23 12:21 anaconda-ks.cfg
-rw-r--r--. 1 root root 1833 10月 23 12:24 initial-setup-ks.cfg
drwxr-xr-x. 4 root root 73 10月 30 22:03 note //以此为例介绍Hereinafter drwxr-xr-x. 4 root root 73 dated 30 22:03 note 10 will be explained
- D - File Type (d represent directories, l represents a link file, c denotes a character device (input and output) file, b block device (memory) File - File Normal)
- rwx, rx, rx is representing owner permissions (read-write executables represented here), is a set of permissions (read executable represented here), OTHER authority (here represented readable executable)
- The number of subdirectories 4 -
- The first owner root--
5. The second root - is a group - 73-- size
- At 22:03 on October 30 - Created
- note - directory name (file)
4. setting file and directory permissions chmod command (-R recursively)
- chmod 【ugoa】【+-=】【rwx】
- chmod nnn file or directory (preference)
//下面是对文件的权限操作
[root@lokott note]# touch 2.sh
[root@lokott note]# ls -l 2.sh //2.sh权限是644
-rw-r--r--. 1 root root 0 10月 31 21:41 2.sh
[root@lokott note]# chmod u+x 2.sh
[root@lokott note]# ls -l 2.sh
-rwxr--r--. 1 root root 0 10月 31 21:41 2.sh
[root@lokott note]# chmod ugo+w 2.sh
[root@lokott note]# ls -l 2.sh
-rwxrw-rw-. 1 root root 0 10月 31 21:41 2.sh
[root@lokott note]# chmod 655 2.sh
[root@lokott note]# ls -l 2.sh
-rw-r-xr-x. 1 root root 0 10月 31 21:41 2.sh
//下面是对目录的权限操作
[root@lokott note]# ll //ll是ls -l --color 的别名
总用量 8
-rwxrwxrwx. 1 root root 0 10月 31 21:40 1.txt
-rw-r-xr-x. 1 root root 0 10月 31 21:41 2.sh
-rwxrwxrwx. 1 root root 286 10月 30 22:03 ifcfg-ens33
drwxrwxrwx. 2 root root 26 10月 23 13:20 linux-cmd
-rwxr-xr-x. 1 root root 30 10月 30 22:02 readme.txt
drwxrwxrwx. 2 root root 173 10月 30 21:56 shell
drwxr-xr-x. 2 root root 6 10月 31 21:38 test
[root@lokott note]# which ll
alias ll='ls -l --color=auto'
/usr/bin/ls
[root@lokott note]# chmod 777 test/ 更改权限为777
[root@lokott note]# ll
总用量 8
-rwxrwxrwx. 1 root root 0 10月 31 21:40 1.txt
-rw-r-xr-x. 1 root root 0 10月 31 21:41 2.sh
-rwxrwxrwx. 1 root root 286 10月 30 22:03 ifcfg-ens33
drwxrwxrwx. 2 root root 26 10月 23 13:20 linux-cmd
-rwxr-xr-x. 1 root root 30 10月 30 22:02 readme.txt
drwxrwxrwx. 2 root root 173 10月 30 21:56 shell
drwxrwxrwx. 2 root root 6 10月 31 21:38 test
[root@lokott note]# touch test/1.sh
[root@lokott note]# ls -l test/1.sh
-rw-r--r--. 1 root root 0 10月 31 21:50 test/1.sh //目录的权限与其子目录与文件权限无关除非递归—R
[root@lokott note]# chmod 777 -R test/ //递归更改权限 即test和其子目录的所有文件权限都是777
[root@lokott note]# ls -l test/1.sh
-rwxrwxrwx. 1 root root 0 10月 31 21:50 test/1.shIf you belong to the group and give other users only write permission (622), it can be forced to write, but will cover the original content!
[root@lokott test]# pwd //当前所在目录的绝对路径
/opt/test
[root@lokott test]# ll //显示详细信息
总用量 8
-rw-r--r--. 1 root root 13 10月 31 16:33 1.txt //除了root的其余用户权限为只读
-rw--w--w-. 1 root root 18 10月 31 18:33 2.txt //除了root的其余用户权限为只写
[root@lokott test]# cat 1.txt
tehsda
hello
[root@lokott test]# cat 2.txt //这边原本的2.txt的内容如下
231354
2222244878
[root@lokott lisi]# su - lisi //切换到lisi用户
上一次登录:四 10月 31 22:36:45 CST 2019pts/1 上
[lisi@lokott ~]$ cd /opt/test/
[lisi@lokott test]$ ll //没有ls的权限
ls: 无法打开目录.: 权限不够
[lisi@lokott test]$ cat 1.txt //表示可以查看1.txt内容
tehsda
hello
[lisi@lokott test]$ vim 1.txt //尝试写入数据
[lisi@lokott test]$ cat 1.txt //可以wq!强制保存退出,结果是可以写入数据的
tehsda
hello
dada
asdaadas
[lisi@lokott test]$ cat 2.txt
cat: 2.txt: 权限不够
[lisi@lokott test]$ vim 2.txt
[lisi@lokott test]$ cat 2.txt //似乎强制写入数据之后就可以查看,因为属主是lisi,但如果 //属主是root用户在lisi用户登录时就无法查看
ssdad
dsawdad
[lisi@lokott test]$ ls -l 2.txt
-rw--w--w-. 1 lisi lisi 14 10月 31 22:45 2.txt
//使用echo命令重定向和追加形式写入数据到文本中
[lisi@lokott test]$ echo "123123" > 2.txt
[lisi@lokott test]$ cat 2.txt
123123
[lisi@lokott test]$ echo "123456" >> 2.txt
[lisi@lokott test]$ cat 2.txt
123123
123456
[lisi@lokott test]$ su
密码:
[root@lokott test]# ls -l
总用量 8
-rw-r--r--. 1 lisi lisi 27 10月 31 22:43 1.txt
-rw--w--w-. 1 lisi lisi 14 10月 31 22:47 2.txt
[root@lokott test]# cat 2.txt
123123
123456
[root@lokott test]# Chown 5. attribution settings files and directories
- chown owner
- chown: is a group
- chown owner: is a group
[root@lokott opt]# ls -l
总用量 0
-rw-r--r--. 1 root root 0 10月 31 16:19 demo01.txt
drwxr-xr-x. 2 root root 6 3月 26 2015 rh
drwx-wx-wx. 2 root root 32 10月 31 22:45 test
[root@lokott opt]# chown lisi test
[root@lokott opt]# ls -l
总用量 0
-rw-r--r--. 1 root root 0 10月 31 16:19 demo01.txt
drwxr-xr-x. 2 root root 6 3月 26 2015 rh
drwx-wx-wx. 2 lisi root 32 10月 31 22:45 test //test目录自身属主变成lisi而属组未发生改变
[root@lokott opt]# chown root:lisi test
[root@lokott opt]# ls -l
总用量 0
-rw-r--r--. 1 root root 0 10月 31 16:19 demo01.txt
drwxr-xr-x. 2 root root 6 3月 26 2015 rh
drwx-wx-wx. 2 root lisi 32 10月 31 22:45 test //test目录自身属主变成root而属组变为lisi
[root@lokott opt]# chown :root test
[root@lokott opt]# ls -l
总用量 0
-rw-r--r--. 1 root root 0 10月 31 16:19 demo01.txt
drwxr-xr-x. 2 root root 6 3月 26 2015 rh
drwx-wx-wx. 2 root root 32 10月 31 22:45 test //test目录自身属组变为root6. permission mask umask
Role: control of the newly created file or directory permissions - note only valid for new
Permission to remove the default permissions for the umask
[root@lokott opt]# mkdir umasktest
[root@lokott opt]# umask 000 umasktest/
[root@lokott opt]# ll
总用量 0
-rw-r--r--. 1 root root 0 10月 31 16:19 demo01.txt
drwxr-xr-x. 2 root root 6 3月 26 2015 rh
drwx-wx-wx. 2 root lisi 32 10月 31 22:45 test
drwxrwxrwx. 2 root root 6 10月 31 23:26 umasktest
[root@lokott opt]# cd umasktest/
[root@lokott umasktest]# mkdir 2019
[root@lokott umasktest]# touch 1.txt
[root@lokott umasktest]# ll
总用量 0
-rw-rw-rw-. 1 root root 0 10月 31 23:26 1.txt //文件权限为666
drwxrwxrwx. 2 root root 6 10月 31 23:26 2019 //目录权限为777
[root@lokott umasktest]# cd ..
[root@lokott opt]# umask 111 umasktest/ //原本的1.txt和2019权限没有发生变化!
[root@lokott opt]# cd umasktest/
[root@lokott umasktest]# mkdir 2018
[root@lokott umasktest]# touch 2.txt
[root@lokott umasktest]# ll
总用量 0
-rw-rw-rw-. 1 root root 0 10月 31 23:26 1.txt
drw-rw-rw-. 2 root root 6 10月 31 23:28 2018 //目录权限为666
drwxrwxrwx. 2 root root 6 10月 31 23:26 2019
-rw-rw-rw-. 1 root root 0 10月 31 23:28 2.txt // 2.txt权限为666
[root@lokott umasktest]# cd ..
[root@lokott opt]# umask 666 umasktest/
[root@lokott opt]# cd umasktest/
[root@lokott umasktest]# mkdir 2017
[root@lokott umasktest]# touch 3.txt
[root@lokott umasktest]# ll
总用量 0
-rw-rw-rw-. 1 root root 0 10月 31 23:26 1.txt
d--x--x--x. 2 root root 6 10月 31 23:29 2017 //目录权限为111
drw-rw-rw-. 2 root root 6 10月 31 23:28 2018
drwxrwxrwx. 2 root root 6 10月 31 23:26 2019
-rw-rw-rw-. 1 root root 0 10月 31 23:28 2.txt
----------. 1 root root 0 10月 31 23:29 3.txt //文件3.txt权限全为0
[root@lokott umasktest]# umask //查看umask值
0666