1 understand file permissions
file permissions to read
Permission type
| - Permission to close | r (resadable) permission to view | w (writeable) can be written authority | x (excutable) enforcement powers |
|---|---|---|---|
| This bit permission is not open | For files : you can view the contents of files in the directory : file names can be listed in the directory | For file to change the file records the contents of the directory to change the permissions of files in the directory | For files within the available file name calling documented procedures for in directories accessible directory |
Way set file permissions character mode and digital mode
| Character mode setting permissions | chmod [parameters] ... privilege mode [mode change] targets ... |
|---|---|
| Digitally set file permissions | chmod [parameters] ... rights ... target value |
| In accordance with the template to copy the file permissions | chmod [parameters] .. -reference = template goal ... |
Character mode setting permissions
chmod <u|g|o|a><+|-|=><rw|x>目标
例:
chmod u=rw TAG
chmod ug-w,o+x TAG
chmod a-w TAR
Digital rights management of
rights can be made with a number to indicate eight
| Competence | Binary | Octal |
|---|---|---|
| --- | 000 | 0 |
| --x | 001 | 1 |
| -w- | 010 | 2 |
| -wx | 011 | 3 |
| r-- | 100 | 4 |
| r--x | 101 | 5 |
| rw- | 110 | 6 |
| rwx | 111 | 7 |
Management permissions:
chmod digital TAG
Copy permission
copy rights embodiment the source file attributes chmod --reference = TAG
Example: chmod --reference = / mnt / westso westos1
employed to monitor, observe more intuitive
Note: 1.chmod and co -p can copy the permissions of the source file to the destination file, but in the process of replication, cp -p will overwrite the destination file contents
System privileges reservation threshold
- Meaning that there is a resource sharing, greater open permissions, the more obvious the effect of sharing, but security is worse
- For system security to speak of, the smaller the power of open, more secure system
- In the open system of claim should be opened, to ensure rights reserved unsafe system functionality and safety
766-111 = 6666 + 2 = 4 6, 4 subtraction element
777-022 (reserved system) = 755 (directory) -111 (reserve equipment) = 644 to establish a default file permission value when the system is reserved for permission to change the default file permissions to establish values will get rid of
Permissions reservation threshold set
temporary settings umask umask system to reserve rights umask in the shell can be used to view and set aside permission threshold
permanently change the permissions threshold shell configuration file / etc / bashrc system environment configuration file / etc / Profile
1. temporary reservation threshold setting authority umask 077 (when re-open a shell, permission reservation threshold constant)
2. Change the permissions permanent reservation threshold, information on the position as shown in FIG change the authority reservation threshold 044 in the configuration file / etc / bashrc / etc / profile 022 to set a permanent set
Determining whether the uid to over 199 
3 Source / etc / bashrc
Source / etc / Profile
reminder system privileges reservation threshold has been changed