[linux] Permission Understanding

Time:2024-4-10

catalogs

1. shell commands and how they work

2. The concept of authority

3. Authority management

2.1 Classification of document visitors (persons)

2.2 File types and access rights (thing attributes)

2.3 Representation of file permission values

2.4 Methods for setting file access rights

3. The file directive

4. Permissions for directories★

5. Sticky bits★

6. Summary of authority

One must always pay for past laziness!

1. shell commands and how they work

  Linux Strictly speaking it is an operating system, which we call the Core ( kernel But we, the average user, can’t directly use kernel。 Instead, the kernel the housings program, also known as the shell Come with kernel communication. [Common understanding: the user communicates with the operating system through the shell]shell: shell program
(1) From a technical point of view. Shell The simplest definition of a command-line interpreter ( command Interpreter ) contains mainly:
Translate user commands to the core ( kernel ) processing; at the same time, the core processing results are translated to the user.
(2) The significance of the existence of the shell: the shell reduces the cost of operating the OS; protects the OS;
Note: under linux, the shell refers to the command line interpreter; under windows, the shell refers to the graphical interface.
Our common command line interpreter (shell) for centos 7 is called bash.[shell is the generic term, bash is the specific one]

2. The concept of authority

Linux There are two types of users under: super users ( root ), general users.
Super users: can be re linux Do anything under the system without restrictions
Ordinary users: in linux Do limited things under.
The command prompt for the superuser is “#” The command prompt for normal users is “$”
order su [ user ID ]
functionality : Switching users.
For example, to start with root User switching to normal user user If you use the su user . To go from a normal user user Switch to root The user then uses the su root( root can be omitted), at which point the system will prompt for the entry of the root User’s password
[linux] Permission Understanding
(1) A password is required to go from regular user to regular user.
(2) No password is required to go from Super User to Normal User. [Super user password is important]

Suggestion: It is recommended to set different passwords for root and normal users, and the password for super users must be complex.

3. Authority management

2.1 Classification of document visitors (persons)

The owner of the file and file directory: u—User
The user in the group of the owner of the file and file directory: g—Group
Other users: o—Others 
In the linux system, people are divided into three categories: (1) the owner of the file (owner) (2) the group to which the file belongs (grouper)
(3) Other users of the document (other)
Linux There are two types of users under: super users ( root ), ordinary users. (root and regular users can be one of the above three categories)

2.2 File types and access rights (thing attributes)

[linux] Permission Understanding

File type: (files are not distinguished by file extension under linux)
d : Folders (text, source code, executable programs, third-party static libraries, etc.) [Catalog Files
: General Documentation
l : Soft links (similar to Windows (shortcut) [link to file
b : Block device files (e.g., hard disk, CD-ROM drive, etc.)
p : Pipeline documentation
c : Character device files (e.g. serial devices such as screens)
s : Set of interface documents

[linux] Permission Understanding

gcc is a compiler software on linux. [Although linux does notDistinguish files by file suffix, but software in linux will

b) basic authority
i. Read ( r/4 ): Read For a file, permission to read the contents of the file; for a directory, permission to view information about the directory
ii. Write ( w/2 ): Write Permission to modify the contents of a file for files, and to delete files in a directory for directories.
iii. Implementation ( x/1 ): execute For files, permission to execute the file; for directories, permission to enter the directory
iv.“—”Indicates that you do not have this permission

Permissions are centered around user and file attributes (read, write, execute).

Permission operations on files: (1) Modify file attributes (2) Modify people

2.3 Representation of file permission values

a) character representation

[linux] Permission Understanding

 b)8Numerical Representation of the Progressive Scale

[linux] Permission Understanding

2.4 Methods for setting file access rights

root is not restricted by normal user privileges.

a)chmod
Function: Setting access rights to files
Format: chmod [ parameters ] Permissions File name
Commonly used options:
R -> Recursively modifying directory file permissions
Note: Only the owner of the file and root can change the file’s permissions
Format of the chmod command permission value:
① User Indicator +/-= privileged character
+: Adds the privilege indicated by the privilege code to the scope of the privilege.
-: Removes the privilege indicated by the privilege code from the privilege range.
=: Assigns to the scope of authority the authority indicated by the authority designator.
User Symbols:  
u : Owner
g : owner’s cohort with
o : Other users
a : All users
Example:

# chmod u+w /home/abc.txt
# chmod o-x /home/abc.txt
chmod a=x /home/abc.txt [all users only have the permission to execute this]
[linux] Permission Understanding
②Three 8 decimal fraction
Example:
# chmod 664 /home/abc.txt
# chmod 640 /home/abc.txt
b)chown
functionality : Modify the owner of the file
specification chown [ parameters ] User name File name
Example:
# chown user1 f1
# chown -R user1 filegroup1
chown change owner file This will result in an error and should be written as (1)sudo chown  Change of owner Documentation; [the role of sudo, elevate the privilege to execute the program as root] (2) first change the user to super user, and thenchown change owner file
c)chgrp
functionality : Modify the group to which a file or directory belongs
specification chgrp [ parameters ] User group name File name
Common Options -R Recursively modify the group to which a file or directory belongs
Example:
chgrp users /abc/f2
(1)sudo chgrp changedaffiliated groupfile[The role of sudo, elevate the privilege to execute the program as root] (2) First change the user to super user, and thenchgrp changedaffiliated groupfile
Directly change the owner and the group to which it belongs one at a time:
(1)sudo chown  Owners of change: revisedaffiliated groupfile(2) Change the user to a super user first, and thenchown  Owners of change: revisedaffiliated groupfile
d)umask
functionality
ferret outormodificationsfile mask
Default permissions for new folders = 0666 (octal, first 0 is the octal representation)
Default permissions for new directories = 0777 (octal)
However, the files and directories you actually create often see permissions that are not the values above. The reason for this is that the creation of a file or directory is also affected by umask. Suppose the default permissions are mask If the file permissions of the actual file created are : mask & ~umask
specification umask privilege value
clarification : Subtracting the permission mask from the existing access permissions produces the preset permissions when the file is created. The default mask value for the superuser is 0022 The default for normal users is 0002
Example:
# umask 755
# umask // ferret out
# umask 044// set up

(1) We create directories with permissions: 775; we create files with permissions: 664 (may vary from system to system)

Default directory permissions are: 777; default file permissions are: 666

(2) umark 0000; then we create directories with permission: 777; and files with permission: 666 [i.e., default permissions].

[linux] Permission Understanding

3. The file directive

Functional Description : Identify the type of document.
grammatical file [ options (as in computer software settings) ] File or directory … 
Common Options
-c Detailed display of the instruction execution process, easy to troubleshoot or analyze the program execution situation.
-z Try to decipher the contents of the zip file.

file File/directory

4. Directory permissions

executable privilege : If the directory does not have executable permissions , failing agreement cd to the catalog .
Readable permissions. If the directory does not have readable permissions , then it is not possible to use the ls and other commands to view the directory’sList of documents .
writable authority : If the directory has no writable permissions , Then you can’t create a file in the directory , It is also not possible to delete files in the directory

5. Sticky bits

When one has write access to a directory, one can create and delete files. But everyone with write access to a directory can delete any file in the directory. If we don’t want people to delete our own files, we can add sticky bits to the directory.

When a directory is set to viscous zone (geology) “( with chmod +t directory), The files in this directory can only be accessed by the
I. Deletion by Super Administrator
II. The owner of the directory is deleted
III. Deletion by the owner of the file

6. Summary of authority

(1) The executable permissions of a directory are an indication of whether you can execute commands in the directory.
(2) If the catalog does not -x permissions, you will not be able to execute any commands on the directory, not even the cd proceed to the next stage , Even though the catalog still has -r Read permissions (this is where it’s easy to make the mistake of thinking that having read permissions allows you to go into a directory and read the files in it)
(3) And if the catalog has -x permissions, but no -r privilege, then the user can execute commands and can cd into the catalog. However, since there is no read access to the catalog

(4)So in the catalog, even though it is possible to executelscommand, but still does not have permission to read the documents in the directory.

Tags: , , ,

Recommended Today

Windows CMD Commands

A command prompt is a working prompt in an operating system that prompts for command entry. Command prompts vary in different operating system environments. In the windows environment, the command line program is cmd.exe, a 32-bit command line program, Microsoft Windows system based on the command interpreter program on Windows, similar to the Microsoft DOS […]