1. View file properties:
ls -l filename
- rw-rw-r-- 1 kiosk kiosk 0 Oct 2 17:05 file
[1] [2] [3] [4] [5] [6] [7] [8]
//notes:
[1]file type
- # Common documents
d # catalog
s # Socket socket, the open interface of a program, through which a program can enter
l # Soft links are shortcuts
p # The Conduit
c # A device that displays characters, that is, a terminal
b # Block device for ultimate storage, similar to U disk
[2]read-write permission
rw- rw- r--
@ $ *
@ # Actions that the document owner can do for the document
$ # Actions that members of the group in which the file belongs can do to the file
* # Actions that other people can do with files [3] number of times the file content is recorded by the system
[4]File owner
[5]File group
[6]file size
[7]Last time the file was changed
[8]File name
2. View directory properties
ls -ld westos
d rwxr-xr-x 2 root root 6 Sep 28 08:18 westos
[1] [2] [3] [4] [5] [6] [7] [8]
notes:
[1] Type (the same as file), metadata and control data can be viewed by
[2] Authority
[3] Number of subdirectories
[4] Directory owner
[5] Directory group
[6] The size of the properties of the content in the directory
[7] Time for adding, reducing or renaming files in the directory
[8] Directory name
3. Change of file user group
(1)chown
chown [User name] [file] # Change file owner, only super user can execute
[root@desktop Desktop]# chown student file
[root@desktop Desktop]# ls -l file
-rw-r--r-- 1 student root 16900 Sep 26 09:12 file
chown -R [user] [catalog] # Change the owner of the directory itself and its children
[root@desktop Desktop]# ll -ld westos/
drwxr-xr-x 2 root root 6 Sep 28 08:18 westos/
[root@desktop Desktop]# chown student westos/
[root@desktop Desktop]# ll -ld westos/
drwxr-xr-x 2 student root 6 Sep 28 08:18 westos/
chown -R []:[] [file name] # File user name and group name are changed together
[root@desktop Desktop]# ls -l file
-rw-r--r-- 1 student root 16900 Sep 26 09:12 file
[root@desktop Desktop]# chown root:student file
[root@desktop Desktop]# ls -l file
-rw-r--r-- 1 root student 16900 Sep 26 09:12 file
(2) chgrp
chgrp [group name] [file] ා change all groups of files
Chgrp - R [group name] [directory] ා change the directory itself and all groups of the sub files in the directory
4. Authority
(1) Identify authority
rwx r-x r-x
User rights (u) group member rights (g) other user rights (o)
(2) Permission type
r
r When the permission is for a file, it means that the file content can be viewed
r When the permission is for the directory, it means that you can ls View file names that exist in the directory
w
w When the permission is for a file, it means that the content of the file can be changed
w When the permission is for a directory, it indicates whether the sub files or sub directories in the directory can be deleted x
x When the permission is for a file, it indicates whether the program recorded in the file can be opened
x When the permission is for the directory, it indicates whether it can enter the directory
(3) Change authority
chmod Format:
chmod [u/g/o] [+/-/=] [r/w/x] [file name] perhaps chmod [Authority number] [file name]
u=rwx=7 g=rwx=7 o=rwx=7 777
u=rw-=6 g=r--=4 o=r--=4 644
r = 4 w = 2 x = 1 - = 0
7=rwx,
6=rw-,
5=r-x,
4=r--,
3=-wx,
2=-w-,
1=--x,
0=---
[root@desktop Desktop]# ll file
-rw-r--r-- 1 root student 16900 Sep 26 09:12 file
[root@desktop Desktop]# chmod 777 file
[root@desktop Desktop]# ll file
-rwxrwxrwx 1 root student 16900 Sep 26 09:12 file
[root@desktop Desktop]# chmod ug-w file
[root@desktop Desktop]# ll file
-r-xr-xrwx 1 root student 16900 Sep 26 09:12 file
5. Default permissions of files
<1> View default permissions
umask # Display system reserved permission value
[root@desktop Desktop]# umask
0022
umask 077 # Temporarily modify umask value
[root@desktop Desktop]# umask 077
[root@desktop Desktop]# umask
0077
<2> Permanently modify default permissions
[root@desktop Desktop]# vim /etc/bashrc
70 if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
71 umask 002 # Changes for ordinary users
72 else
73 umask 022 # Super user changes
74 fi
[root@desktop Desktop]# vim /etc/profile
59 if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
60 umask 002 # Changes for ordinary users
61 else
62 umask 022 # Super user changes
63 fi
# The configuration needs to be refreshed after modification
[root@desktop Desktop]#source /etc/bashrc # Refresh bash configuration
[root@desktop Desktop]#source /etc/profile # Refresh system configuration
6. Special authority
<1> Stickyid mandatory bit
o+t(t=1) Only for directories, when there are t When permission is granted, files in this directory can only be deleted by the file owner
chmod o+t/1--- directroy
[root@desktop Desktop]# mkdir /westos
[root@desktop Desktop]# ls -ld /westos/
drwx------ 2 root root 6 Sep 28 11:52 /westos/
[root@desktop Desktop]# chmod 777 /westos/ # Give maximum permissions to the westos directory
[root@desktop Desktop]# ls -ld /westos/
drwxrwxrwx 2 root root 6 Sep 28 11:52 /westos/
[root@desktop Desktop]# su - student
Last login: Fri Sep 28 11:52:20 EDT 2018 on pts/0
[student@desktop ~]$ cd /westos/
[student@desktop westos]$ ls
[student@desktop westos]$ touch studentfile # Create files in the westos directory as a student user
[student@desktop westos]$ ls
studentfile
[student@desktop westos]$ logout
[root@desktop Desktop]# su - haha
Last login: Fri Sep 28 11:49:21 EDT 2018 on pts/0
[haha@desktop ~]$ cd /westos/
[haha@desktop westos]$ lsstudentfile
[haha@desktop westos]$ touch westosfile # Create files in the westos directory as a haha user
[haha@desktop westos]$ ls /westos/studentfile westosfile
[haha@desktop westos]$ rm -fr studentfile # No matter what user you are using, you can delete files that do not belong to your own creation
[haha@desktop westos]$ ls
westosfile
[haha@desktop westos]$ rm -fr westosfile
[haha@desktop westos]$ ls
[haha@desktop westos]$ logout
[root@desktop Desktop]# chmod 1777 /westos/ # Give t permission to directory
[root@desktop Desktop]# su - student
Last login: Fri Sep 28 11:53:02 EDT 2018 on pts/0
[student@desktop ~]$ cd /westos/
[student@desktop westos]$ ls
[student@desktop westos]$ touch studentfile
[student@desktop westos]$ ls
studentfile
[student@desktop westos]$ logout
[root@desktop Desktop]# su - haha
Last login: Fri Sep 28 11:53:58 EDT 2018 on pts/0
[haha@desktop ~]$ cd /westos/
[haha@desktop westos]$ ls
studentfile
[haha@desktop westos]$ touch westosfile
[haha@desktop westos]$ ls
studentfile westosfile
[haha@desktop westos]$ rm -fr studentfile # Other users cannot delete files that do not belong to their own creation
rm: cannot remove 'studentfile': Operation not permitted
[haha@desktop westos]$ rm -fr westosfile # You can delete your own files
[haha@desktop westos]$ ls
studentfile
<2> Sgid gluing position
g+s(s=2) For the directory, the files created in the directory are automatically assigned to the group where the directory is located. For binary files, the program recorded in the file is executed as all groups of binary files, regardless of the group identity of the executor
chmod g+s/2--- file/directory
[root@desktop ~]# cd Desktop/
[root@desktop Desktop]# ls -ld /westos/
drwxrwxrwt 2 root root 24 Sep 28 11:56 /westos/
[root@desktop Desktop]# groupadd linux
[root@desktop Desktop]# chgrp linux /westos/ # Change the group of / westos directory to linux
[root@desktop Desktop]# ls -ld /westos/
drwxrwxrwt 2 root linux 24 Sep 28 11:56 /westos/
[root@desktop Desktop]# touch /westos/file1 # New file1
[root@desktop Desktop]# ls -l /westos/file1 # /The group of files in westos has not changed
-rw-r--r-- 1 root root 0 Sep 28 20:46 /westos/file1
[root@desktop Desktop]# chmod 2777 /westos/ # Permissions granted to / westos directory 2777
[root@desktop Desktop]# touch /westos/file2 # When you create a new file, the group name will be the same as the directory[
root@desktop Desktop]# ls -l /westos/file2
-rw-r--r-- 1 root linux 0 Sep 28 20:47 /westos/file2
<3> Suid adventure bit
u+s(s=4) For a file, the file record action is executed as the owner of the file, regardless of who initiated it
chmod u+s/4--- file
7. Permission list
setfacl # Specific users have special rights to specific files
//Then the normal permissions of this file are also identified in the permission list, but the permissions seen by ls-l are not accurate. At this time, you need to use getfacel to view them
//Note: the default permission of acl list is valid for directory. When you set a common permission list for directory, you can't set the specific user's permission for the file created in the directory
[root@desktop Desktop]# touch file2
[root@desktop Desktop]# ls -l file2
-rw-r--r-- 1 root root 0 Sep 29 11:15 file2
[root@desktop Desktop]# setfacl -m u:student:rw file2
[root@desktop Desktop]# ls -l file2 # '+' means the permission list is on
-rw-rw-r--+ 1 root root 0 Sep 29 11:15 file2
[root@desktop Desktop]# getfacl file2
#file: file2 # File name
# owner: root # Group of files
# group: root # Permissions of the file owner
user::rw- # Permissions of special designated user u
ser:student:rw- # Permissions for filegroups
group::r-- # Permissions for special specified groups
mask::rw- # Permission maximum
other::r-- # Others'
(1) Set permissions
-m {u:,g:,d:(Set default permissions to student All new directories or files in a directory are read and written)}
# modify
//Note: if you need permissions to be automatically added to the new file, you need to set the default permissions of the directory
-x {u:,g:} # delete
-b # Exit this operation
setfacl -m d:u:student:rwx /mnt/westos # Set the rwx permission for the student user to create a new file in the westos directory, invalid for the existing file, invalid for the directory itself
setfacl -m u:haha:rwx file # Set that haha users can read and write file s
setfacl -m g:student:rwx file # Set student group to read and write files
setfacl -m d:u:student:rwx file # Set the default permission to read and write to the student's file. The new file has rwx permission to the student user. It is invalid to the existing file and the directory itself
setfacl -x u:lee file2 # Delete the user lee's information in the permission list
setfacl -x g:student file2 # Delete information for student group in permission list
setfacl -b file2 # Close the permission column, i.e. "+" disappears
(2)mask value
mask The value is the maximum value that can be given to the user's authority when setting acl After listing, if you use chmod Command to narrow the file, then mask Value will be changed
[root@desktop Desktop]# setfacl -m u:student:rwx file2 # The maximum authority is given first, which is more effective when the authority is changed later[
root@desktop Desktop]# setfacl -m u:haha:rwx file2
[root@desktop Desktop]# getfacl file2
# file: file2
# owner: root
# group: root
user::rw-
user:student:rwx
user:haha:rwx
group::r--
mask::rwx # Permissions before change
other::r--
[root@desktop Desktop]# chmod 644 file2 # The mask value changes
[root@desktop Desktop]# getfacl file2
# file: file2
# owner: root
# group: root
user::rw-
user:student:rwx #effective:r-- #This position represents a valid power
user:haha:rwx #effective:r--
roup::r--
mask::r-- # Changed permissions
other::r--
[root@desktop Desktop]# setfacl -m m:rwx file2 # Restore permission, m stands for mask in m:rwx
[root@desktop Desktop]# getfacl file2
# file: file2
# owner: root
# group: root
user::rw-
user:student:rwx
user:haha:rwx
group::r--
mask::rwx
other::r--
(3)defult
It is only valid for new files in the directory, but not for existing files and directories.
To take effect on an existing or directory itself:
setfacl -Rm u:student:rwx /mnt/test
Note: if you want to see the specific difference, you can switch to test under student user to edit the file and see the function of fault