Location>code7788 >text

Linux_Permission Understanding (Detailed PLUS)

Popularity:929 ℃/2024-10-03 13:05:29

1.User

There are two types of users under Linux: super users (root) and regular users;

Super user: can do anything under linux without restriction.
Normal user: can do limited things under linux.
Command prompt for superuser is "#", for normal user is "$".

Super User:

Common Users:

2. User switching

Switching between users:

su + username //exit to revert to the original user

1) Normal user switching super user (need to enter root user password)

2) Super user switch to normal user (no need to enter normal user password)

image

Normal users switch super users:

su - //also use exit to fall back to the original user

3. Create and delete common users

Creating an ordinary user

useradd+username (create)
passwd+username (set password)

image

Deletion of ordinary users

userdel -r +username

image

Viewing users in the home directory

ls /home

image

4.Permission Management

What are permissions?

Permissions = user + thing attributes (rwx)
r:readable w:writable x:executable

File visitor type (user):

Owners of files and file directories: u --- User (owner)
Users in the group to which the owner of files and file directories belongs: g---Group (Group)
Other users: o---Others (Other)

File types and access rights (thing attributes):

image

Document type:

d: Folders
-: Ordinary files
l: soft links (similar to Windows shortcuts)
b: block device files (e.g. hard disk, CD-ROM drive, etc.)
p: pipe files
c: character device files (e.g., serial devices such as screens)
s: socket files

Basic permissions:

Read (r): Read has permission to read the contents of a file; for a directory, it has permission to browse the information in the directory.
Write (w): Write has permission to modify the contents of a file; for directories, it has permission to delete and move files in the directory.
execute (x): execute has permission to execute a file, and to enter a directory.
"-" means that you do not have this permission.

5. How to set file permissions

1)chmod

Function: Modify user permissions on a file

(1) chmod role +/- permissions file

image

(2) chmod binary 8 (u) binary 8 (g) binary 8 (o) file

rwx:111(binary) -->7(octal)
rw-:110(binary) -->6(octal)
r--:100 (binary) -->4 (octal)
----:000(binary) -->0(octal)

image

2)chown

Function: Modify the owner of a file
Format: chown [parameters] username filename

image

3)chgrp

Function: Modify the group to which a file or directory belongs
Format: chgrp [parameters] user group name file name

image

6. Permission Mask

For newly created files and directories we will find: the default permissions for directories are 775, and the default permissions for files are 664, why?

image

At the start, the default permissions are 777 for directories and 666 for files, and the final permissions are different from the start due to the presence of permission masks

Final Permission = Starting Permission & (~Permission Mask)

image

Permission mask view: umask

image

Modify the privilege mask to 0000: umask 0000

image

At this point we create the new directory and files again

image

With the image above we can see that the permissions of the new directory and files have changed

7. Sticky bits

Think about the code that follows

image

We can see that the owner of the file and the group to which it belongs are root, and the user qz belongs to others, only read permission, we can only read the file and can not modify the contents of the file, but we can delete the file, this is why?

This is because the permissions of the folder in which this file resides itself belong to us, with w permissions, i.e., we can delete it.

image

This brings us to the concept of sticky bits (chmod o+t file).

When a directory is set to the sticky bit, the directory can only be used by the

1、Super administrator delete
2、Deleted by the owner of the directory
3、Deleted by the owner of the folder