Linux file attributes

Document Properties

【1】, ls -ihl Meaning of each column

[root@kylin-xu ~]# ls -ilh
Total usage 105M
102604839 -rw-r--r-- 1 root root 57M September 21 2017
102685193 -rw------- 1 root root 2.7K November 3 12:29
102407797 -rw-r--r-- 1 root root 3.1K November 3 12:31
102684881 -rw-r--r-- 1 root root 112 November 4 23:52
102604829 -rw-r--r-- 1 root root 112 November 4 23:50
102684877 -rw-r--r-- 1 root root 327 November 4 12:54
102604833 -rw-r--r-- 1 root root 49M February 15 2017 secure-20161219

[2], inode and block

inode index node index node, similar to our identity card
- The inode number is an ID number.
- The inode space is similar to an ID card for storing personal information.
- The inode space holds file attribute information.
block Data block, holds data (file contents).

Let's look at the process analysis of the file.

After executing the cat command, we will first enter the inode area. Because of the permissions and user/group information in the inode, if our permissions don't match, we will be rejected at this step.

If it is possible to enter the indode zone, there will exist inside theBlock location (pointer to data entity)He'll direct us to the location of the block, where we can view the data.

graph TD. cat command subgraph inode area Attribute information File size Permissions (permissions) User/Group block location end subgraph block area data end cat command --->permission ---->data

Features:
- 1 inode,block (non-empty) for each file created
- inode 256 bytes general.
- Block is usually 4k.
- Create a non-empty file that occupies 1 block, the file is small and does not fill the block, the remaining space is empty.
- The inode size, block size, and number are all born at the time of formatting.
command
- file inode number (not important),block (file size important)
```
ls -lhi   filename
```
Directory View the space occupied by the directory
```
[root@kylin-xu ~]# du -sh /etc/
25M /etc/
# -h: view the size in human-readable form
# -s: view summarized results

# Don't use ls -ih to look at the
```
For catalogs, we usels -lh command to see that the size you get is not the size that the directory occupies on disk

Because, according to the relationship between inode and block, the block of a directory holds the names of all the files and directories in that directory, we can't use thels -lhGo to view the size of the catalog
Summary:
- inode,block role.
- The commands ls, du

【3】、Document type

Everything is a document.

Common Linux File Types
-(Documentation)
d (catalog)
l (soft link)
c(Character device) followed by	Constant output (white hole), constant absorption (black hole) /dev/null (black hole) /dev/urandom (white hole) /dev/zero (white hole)
b (block equipment)	Hard Disks, Optical Disks (Disk Topics)
s (socket file socket file)	Network Transmission Related
......

ls -l
file View file types

crw-rw-rw- 1 root root 1, 3 11moon 4 14:40 /dev/null
[root@kylin-xu ~]# ll /dev/zero
crw-rw-rw- 1 root root 1, 5 11moon 4 14:40 /dev/zero
[root@kylin-xu ~]# ll /dev/urandom
crw-rw-rw- 1 root root 1, 9 11moon 4 14:40 /dev/urandom
[root@kylin-xu ~]# file /dev/urandom
/dev/urandom: character special (1/9)

【4】、Authority

1. rwx permission meaning

r read # read You can use these commands cat, less, more, vim
w write # write vim echo sed
x excuter # executable, does not make sense for normal files, but only for executables
- No permissions.


[root@kylin-xu day14]# ll
Total usage 0
-rw-r--r-- 1 root root 0 November 6 03:54
-rw-r--r-- 1 root root 0 November 6 03:54
-rw-r--r-- 1 root root 0 November 6 03:54
- # File types
The file permissions are grouped in threes
rw- # First column, the file's owner, which user the file belongs to, and who it belongs to.
r-- # Second column The file's group The file's permissions for the group The phone's permissions for the group
r-- # Third column, other permissions on the file, permissions on the file for strangers, same as the group, but only see permissions.

What do I have access to?
[root@kylin-xu day14]# whoami
[root@kylin-xu day14]# whoami
2. Find out what the relationship is between the user and the file.
3. Check the specific permissions
The first three permissions for root are rw-

Maximum permissions for documents

Maximum permissions for directories

2. Correspondence between rwx and numbers

r # 4
w # 2
x # 1
-rw-r--r-- 1 xu xu 0 November 6 04:04
user rw-;4+2+0
group r--:4+0+0
others r--: 4+0+0
File permissions in numbers 644

Deriving file permissions from numbers using characters
755
rwxr-xr-x

3. Modification of document permissions

（1）、chown

chown # Modify the file's belonging group
Syntax structure
chown oldboy file # Modify only the owner.
chown file # Modify both the owner and the group.
Parameter options
-R # Recursive modification
[root@oldboyedu ~]# ll /tmp/
-rw-r--r-- 1 root root 6 November 7 11:11 /tmp/

Case 1. Modify the owner of the test file to user xu.

[root@kylin-xu tmp]# ll
Total usage 0
-rw-r--r-- 1 root root 0 November 6 04:18 test
[root@kylin-xu tmp]# chown xu test
[root@kylin-xu tmp]# ll
Total usage 0
-rw-r--r-- 1 xu root 0 November 6 04:18 test

Case 2. Simultaneous modification of genus and group to xu

[root@kylin-xu tmp]# ll
Total usage 0
-rw-r--r-- 1 root root 0 November 6 04:20 test
[root@kylin-xu tmp]# chown test
[root@kylin-xu tmp]# ll
Total usage 0
-rw-r--r-- 1 xu xu 0 November 6 04:20 test

Case 3. Recursively modifying a file's genus group and genus group

[root@kylin-xu tmp]# chown a -R
[root@kylin-xu tmp]# ll a
Total usage 0
drwxr-xr-x 3 xu xu 60 November 6 04:21 b
[root@kylin-xu tmp]# ll a/b/
Total Usage 0
drwxr-xr-x 2 xu xu 40 November 6 04:21 c
[root@kylin-xu tmp]# ll a/b/c -d
drwxr-xr-x 2 xu xu 40 November 6 04:21 a/b/c
[root@kylin-xu tmp]#

（2）、chmod

chmod # Modify file permissions
Syntax structure
chmod +w file # Increase w permissions
chmod -w file # Decrease w permissions
chmod g+w file # Increase w permissions by authorizing the group bit
To authorize a group to add w permissions to a file, use u for user.
Group Use g for group
Stranger Use o for other

Case 1. Add x permissions to the test attribute.

[root@kylin-xu tmp]# chmod u+x test
[root@kylin-xu tmp]# ll
Total usage 0
-rwxr--r-- 1 xu xu 0 November 6 04:20 test

Example 2. Subtracting w permissions from the test attribute group bit

chmod u-x test

Case 3. Setting rwx permissions on the test owner

chmod u=rwx test

Set rw permissions on test other

chmod o=rw test

Case 4. Remove wx permissions from strangers at the same time

chmod o-wx test

Case 5. Using the equals sign to reassign permission bits

chmod o=r test

Case 6. Modify all locations to add x permissions

chmod +x test

Case 7. All positions minus x permissions

chmod -x test

Case 8. Add w permissions to all locations

chmod ugo+w test

Case 9. Reduce w permissions for all locations using a

chmod a-w test

Summary: Using ugo to Authorize Files
chmod u+w # Authorize w privileges on the owner's bit
chmod u-w # Reduce w privileges in the master position
chmod ug+x # Add x permissions to masters and groups
chmod ugo+x # add x permissions to all bits
chmod +x All bits add x permissions
chmod a+x All bits add x permissions
chmod g=w Remove the original permissions and re-install the w permissions.

Authorization using a digital approach

r # 4
w # 2
x # 1
Syntax structure
chmod 644 file # authorize file with 644 permissions

Case 1. Authorize file permissions as rw-r-xr- permissions

[xu@kylin-xu day14]$ chmod 654
[xu@kylin-xu day14]$ ll
-rw-r-xr-- 1 xu xu 0 November 6 04:04

Case 2. Authorize file permissions as rw------- permissions

[xu@kylin-xu day14]$ chmod 600
[xu@kylin-xu day14]$ ll
-rw------- 1 xu xu 0 November 6 04:04

Case 3. Authorized file permissions are rw-r--r-- permissions

[xu@kylin-xu day14]$ chmod 644
[xu@kylin-xu day14]$ ll
Total usage 0
-rw-r--r-- 1 xu xu 0 November 6 04:04

Case 4. Authorized file permissions are --------- permissions

chmod 000

# of authorizations frequently used
644 rw-r--r--
755 rwxr-xr-x
600 rw-------
chmod # Recursively authorize files with 600 permissions for the owner's attribute group
Parameter options.
-R # Recursive authorization is dangerous, do not use it to modify directories.

4. The role of rwx for documents

What r does for a file:
1, readable
2、Not writable But can be forced to write to vim
3、Can not be executed
4, can not be deleted, deletion is controlled by the permissions of the directory
[xu@kylin-xu day14]$ echo pwd >
[xu@kylin-xu day14]$ chmod u=r
[xu@kylin-xu day14]$ ll
-r--r--r-- 1 xu xu 4 November 6 04:59
[xu@kylin-xu day14]$ cat
pwd
[xu@kylin-xu day14]$ echo aaa >
-bash: : not enough permissions
[xu@kylin-xu day14]$ . / -bash: .
-bash: . /: not enough permissions
[xu@kylin-xu day14]$ echo pwd >
-bash: : not enough permissions

What w does for a file: [xu@kylin-xu day14]$ chmod u=w
[xu@kylin-xu day14]$ chmod u=w
[xu@kylin-xu day14]$ ll
--w-r--r-- 1 xu xu 0 November 6 04:55
[xu@kylin-xu day14]$ cat
cat: : not enough privileges
[xu@kylin-xu day14]$ echo pwd >
[xu@kylin-xu day14]$

1. Cannot view file contents
2. can not use vim way to write can only use echo append content
3. Cannot be executed
4. only a w, then, theoretically is possible, but in the actual production is not very meaningful

What x does for a file: [xu@kylin-xu day14]$ chmod u=x
[xu@kylin-xu day14]$ chmod u=x
[xu@kylin-xu day14]$ ll
Total usage 8
---xr--r-- 1 xu xu 4 November 6 04:59


# File with only one x won't do anything
[xu@kylin-xu day14]$ . /
bash: . /: not enough permissions
# To make a file executable, you must have r permissions.
xu@kylin-xu day14]$ chmod u=rx
[xu@kylin-xu day14]$ ll
-r-xr--r-- 1 xu xu 4 November 6 04:59
[xu@kylin-xu day14]$ . /
/home/xu/day14

To summarize.
1. 1 r is useful for files, read-only.
2. rw is the highest privilege read/write for files.
3. r and x have execute permissions on the file.
4. rwx scripts have highest permissions.

The highest permission for a file is 666, and all locations can be read and written.

5. The role of rwx for catalogs

[xu@kylin-xu ~]$ ll -d day14/
drwxr-xr-x 2 xu xu 45 November 6 04:55 day14/

1. A directory with only r permissions can't do anything. Since the block of a directory holds the names of the files in that directory, looking at it with ll will only show you the names of the files.
[xu@kylin-xu ~]$ chmod u=r day14/
[xu@kylin-xu ~]$ ll day14/ -d
dr--r-xr-x 2 xu xu 45 November 6 04:55 day14/
[xu@kylin-xu ~]$ ll day14/
ls: can't access 'day14/': insufficient privileges
ls: can't access 'day14/': insufficient privileges
ls: cannot access 'day14/': insufficient privileges
Total Usage 0
-????????? Total usage 0 - ? ? ?             ?
-????????? ? ? ? ?             ?
-????????? ? ? ? ?             ?


2. The directory only has w permissions. It can't do anything.

What it does for directories.
Controls whether or not you can cd to a directory.
2. No other permissions
[root@oldboyedu oldboy]# chmod u=x /oldboy
[root@oldboyedu oldboy]# ll -d /oldboy
d--xr-xr-x 2 oldboy oldboy 45 November 11 11:31 /oldboy

Common combinations of directory permissions.
The function of the -x combination is to enter the directory and view all the files in the directory. Whether or not you can see the contents of a file depends on the permissions of the file.
The -x combination cannot delete, create, rename, etc. in a directory.
The highest privileges of the portfolio catalog can be accessed to add, delete, and modify the contents

Why is there a permission denial?

[xu@kylin-xu ~]$ cat /etc/shadow
cat: /etc/shadow.
# Since the shadow file itself does not have r permissions for other

# The rest of passwd does not have w permissions and must be rw.
[xu@kylin-xu ~]$ echo 11111>> /etc/passwd
-bash: /etc/passwd: not enough permissions
[xu@kylin-xu ~]$ ll /etc/passwd
-rw-r--r-- 1 root root 2031 November 5 16:00 /etc/passwd

# Since the /etc/ directory doesn't have w permissions in other locations
[xu@kylin-xu ~]$ touch /etc/haha
touch: Unable to create '/etc/haha': insufficient permissions
[xu@kylin-xu ~]$ ll /etc/ -d
drwxr-xr-x 121 root root 8192 November 6 02:47 /etc/ -d

# Because the rest of the root directory doesn't have r-x permissions.
[xu@kylin-xu ~]$ ls /root
ls: can't open directory '/root': not enough permissions
[xu@kylin-xu ~]$ logout
[root@kylin-xu ~]# ll /root -d
dr-xr-x--- 5 root root 4096 November 6 03:53 /root

6、umask

The role of umask is to determine the default permissions for creating files and directories # Understand umask values Not a priority
Default file permissions: 644
Default directory permissions: 755

[root@kylin-xu ~]# umask
0022

Default file permissions: the file's highest permissions, 666, minus the umask value.
 666
-022
=644
Directory permissions: is the maximum permissions on the directory, 777, minus the default value of umask.
 777
777 -022
=755

Case value modified to 044

[root@kylin-xu ~]# umask 044
[root@kylin-xu ~]# umask
0044
[root@kylin-xu ~]# ll
-rw--w--w- 1 root root 0 November 6 06:41
[root@kylin-xu ~]# mkdir aaaa
[root@kylin-xu ~]# ll -d aaaa/
drwx-wx-wx 2 root root 6 November 6 06:41 aaaa/

Case value modified to 032

# if umask exists odd bits, +1 after file subtraction, directories not needed
[root@kylin-xu ~]# umask 032
[root@kylin-xu ~]# umask
0032
[root@kylin-xu ~]# touch
[root@kylin-xu ~]# ll
-rw-r--r-- 1 root root 0 November 6 06:44
[root@kylin-xu ~]# mkdir qaaa
[root@kylin-xu ~]# ll -d qaaa/
drwxr--r-x 2 root root 6 November 6 06:44 qaaa/

7. Hidden permission bits

# View hidden permission bits
[root@kylin-xu ~]# touch
[root@kylin-xu ~]# lsattr
--------------------

# Add hidden permissions to a file. Only append content to a file.
[root@kylin-xu ~]# chattr +a
[root@kylin-xu ~]# lsattr
-----a--------------
[root@kylin-xu ~]# rm -f
rm: unable to delete '': disallowed operation
[root@kylin-xu ~]# echo aa >
-bash: : Disallowed operation
[root@kylin-xu ~]# echo oooo > >
[root@kylin-xu ~]# cat
oooo

# Remove a hidden permission
[root@kylin-xu ~]# chattr -a
[root@kylin-xu ~]# lsattr
--------------------

# i is invincible, can't do anything but look.
[root@kylin-xu ~]# chattr +i
[root@kylin-xu ~]# cat
oooo
[root@kylin-xu ~]# echo aaa>>
-bash: : Disallowed operations

We can understand that hidden access is restricted to the root user.

8、Special authority bit

suid set uid 4# Function Equivalent to the privileges of the owner when the user executes the command.
We need to add the s permission to the owner's location. Anyone using the command will have the privileges of the command's owner.
sgid 2 # Set for directories. For directories with sgid set, content created in that directory automatically inherits the parent group of the previous directory.
sticky 1 # This is mainly for shared directories, if sticky is set, the content created in the directory can only be deleted by the person who created it.

suid

[root@kylin-xu ~]# ll /usr/bin/passwd
-rwsr-xr-x 1 root root 30800 April 20 2022 /usr/bin/passwd

sgid
[root@kylin-xu ~]# chown test
[root@kylin-xu ~]# touch test/qqq
[root@kylin-xu ~]# ll test/qqq
-rw-r--r-- 1 root xu 0 11moon 6 07:14 test/qqq

sticky

[root@kylin-xu ~]# mkdir /nfs
[root@kylin-xu ~]# chmod 777 /nfs
[root@kylin-xu ~]# chmod o+t /nfs
[root@kylin-xu ~]# ll -d /nfs
drwxrwxrwt 2 root root 35 November 6 07:16 /nfs
[root@kylin-xu ~]# su - xu
[xu@kylin-xu nfs]$ echo xu >
[root@kylin-xu ~]# su - tom
Last login: Feb Nov 5 11:47:09 -03 2024 pts/2 on
[tom@kylin-xu ~]$ cd /nfs
[tom@kylin-xu nfs]$ echo tom >
# Under this directory there are files created by both xu and tom, and because the directory is set to sticky, tom can't delete the user created by xu.
[tom@kylin-xu nfs]$ \rm -f
rm: can't delete '': disallowed operation

[5], Hard and soft connection

1、Soft Link

Softlinks are similar to windows shortcuts, where the source files are stored.
- symbolic link (or symlink), soft link

Create softlink Create softlink /opt/ifcfg-ens33 for /etc/sysconfig/network-scripts/ifcfg-ens33

[root@kylin-xu ~]# ln -s /etc/sysconfig/network-scripts/ifcfg-ens33 /opt/ifcfg-ens33
[root@kylin-xu ~]# ll /opt/ifcfg-ens33
lrwxrwxrwx 1 root root 42 11moon 5 08:02 /opt/ifcfg-ens33 -> /etc/sysconfig/network-scripts/ifcfg-ens33


# ln -s source file target document

Deleting soft links

[root@kylin-xu opt]# rm -f ifcfg-ens33
# Does not affect source files

Deleting source files

[root@kylin-xu day06]# touch 123
[root@kylin-xu day06]# ln -s 123 456
[root@kylin-xu day06]# ll
Total usage 1636
-rw-r--r-- 1 root root 0 November 5 08:05 123
lrwxrwxrwx 1 root root 3 November 5 08:05 456 -> 123
[root@kylin-xu day06]# rm -f 123
# Softlinks don't work anymore

2、Hard link

In the same partition, inodes with the same number are hardlinked to each other.
```
ln Source file Target file
```

3. Distinctions

Meaning:
- Softlink source file location
- Hard links have the same inode number on the same partition
Features:
- The longest used is soft links to files, directory creation.
- Hard links can only be created for files, not directories.
removing

[6] Documentation time

timing
Modification time mtime	Revision time, most commonly used.
Access time atime	Look at the file once and the time changes. Limitations mtime related.
Attribute change time ctime	Attribute information modifies this time to change.
Creation time btime	File creation time.

[root@kylin-xu day06]# stat
  File: ""
  Size: 20 Block: 8 IO Block: 4096 Common File
Device: fd00h/64768d Inode: 102684889 Hard link: 1
Permissions: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Last accessed: 2024-11-05 00:06:10.939806497 -0300
Last changed: 2024-11-05 00:06:08.442785880 -0300
Last changed: 2024-11-05 00:06:08.442785880 -0300
Created: -