1. Home > Operating_system >

UNIX file security and permissions

Use the ls -l command, such as the following:
total 74434
-rwxrwxr-x 2user dba 39921 January 16 12:50file1
drwxrwxr-x 2 user dba 4096 January 16 15:29 folder
total 74434 indicates the space occupied by all files in the directory
2 indicates the number of hard links to the file
39921 indicates the length of the file, expressed in bytes, not K bytes
-rwxrwxr-x represents the read and write execution permissions of the file or directory, the first bit indicates the file type (7 types)
d directory l symbolic link (pointing to another file) s socket file b block Device file
c character device file p named pipe file-common file
The first paragraph rwx indicates the file owner authority: r,w,x (execute)
The second paragraph rwx indicates the file ownership Main default group permissions: r,w,x
The third paragraph rx Other permissions used in the system: r,x
Note: If the attribute of a file is -r------- -, the owner of the file can still write to the file by redirection

chmod command: divided into symbolic mode and absolute mode:

Symbol mode format:
chmod[who ] operator [permission]filename
who Meaning:
u File owner permissions g Same group user permissions o Other users Permission a for all users
operarot meaning:
+ increase permission-cancel permission = set permission
permission meaning:
r read permission w write permission x execute permission s file owner and Group set-ID
t sticky bit l locks the file so that other users cannot access it.
If the "t" bit appears on a directory, it means that only the owner of the file in the directory can be used Delete, even if the same group of users or given the same permissions as the owner; if the "t" bit appears on the file, it means that the script or program will be placed in the swap area (virtual storage) when it is executed.
Example: chmod u+x filename means that the owner increases the write permission
chmod u+x ow filename If the original permission is -rw-r--rw-, after the change, it will be -rwxr--r--
absolute mode :
chmod [mode] filename mode is composed of 3 octal digits, such as chmod 777 filename
Parameter R: For example, chmod -R 644 /usr/* means to combine the files in the /usr directory at one time The file in the subdirectory is changed to 644
The directory permissions override the file permissions, meaning that if the file is writable, but the directory cannot be written, then the file still cannot be written

suid/guid command:
suid means that if a user sets this kind of authority to their own shell script, other users will also have the corresponding authority of their owner when executing this script. The same principle applies to guid, the user executing the corresponding script will have the permissions of the user in the user group to which the file belongs.
Setting method: (Use ls -l |grep'^...s' to view suid permission files)
chmod 4711 results rws--x--x Use 4 to set suid
chmod 6711 result rws--s--x use 4+2 to set suid and guid
chmod 2711 result rwx--s--x use 2 to set guid
you can also use chmod u+s filename To set, if you see S, it means that the permission bit has not been set and has no practical meaning

chown/chgrp command:
chown -R -h owner[:group] filename
change The file owner, -R means all directories, -h means changing the symbolic link file does not affect its target file
chgrp -Rh group filename is used to change the file ownership group
id[user], group [user] Display the group that the user belongs to. If you don’t add it, you will see yourself

umask command:
Used to determine the default mode for creating files. You can write your own .profile or .bash_profile
umask is to remove the permissions from the permissions. When calculating, the directory is calculated with 777, and the file is calculated with 666, that is, after
umask 002, the directory permissions are rwxrwxr-x(775), file permissions are rw-rw-r--(664)

Symbolic link-soft link:
Command format: ln [-s] source_path target_path can be a directory or Once the file
link is successfully created, the linked directory will have 777 permissions, but the permissions of the actual directory have not changed

This article is published by www.internetweblist.com and does not represent the position of www.internetweblist.com/:http://www.internetweblist.com/Operating_system/31334.html

Contact Us

Online consultation:click here to give a message