The “#” in the following information indicates that the operation is performed as the root user
-
Linux permission operations are sibling operations with users and user groups. \
The article directories
- I. Overview of authority
-
- 1. Introduction of permissions
- 2. Identity introduction
- 3. Introduction of Linux permissions
- 2. Permission setting
-
- 1, letter form
- 2. Numerical form
- 3. Precautions
- 3. Setting owner and owner group
-
- 1. Chown (emphasis)
- 2. CHGRP (Understand)
- 4. Expansion (1)
I. Overview of authority
- Summary: Linux systems generally classify file savable/accessible identities into three categories:
Owner, Group, and Others
, and each of the three identitiesRead, write, execute
Such as permissions.
1. Introduction of permissions
- What are permissions? In the management of multi-user computer systems, permissions mean that a particular user has the right to use certain system resources, such as folders, the use of certain system instructions, or storage limits.
- Linux has read, write, and execute permissions respectively:
- Permissions: For folders, read permissions affect whether users can list directory structures. For files, read permissions affect whether users can view file contents
- Write permission: For folders, the write permission affects whether users can create/delete/copy to/move documents in folders. For files, the write permission affects whether users can edit files
- Execution permissions: generally for files, especially script files.
2. Identity introduction
Owner
Identity (file owner, default to document creator)
Because Linux is a multi-user, multi-task operating system, it is often possible for several people to work on a host at the same time, but each person can set the permissions on the file on the host to make it a personal “private file,” or personal owner. Because the appropriate file permissions are set, users other than myself (the file owner) cannot view the contents of the file.- Let’s say someone sends you an Email love letter and you file it in your home folder. To prevent others from seeing your love letter, you can use the owner’s identity to set the file’s proper permissions, so that even if your rival wants to read your love letter, he or she cannot.
Group
Identity (the user in the same group as the file owner)
The most useful feature of grouping with file owners is thisWhen multiple teams develop resources on the same host. For example, there are two groups A and B on the host. In A, there are three members A1, A2 and A3, and in B, there are two members B1 and B2. The two groups need to complete A report F together. With proper permissions set, members of community A and B can modify each other’s data, but members of community C cannot modify the content of COMMUNITY F, or even have the permission to view it. Members of a group can also set up their own private files so that no other members of the group can read the file data.In Linux, each account supports multiple user groups. For example, users A1 and B1 can belong to user group A or user group B (primary group and additional group).Others
Identity (other person, relative to owner)
This is a relative concept. For example, Three brothers, Daming, Er Ming and Xiao Ming, live in the same room. The name on the property certificate is Daming (owner
Owner), then, The Daming family is a user group, this group has daming, er Ming, xiao Ming three members; There’s another guy named Joe, nothing to do with the other three, so this Joe is somebody else.
Meanwhile, Daming, Erming and Xiaoming have their own rooms. Although they can enter and leave their rooms freely, Xiaoming cannot let Daming see his love letters, diaries, etc., which is the meaning of file owner (user).Root
User (superuser)
In Linux, there is another god-like user, root, who manages ordinary users because it has the most privileges of all.
3. Introduction of Linux permissions
- To set permissions, you need to know some basic file properties and permissions assignment rules. In Linux,
ls
The command is used to display the file name and related properties.
Ls-l = ls-lCopy the code
- The part highlighted in red is the document permission attribute information for Linux.
- In LinuxUser, user group, and other concepts, each of them has different permissions. For a document, its permissions are assigned as follows:
Ten characters indicate meaning: - The first
1
Bit: indicates the document type. The common value is”D for folder
“,”- Indicates a file
“,”L indicates soft connection
“,”S stands for socket
“And so on; - The first
2-4
Bit: indicates the permissions of the document owner, the first2
Bit indicates the read permission. The value isR, -
; The first3
Bit indicates write permission,w
Means writable,-
It means not writable, number one4
Bit indicates the execution permission. The value can beX, -
. - The first
5 to 7
Bit: indicates the permissions of users in the same group as the owner, the first5
Bit indicates the read permission. The value isR, -
; The first6
Bit indicates write permission,w
Means writable,-
It means not writable, number one7
Bit indicates the execution permission. The value can beX, -
. - The first
8-10
Bit: indicates the prefix except above2
Part of the user other than the permission of other users, no8
Bit indicates the read permission. The value isR, -
; The first9
Bit indicates write permission,w
Means writable,-
It means not writable, number one10
Bit indicates the execution permission. The value can beX, -
.
- Permission assignment, both yes
rwx
Is a combination of three parameters, and the position order does not change. If no corresponding permission is available, use – instead. - For example: What are the following document permissions?
- A. It is the folder type
- B. Owner: Has all permissions (read/write execution)
- C. Group user: Readable and executable
- D. Other users: Readable and executable
2. Permission setting
- Grammar:
# chmod option permission mode document
- Common options:
-R
Recursively set permissions (when document type is folder)
Permission mode: specifies the permission information to be set in this document
Document: can be a file, folder, relative path or absolute path. - Pay attention to the point: If you want to set permissions on a document, the operator is either
root
The user, or the owner of the document.
1, letter form
- For whom to set:
u
: Indicates the ownerowner
(user
)
g
: sets the user group to the owner (group
)
o
Said:others
To set permissions for other users
a
Said:all
, to all (includingugo
Set permissions - If the permission is not specified for any user, the permission is set for all users by default
- Permission character:
r
Read:
w
Write:
x
: Execution
-
: indicates no permission - Permission assignment mode:
+
: Indicates that a user is assigned new rights (relative to the current user).
-
: Indicates the permission to delete a user (relative to the current user).
=
: sets permissions to specific values (result-oriented) - Need to give
anaconda-ks.cfg
File (-rw-------
.). Set permissions to ensure that the owner has all permissions, users in the same group have read and execute permissions, and other users have read-only permissions. - The answer:
①# chmod u+x,g+rx,o+r anaconda-ks.cfg
- 2.
# chmod u=rwx,g=rx,o=r anaconda-ks.cfg
- Tip: When a document has execution permission (any part), its color is green on the terminal.
# chmod ug= RWXCopy the code
- For example: If
anaconda-ks.cfg
The file has no permissions. Can you use itroot
If the user sets the execution permission for all users, it can be written as
①# chmod +x anaconda-ks.cfg
②# chmod a=x anaconda-ks.cfg
③# chmod a+x anaconda-ks.cfg
2. Numerical form
- You’ll often see technical web pages like this
# chmod 777 a.txt
Such a permission, in this form, is called digital permission (777
). - Read:
r 4
- Write:
w 2
- Perform:
x 1
- No permissions:
0
- Need to give
anaconda-ks.cfg
Set permissions. Permissions require that the owner has all permissions, the same group of users have read and execute permissions, and other users are read-only. - Full Permissions (
u
) :Read + Write + Execute =4+2+1=7
- Read and execute (
g
) :Read + execute =4+1=5
- Read permissions,
o
) :Read = 4
- According to the above, the permission is:
754
# chmod 754 anaconda-ks.cfg
Copy the code
- The interview questionsThe command to set the document permissions with the super administrator is
# chmod -R 731 aaa
Is there anything unreasonable about this command?
Owner:7=4+2+1= Read + write + Execute
Group User:3=2+1= write + execute
Other Users:1 = = 1
- Note: When writing permissions, do not set such “weird permissions” as above. If there are 2 and 3 digits in a permission number, the permission is not reasonable.
3. Precautions
- use
root
The user creates a folder (/oo
), permissions Default, permissions are as follows:
- Need to be in
oo
Create files under directory (oo/xx.txt
), need to give777
Jurisdiction:
- Switch to the
test
The user (not the document owner, not the same group of users, belongs toother
Part) : - Problem 1: Whether the test user can open the file
oo/xx.txt
File? [Can open] - Question 2: Can the test user edit the file
oo/xx.txt
File? 【 can 】 - Problem 3: Can the test user be deleted
oo/xx.txt
File? No, creating files/folders, moving files, and renaming files are also not allowed.
- If you want to delete a file in Linux, you need to check whether the file has the write permission, not whether the file has the corresponding permission.
3. Setting owner and owner group
- Owner: Owning user (file owner)
- Owner Group: Indicates the owning user group
- The previous root is the owner
- The root in the back is the genus group
These two pieces of information are created with the creator’s information (the user name, the name of the primary group to which the user belongs).
If a user is sometimes deleted, the owner and owner group information of the document corresponding to the user needs to be modified.
1. Chown (emphasis)
- Effect: Changes the owner of a document
- Grammar:
# chown -r username Specifies the file path
- Case: will just now
root
user-createdoo
Directory, owner changed totest
# chown test oo/
Copy the code
2. CHGRP (Understand)
- Effect: Changes the user group to which a document belongs
- Grammar:
# CHGRP -r groupname File path
- Case: will just now
root
user-createdoo
Directory, owner changed totest
And change the owning user group totest
# chgrp test oo/
Copy the code
- How can you change both the user and the user group with a single command?
- Answer: can achieve, through
chown
The command
Grammar:# chown -r username:groupname File path
- Case: Request only
chown
Instruction,oo
The owning user and user group of the directory are changed back toroot
And contains subdirectories
4. Expansion (1)
- Question:
reboot
,shutdown
,init
,halt
,user
Management, in the ordinary user identity is not able to operate, but some special circumstances and need to have execution permission. It is impossible for root to tell its password to ordinary users. How to solve this problem? - The problem is solvable and can be used
Sudo (switch user do)
Command to set permissions.sudo
You can have the administrator (root
Define in advance who can execute certain special commands. - The default
sudo
Phi is not divided by phiroot
Rules for other users, if you want to use them, configure them firstsudo
. sudo
Configuration file:/etc/sudoers
- A. configure
sudo
Please use the# visudo"
And how to use it after openingvim
consistent - B. Configure the rights of common users
root
Indicates the user name. In the case of a user group, it can be written as% group name
“ALL
: indicates the allowed host (address whitelist).(ALL)
: indicates who executes the command. ALL indicatesroot
identityALL
: indicates the commands that can be executed by the current user..
“Segmentation- Case: Itself
test
User cannot add a usersudo
Configuration so that users can be added and passwords can be changed (but notroot
User password). - Note: in writing
sudo
When writing rules, it is not recommended to write direct commands, but to write the full path of the command. - Paths can be used
which
Command to view - Grammar:
# which directive name
- After adding the corresponding rules, you can switch users to ordinary users
test
, and then execute:
- To use the previous rule, run the following command:
# sudo command to executeCopy the code
- After entering the sudo command, enter the current user password for confirmation (not root password), which is not required for the sudo command to be executed again within 5 minutes.
Pay special attention to
: In accordance with the requirements of the case, it is not allowedtest
The user to changeroot
Password, so the rule needs to be adjusted, otherwise it can change the root password:- From modification
root
Configuration of passwords (first allow all, then denyroot
Password setting) :
/usr/bin/passwd [A-Za-z]*, ! /usr/bin/passwd root
- Addendum: How do I check what special permissions I have under ordinary users?
# sudo -l
Copy the code
- Pay attention to:
sudo
Not common to any Linux branch, commoncentos
withubuntu
There aresudo
Command.