File and directory permissions chmod, change owner and group chown, umask, hidden permissions lsattr/chattr

chmod command Look at the file information and use the ls-l command. After execution, the results are as follows: [root@test-01 ~]# ls -l Total dosage...
chmod command
The chown command = change owner changes owner
umask command

chmod command

Look at the file information and use the ls-l command. After execution, the results are as follows:

[root@test-01 ~]# ls -l Total dosage 4 Drwxr-xr-x.2 root 6 December 19 08:17 4 - RW - ---. 1 root 973 December 1217:09 anaconda-ks. CFG

As shown above, the file type is represented by the first one, and the permissions of the file or directory are composed of the following nine permission bits: three groups, two to four bits for the owner of the file or directory, five to seven bits for the group to which the file belongs, and eight to ten bits for the owner and other users outside the group to which the file belongs. The order of permissions is whether they are readable, writable, and executable = rwx. For example, if no permissions are written, they are expressed as r-x. Where r = 4 w = 2 x = 1 R W x = 7, R W - = 6, - - x = 1, R W - R - - - R - = 644.

The chmod command = change mode changes the permissions of directories or files. The usage is as follows:

[root@test-01 tmp]# ls -la 1 Total dosage 4 Drwxr-xr-x.2 root 6 December 19 21:13. Drwxrwxrwt. 9 root 4096 December 21 15:38.. [root@test-01 tmp]# chmod 700 1 [root@test-01 tmp]# !ls ls -la 1 Total dosage 4 Drwx - --. 2 root 6 December 19 21:13. Drwxrwxrwt. 9 root 4096 December 21 15:38..

This changes the permissions of the directory tmp/1. drwxr-xr-x. The last "." in this string indicates that the directory or file is subject to SELinux.

Chmod-R command

When the chmod-R command changes the permissions of a directory, all subdirectories and subfiles in that directory will change their permissions. Cascade changes.

The chmod command has another format

chmod u=rwx,g=r,o=r filname. In this command, u denotes the owner, g denotes the group to which it belongs, and O denotes other users. chmod a-x filname, where a denotes all, means that for this file, the owner, the group to which it belongs, and other users do not have permission to execute; Chmod a+x_filname_means that for this file, the owner, the group to which it belongs, and other users have permission to execute.

The chown command = change owner changes owner

The format used is: chown_username_filname

[root@test-01 ~]# useradd lc1 [root@test-01 ~]# useradd lc2 [root@test-01 ~]# ls -l /tmp/yum.log -rw-------. 1 root root 0 12 Month 1217:07 /tmp/yum.log [root@test-01 ~]# chown lc1 /tmp/yum.log [root@test-01 ~]# !ls ls -l /tmp/yum.log -rw-------. 1 lc1 root 0 12 Month 1217:07 /tmp/yum.log [root@test-01 ~]#

chgrp command = change the group to which you belong

The command format is chgrp_ username_ filename_

[root@test-01 ~]# !ls ls -l /tmp/yum.log -rw-------. 1 lc1 root 0 12 Month 1217:07 /tmp/yum.log [root@test-01 ~]# chgrp lc1 /tmp/yum.log [root@test-01 ~]# !ls ls -l /tmp/yum.log -rw-------. 1 lc1 lc1 0 12 Month 1217:07 /tmp/yum.log [root@test-01 ~]#

** Using chown can also change the group to which the file belongs, in the format of: chown username:group filename. If username is omitted in this command, it means that only the group to which the file belongs is changed. *

Chown-R, like chmod-R, can change the ownership and subgroup of all subdirectory subfiles in a directory

chattr command modifies special properties of files

The format of chattr is chattr [+-=] parameter [file or directory] The parameters are as follows:

  • A: When this property is added, the atime representing a file or directory will not be modified
  • s: When this property is added, data is synchronously written to disk
  • a: After adding this attribute, it means that only additional content can be added, not deleted, and only the root user can set the attribute.
  • c: After adding this attribute, it means that the file is automatically compressed and decompressed when read.
  • i: When this property is added, it means that the file cannot be deleted, renamed, linked, written, and added data. The commonly used parameters are a and i
[root@test-01 ~]# chattr +a /tmp/1 [root@test-01 ~]# lsattr /tmp/1 [root@test-01 ~]# lsattr /tmp ---------------- /tmp/yum.log -----a-A-------- /tmp/1 [root@test-01 ~]# chattr -A /tmp/1 [root@test-01 ~]# lsattr /tmp/1 [root@test-01 ~]# lsattr /tmp ---------------- /tmp/yum.log -----a---------- /tmp/1 [root@test-01 ~]# mkdir /tmp/1/2 [root@test-01 ~]# rmdir /tmp/1/2 rmdir: delete "/tmp/1/2" fail: Operations not allowed [root@test-01 ~]#

When a file is assigned the attribute of a, it can only add content, not delete the contents of the file.

[root@test-01 ~]# vi /tmp/1/1.txt [root@test-01 ~]# chattr +a /tmp/1/1.txt [root@test-01 ~]# !head head -n 10 /etc/passwd >> /tmp/1/1.txt [root@test-01 ~]# vi /tmp/1/1.txt E325: ATTENTION Found a swap file by the name "/tmp/1/1_txt.swp" owned by: root dated: Sat Dec 23 03:30:18 2017 file name: /tmp/1/1.txt modified: no /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown ~ ~ ~ "/tmp/1/1.txt" "/tmp/1/1.txt" E212: Can't open file for writing Press ENTER or type command to continue [root@test-01 ~]# rm -f /tmp/1/1.txt rm: Cannot delete"/tmp/1/1.txt": Operations not allowed [root@test-01 ~]#

When a file is assigned i attribute, it cannot be deleted, renamed, written, and added data.

[root@test-01 ~]# head -n 10 /etc/passwd >> /tmp/1/1.txt -bash: /tmp/1/1.txt: insufficient privilege [root@test-01 ~]# vi /tmp/1/1.txt [root@test-01 ~]# mv /tmp/1/1.txt /tmp/1/2.txt mv: Unable to"/tmp/1/1.txt" Move to"/tmp/1/2.txt": Operations not allowed [root@test-01 ~]#

lsattr command

This command is used for special permissions to read files or directories in lsattr parameter files or directories

  • A: Similar to the ls-a option, listed with hidden files
  • R: Listed with subdirectory data
[root@localhost ~]# lsattr -R /tmp ---------------- /tmp/test_mv /tmp/test_mv: ---------------- /tmp/test_mv/3 /tmp/test_mv/3: ---------------- /tmp/test_mv/3/2 /tmp/test_mv/3/2: ---------------- /tmp/test_mv/3/2/2.txt ---------------- /tmp/test_mv/3/4 /tmp/test_mv/3/4: ---------------- /tmp/test_mv/3/4/2.txt ---------------- /tmp/test_mv/3/4/2 /tmp/test_mv/3/4/2: ---------------- /tmp/test_mv/3/4/2/2.txt

umask command

By default, the directory's permission value is 755 and the file's permission value is 644. These two values are interfered by umash. The umash's default value is 0022. The first 0 doesn't need to be looked at. When creating a directory, the default value is 777. Because of umash's interference, its default value will change to 755, that is, the default value minus the umash value. When creating an ordinary file, the default value is 666. Subtract umash to 644. The umask value can be changed, and the command is umask xxx.

[root@localhost ~]# touch /tmp/1.txt [root@localhost ~]# ls -ld /tmp/1.txt -rw-r--r--. 1 root root 0 6 Month 800:55 /tmp/1.txt [root@localhost ~]# mkdir /tmp/1 [root@localhost ~]# ls -ld /tmp/1 drwxr-xr-x. 2 root root 6 6 Month 800:56 /tmp/1 [root@localhost ~]# umask 002 [root@localhost ~]# touch /tmp/2.txt [root@localhost ~]# mkdir /tmp/2 [root@localhost ~]# ls -ld /tmp drwxrwxrwt. 9 root root 4096 6 Month 800:56 /tmp [root@localhost ~]# ls -ld /tmp/2 drwxrwxr-x. 2 root root 6 6 Month 800:56 /tmp/2 [root@localhost ~]# ls -ld /tmp/2.txt -rw-rw-r--. 1 root root 0 6 Month 800:56 /tmp/2.txt

20 December 2018, 15:48 | Views: 8096

Add new comment

For adding a comment, please log in
or create account

0 comments