Linux Account and Rights Management

Linux/Centos7 Account and Rights Management Manage user accounts, group accounts Query account information Set permissions for files and directories ...
1. Preamble overview
As a multi-user, Multi-tasks server operating system, Linux provides a strict rights management mechanism, which mainly restricts resources from two aspects: user identity and file permissions.Linux controls access to resources based on user identity.
2. User Account Documents
2. Managing user accounts
3. Management Group Accounts
4. Permissions and Attribution of Files/Directories
1. Access rights
2. Ownership (Ownership)
3. Introduce permissions with examples
4. Set permissions for files and directories chmod command (-R recursion)
Linux/Centos7 Account and Rights Management
  1. Manage user accounts, group accounts
  2. Query account information
  3. Set permissions for files and directories
  4. Set file and directory attribution

1. Preamble overview

As a multi-user, Multi-tasks server operating system, Linux provides a strict rights management mechanism, which mainly restricts resources from two aspects: user identity and file permissions.Linux controls access to resources based on user identity.

  • User Account Category:
  1. Super user - root, highest privilege
  2. Ordinary user - Custom user anonymous user (nobody) is similar to Guest in Windows
  3. Program Users - Control programs and services, unable to log on
  • Group Account - A collection of users (which can actually be thought of as a collection of user privileges)
  1. Basic Groups (Private Groups) - Groups that are created with the same name (or can be set up by yourself) as users but must be created when a user is created
  2. Additional Groups (Public Groups) - Create empty groups directly to add existing users and set permissions for groups that all users in the group have
  • UID and GID
  1. UID (User IDentity) - User ID number (0 means root 1-999 by default) Program user 1000-60000 means normal user)
  2. GID (Group IDentity) - Group Identification Number

2. User Account Documents

/etc/passwd - Save basic information such as user name, host directory, login shell, etc.

[root@lokott ~]# head -2 /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin

Root:x:0:0:root:/root:/bin/bash -- Explanation separated by colons

  1. root - User account name
  2. x -- Password encrypted using an encryption algorithm, which will not be shown here
  3. 0 - User UID number
  4. 0 - UID of the basic group account to which you belong
  5. root - Full user name, user details can be filled in
  6. /root - Host Directory
  7. /bin/bash - Login Shell for the specified user

/etc/shadow - Save user's password, valid account, etc.

[root@lokott ~]# Head-2/etc/shadow //View the first two lines of information root:$6$P0mVYDgJo8HZnZWl$oYlITJyv.hP.6wS/OCuAdc61QoWTkYJMcONdy9aAjRW4Cpmc5Mor40xn/RiZ9Hi1PzhVoX5Chur4VfFB8JmKO1::0:99999:7::: bin:*:17110:0:99999:7::: [root@lokott ~]#

Root: $6$P0mVYDgJo8HZnZWl$oYlITJyv.hP.6wS/OCuAdc61QoWTkYJMcONdy9ajRW4Cpmc5Mor40xn/RiZ9Hi1PzhVoX5Chur4VfFB8JmKO1::0:999:7::- Separated by colons, explained one by one below

  1. root - User account name

  2. Bold part - denotes the password encrypted by the encryption algorithm, which is invalid for login input

  3. :- The content between them is the last modified time

  4. 0 - Minimum number of days a password is valid (0 means it can be changed at any time)

  5. 99999 - Maximum valid days for passwords

  6. 7 - Remind users 7 days in advance that their password will expire

    :: - Represents the handling of operations after passwords and accounts expire (basically ignored)

2. Managing user accounts

1. Add a user account - useradd command

option

  1. -u - UID number of the specified user, which is not used by other users
  2. -d -- Host directory location for the specified user (not valid with -M!)
  3. -e - Account expiration time (expiration time)
  4. -g - Basic Group
  5. -G - Additional Group
  6. -M - No Starters Directory
  7. -s - Login shell for the specified user

Example: useradd-d/opt/mike (-g mike) -G caiwu-s/sbin/nologin Mike

[root@lokott ~]# Useradd-d/opt/mike-G caiwu-s/sbin/nolgin Mike //Note that Caiwu group needs to precede - groupadd caiwu [root@lokott ~]# Tail-2/etc/passwd //View the last two lines of the passwd file lokott:x:1000:1000:lokott:/home/lokott:/bin/bash mike:x:1001:1001::/opt/mike:/sbin/nolgin [root@lokott ~]# tail -2 /etc/group caiwu:x:1002:mike mike:x:1001: [root@lokott ~]# tail -2 /etc/shadow lokott:$6$aq3AU9oDZf/ERE2D$Ol.zBTLNqbsPDdsJYE0yU3Wa7EUU1SonR3rUQ616PsgA2u.DtQ99ecTUbdw2y2RhmlaL75WlcqMsfEUNretgb0:18192:0:99999:7::: mike:!!:18200:0:99999:7::: [root@lokott ~]# id mike //View mike's id information uid=1001(mike) gid=1001(mike) group=1001(mike),1002(caiwu) [root@lokott ~]# Ls/home/ //Because -d specifies the user's host directory, the home directory is created in the specified / opt/mike directory demo lokott [root@lokott ~]# ls /opt/ demo01.txt mike rh test [root@lokott ~]#

2. Set/change user password (password) passwd

passwd Options.... User Name

  1. -d Clear password
  2. -l lock
  3. -S Check to see if it is locked or unlocked (uppercase!!!)
  4. -u unlock
[root@lokott ~]# useradd -d /opt/lisi -s /sbin/nologin lisi [root@lokott ~]# tail -2 /etc/passwd lokott:x:1000:1000:lokott:/home/lokott:/bin/bash lisi:x:1001:1001::/opt/lisi:/sbin/nologin//here/sbin/nologin means that the user cannot log on [root@lokott ~]# passwd lisi Change user lisi's password. New password: //Requires you to enter a password Invalid password: Password is less than 8 characters//Because you entered a simple password, you can continue to enter it once, although complex passwords are OK Re-enter the new password: passwd: All authentication tokens have been successfully updated. [root@lokott ~]# su - lisi Last failed login: October 31, 18:49:45 CST 2019 from:1:1 The most successful login was followed by a failed login attempt. This account is currently not available. //Unable to log on because the logged on shell is/sbin/nologin [root@lokott ~]# pwd /root [root@lokott ~]# vim/etc/passwd //enter the passwd file to change the user's/sbin/nologin to/bin/bash [root@lokott ~]# Su - Lisi //root switch user without entering password Last logon: on October 31, 18:52:42 CST 2019pts/2 [lisi@lokott ~]$PWD //Log in to Lisi user /opt/lisi [lisi@lokott ~]$Su //equivalent to su - root The results below show that the average user needs a password to switch roots, and the password entered will not be displayed Password: [root@lokott lisi]# pwd /opt/lisi [root@lokott lisi]# cd [root@lokott ~]# pwd //Indicates switching to root user /root [root@lokott ~]#passwd-l Lisi //Lock lisi's password Lock the password of user lisi. passwd: Operation successful [root@lokott ~]# passwd-S lisi //View the password status of the lisi user Lisi LK 2019-10-31 0 99999 7-1 (password locked).) [root@lokott ~]# su - lisi Last logon: on April 31, 19:01:10 CST 2019pts/2 [lisi@lokott ~]$PWD //You can see that although locked, root can switch logins without a password /opt/lisi [lisi@lokott ~]$ [root@lokott ~]# passwd -u lisi Unlock user lisi's password. passwd: Operation successful [root@lokott ~]# passwd -S lisi Lisi PS 2019-10-31 0 99999 7-1 (Password set, using SHA512 algorithm).)

This example can be summarized as follows:

  1. Where/sbin/nologin users cannot log on directly and be switched
  2. The user is locked after passwd-l Lisi is executed, and logon is not possible in the GUI, but logon can be switched from root (and no password is required for root switching)

3. Modify user account properties usermod

  1. -u Modify the user's UID number
  2. -d Modify the user's host directory location
  3. -e Modify user account expiration time
  4. -s Logon shell for specified user
  5. -l Change user login account name
  6. -L Lock - -- equivalent to passwd -l
  7. -U unlock - -- equivalent to passwd-u

One-four, similar to useradd, demonstrates the following-l operation

[root@lokott ~]# usermod -l zhangsan lisi usermod: user lisi is currently used by process 71736 [root@lokott ~]# ps -ef | grep lisi root 71735 71117 0 19:01 pts/2 00:00:00 su - lisi lisi 71736 71735 0 19:01 pts/2 00:00:00 -bash root 72433 71829 0 19:11 pts/2 00:00:00 su - lisi lisi 72435 72433 0 19:11 pts/2 00:00:00 -bash root 73325 72935 0 19:24 pts/2 00:00:00 grep --color=auto lisi [root@lokott ~]# kill 71735 // can also be restarted, automatically ending the process [root@lokott ~]# Session terminated, killing shell... ...Killed. [root@lokott ~]# exit [root@lokott ~]# usermod -l zhangsan lisi [root@lokott ~]# tail -2 /etc/passwd mike:x:1001:1001::/opt/mike:/sbin/nolgin zhangsan:x:1002:1003::/opt/lisi:/bin/bash //Just changed the lisi user name but the name of the home directory is lisi [root@lokott ~]#ls /opt demo01.txt lisi mike rh test [root@lokott ~]#

4. Delete user account userdel

-r Host directory deleted together, the following illustration follows above

[root@lokott ~]# Tail-2/etc/passwd //Show two users mike:x:1001:1001::/opt/mike:/sbin/nolgin zhangsan:x:1002:1003::/opt/lisi:/bin/bash [root@lokott ~]# Userdel-r mike //Delete mike users and copy home [root@lokott ~]# tail -3 /etc/passwd tcpdump:x:72:72::/:/sbin/nologin lokott:x:1000:1000:lokott:/home/lokott:/bin/bash zhangsan:x:1002:1003::/opt/lisi:/bin/bash [root@lokott ~]# Ls-l/opt/mike //Indicates that the role of -r deletes the specified home directory ls: cannot access/opt/mike: No file or directory [root@lokott ~]# Ls/opt //There is currently a lisi home directory under / opt (name changed to zhangsan above) demo01.txt lisi rh test [root@lokott ~]# Userdel-r zhangsan //Delete the zhangsan user and also delete the lisi directory [root@lokott ~]# tail -3 /etc/passwd postfix:x:89:89::/var/spool/postfix:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin lokott:x:1000:1000:lokott:/home/lokott:/bin/bash [root@lokott ~]# Ls-l/opt //The home directory will not be deleted without -r because the zhangsan user is deleted and -r deletes the home directory //Total dosage 0 -rw-r--r--. 1 root root 0 10 Month 31 16:19 demo01.txt drwxr-xr-x. 2 root root 6 3 February 26, 2015 rh drwx-wx-wx. 2 root root 32 10 Month 31 18:33 test [root@lokott ~]# useradd wang //Create a new user [root@lokott ~]# Usermod-l sung Wang //Change user name [root@lokott ~]# Tail-2/etc/passwd //View passwd information lokott:x:1000:1000:lokott:/home/lokott:/bin/bash sung:x:1001:1003::/home/wang:/bin/bash [root@lokott ~]# userdel sung //Delete sung user but do not delete wang [root@lokott ~]# ls /home/ demo lokott wang

5. Initial profile of user account

File Source - New user account is copied from / etc/skel directory (cd to home directory with ls-a)

  1. ~/.bash_profile indicates that it is loaded after entering Bash
  2. ~/.bashrc user loaded at logon
  3. ~/.bash_logout is executed at logoff

3. Management Group Accounts

Group Account File - Similar to User Account File

  1. /etc/group: Save basic group account information
  2. /etc/shadow: Save password information for group accounts (typically not set)

1. Add group account groupadd command

groupadd option group name

-g - Specify GID

[root@lokott ~]# groupadd lisi //add lisi group [root@lokott ~]# Tail/etc/group//view group information postdrop:x:90: postfix:x:89: stapusr:x:156: stapsys:x:157: stapdev:x:158: tcpdump:x:72: lokott:x:1000: printadmin:x:985: caiwu:x:1002: lisi:x:1003: [root@lokott ~]# Groupadd-g 1005 wangwu //add wangwu group and configure it with GID 1005 [root@lokott ~]# tail -2 /etc/group lisi:x:1003: wangwu:x:1005: [root@lokott ~]#

2. Add and remove group members

Add - gpasswd
  1. -a Adding a user a to the group will not overwrite
  2. -d Remove a user from the group
  3. -M comma separated list of group members, overwriting group members, kicking out
[root@lokott ~]# Tail-2/etc/group//View group information lisi:x:1003: wangwu:x:1005: [root@lokott ~]# Tail-2/etc/passwd //View user information tcpdump:x:72:72::/:/sbin/nologin lokott:x:1000:1000:lokott:/home/lokott:/bin/bash [root@lokott ~]# useradd lisi //Add lisi user will fail because the lisi group already exists shown above useradd: lisi Group already exists - If you want to join this user to the group, use -g Parameters. [root@lokott ~]# Useradd-g lisi Lisi //Add lisi user to lisi group [root@lokott ~]# useradd zhangsan //Add another zhangsan user [root@lokott ~]# Tail-2/etc/passwd //View user information lisi:x:1001:1003::/home/lisi:/bin/bash zhangsan:x:1002:1006::/home/zhangsan:/bin/bash [root@lokott ~]# Gpasswd-a lisi wangwu //add lisi to wangwu group (first wangwu group) //Adding user "lisi" to the "wangwu" group [root@lokott ~]# id lisi //View lisi's UID uid=1001(lisi) gid=1003(lisi) group=1003(lisi),1005(wangwu) [root@lokott ~]# Gpasswd-d lisi wangwu //Remove lisi from wangwu group //Removing user'lisi'from'wangwu' group [root@lokott ~]# id lisi //View lisi UID, no longer belongs to wnagwu group uid=1001(lisi) gid=1003(lisi) group=1003(lisi) [root@lokott ~]# Tail-5/etc/passwd //Show user information postfix:x:89:89::/var/spool/postfix:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin lokott:x:1000:1000:lokott:/home/lokott:/bin/bash lisi:x:1001:1003::/home/lisi:/bin/bash zhangsan:x:1002:1006::/home/zhangsan:/bin/bash [root@lokott ~]# Tail-5/etc/group//Show group information printadmin:x:985: caiwu:x:1002: lisi:x:1003: wangwu:x:1005: zhangsan:x:1006: [root@lokott ~]# Gpasswd-M lisi, Zhangsan wangwu //Add two users in bulk to the wangwu group [root@lokott ~]# tail -5 /etc/group printadmin:x:985: caiwu:x:1002: lisi:x:1003: wangwu:x:1005:lisi,zhangsan //View Information zhangsan:x:1006: [root@lokott ~]# useradd hh //Add two new users to verify -M coverage [root@lokott ~]# useradd ww [root@lokott ~]# gpasswd -M hh,ww wangwu [root@lokott ~]# tail -5 /etc/group lisi:x:1003: wangwu:x:1005:hh,ww //Both lisi and zhangsan were kicked out zhangsan:x:1006: hh:x:1007: ww:x:1004:
Delete - groupdel group account

Be careful!!!Groupdel commands cannot be used to delete groups at will.This command only applies to deleting groups that are not "any user's initial group (primary group)". In other words, if there is a group or a user's initial group (primary group), the groupdel command cannot be used to delete successfully.For example:

[root@lokott ~]# tail -10 /etc/group stapdev:x:158: tcpdump:x:72: lokott:x:1000: printadmin:x:985: caiwu:x:1002: lisi:x:1003: wangwu:x:1005:hh,ww zhangsan:x:1006: hh:x:1007: ww:x:1004: [root@lokott ~]# groupdel caiwu [root@lokott ~]# groupdel lisi groupdel: User cannot be removed. lisi"Master Group [root@lokott ~]# groupdel wangwu [root@lokott ~]# groupdel zhangsan groupdel: User cannot be removed. zhangsan"Master Group [root@lokott ~]# groupdel hh groupdel: User cannot be removed. hh"Master Group [root@lokott ~]# groupdel ww groupdel: User cannot be removed. ww"Master Group [root@lokott ~]#

If you really want to delete, you can delete the initial member who created the group before deleting it

[root@lokott note]# tail -1 /etc/passwd ww:x:10000:10000::/home/ww:/bin/bash [root@lokott note]# groupdel ww groupdel: User cannot be removed. ww"Master Group [root@lokott note]# userdel ww [root@lokott note]# tail -1 /etc/group zhangsan:x:1006: [root@lokott note]#
The last command is used to view information about the most recent login
[root@lokott ~]# lastb lisi :1 :1 Thu Oct 31 18:49 - 18:49 (00:00) root pts/1 Thu Oct 31 17:07 - 17:07 (00:00) root :0 :0 Thu Oct 24 14:43 - 14:43 (00:00) root :0 :0 Thu Oct 24 14:43 - 14:43 (00:00) root :0 :0 Thu Oct 24 14:43 - 14:43 (00:00) btmp begins Thu Oct 24 14:43:01 2019 [root@lokott ~]#

4. Permissions and Attribution of Files/Directories

1. Access rights

Read r: Allows viewing of file contents, showing directory listings

Write w: Allow modification of file contents, allow creation, movement, deletion of files or subdirectories in the directory

Executable x: Allow programs to run, switch directories

2. Ownership (Ownership)

Owner: User account for the file or directory

Subgroup: Group account used for the file or directory

3. Introduce permissions with examples

[root@lokott ~]# ls -l //Total usage 8 -rw-------. 1 root root 1785 10 23/12:21 anaconda-ks.cfg -rw-r--r--. 1 root root 1833 10 23/12:24 initial-setup-ks.cfg drwxr-xr-x. 4 root root 73 10 Month 30 22:03 note //Take this as an example

The following explains drwxr-xr-x.4 root 73 October 30 22:03 note

  1. D - File type (d for directory, l for linked file, c for character device (I/O) file, b for block device (storage) file - normal file)
  2. rwx, r-x, R-X represent ownership (read, write, executable here), group (read, executable here), and other (read, executable here)
  3. 4 - Number of subdirectories
  4. First root - owner
    5. Second root - genus group
  5. 73 - Size
  6. October 30 22:03 - Creation Time
  7. note - Directory name (file)

4. Set permissions for files and directories chmod command (-R recursion)

  1. chmod [ugoa][+-=][rwx]
  2. chmod nnn file or directory (preferred)
//The following are permission operations on files [root@lokott note]# touch 2.sh [root@lokott note]# Ls-l 2.sh //2.sh permission is 644 -rw-r--r--. 1 root root 0 10 Month 31 21:41 2.sh [root@lokott note]# chmod u+x 2.sh [root@lokott note]# ls -l 2.sh -rwxr--r--. 1 root root 0 10 Month 31 21:41 2.sh [root@lokott note]# chmod ugo+w 2.sh [root@lokott note]# ls -l 2.sh -rwxrw-rw-. 1 root root 0 10 Month 31 21:41 2.sh [root@lokott note]# chmod 655 2.sh [root@lokott note]# ls -l 2.sh -rw-r-xr-x. 1 root root 0 10 Month 31 21:41 2.sh //Here are the permission operations for the directory [root@lokott note]# L l //l L is an alias for ls-l --color //Total usage 8 -rwxrwxrwx. 1 root root 0 10 Month 31 21:40 1.txt -rw-r-xr-x. 1 root root 0 10 Month 31 21:41 2.sh -rwxrwxrwx. 1 root root 286 10 Month 30 22:03 ifcfg-ens33 drwxrwxrwx. 2 root root 26 10 23/13:20 linux-cmd -rwxr-xr-x. 1 root root 30 10 Month 30 22:02 readme.txt drwxrwxrwx. 2 root root 173 10 Month 30 21:56 shell drwxr-xr-x. 2 root root 6 10 Month 31 21:38 test [root@lokott note]# which ll alias ll='ls -l --color=auto' /usr/bin/ls [root@lokott note]# Chmod 777 test/Change permissions to 777 [root@lokott note]# ll //Total usage 8 -rwxrwxrwx. 1 root root 0 10 Month 31 21:40 1.txt -rw-r-xr-x. 1 root root 0 10 Month 31 21:41 2.sh -rwxrwxrwx. 1 root root 286 10 Month 30 22:03 ifcfg-ens33 drwxrwxrwx. 2 root root 26 10 23/13:20 linux-cmd -rwxr-xr-x. 1 root root 30 10 Month 30 22:02 readme.txt drwxrwxrwx. 2 root root 173 10 Month 30 21:56 shell drwxrwxrwx. 2 root root 6 10 Month 31 21:38 test [root@lokott note]# touch test/1.sh [root@lokott note]# ls -l test/1.sh -rw-r--r--. 1 root root 0 10 Month 31 21:50 test/1.sh //A directory's permissions are independent of its subdirectories and file permissions unless recursively -R [root@lokott note]# Chmod 777-R test/ //Recursive change permissions means that all file permissions for test and its subdirectories are 777 [root@lokott note]# ls -l test/1.sh -rwxrwxrwx. 1 root root 0 10 Month 31 21:50 test/1.sh

If you give subordinate groups and other users write access only (622), you can force a write, but it will overwrite the original content!

[root@lokott test]# Absolute path to pwd //current directory /opt/test [root@lokott test]# ll //Show Details //Total usage 8 -rw-r--r--. 1 root root 13 10 Month 31 16:33 1.txt //All user privileges except root are read-only -rw--w--w-. 1 root root 18 10 Month 31 18:33 2.txt //Write-only permissions for all users except root [root@lokott test]# cat 1.txt tehsda hello [root@lokott test]# cat 2.txt //The original 2.txt here is as follows 231354 2222244878 [root@lokott lisi]# su - lisi //Switch to lisi user //Last logon: on April 31, 22:36:45 CST 2019pts/1 [lisi@lokott ~]$ cd /opt/test/ [lisi@lokott test]$ ll //No ls permission ls: Unable to open directory.: insufficient privilege [lisi@lokott test]$ cat 1.txt //Indicates that you can view 1.txt content tehsda hello [lisi@lokott test]$ vim 1.txt //Attempt to write data [lisi@lokott test]$ cat 1.txt //Can wq!Force save to exit, the result is writable tehsda hello dada asdaadas [lisi@lokott test]$ cat 2.txt cat: 2.txt: insufficient privilege [lisi@lokott test]$ vim 2.txt [lisi@lokott test]$ cat 2.txt //It seems that you can view it after forcing data to be written, because the owner is lisi, but if the //owner is root, the user cannot view it when the Lisi user logs in ssdad dsawdad [lisi@lokott test]$ ls -l 2.txt -rw--w--w-. 1 lisi lisi 14 10 Month 31 22:45 2.txt //Write data to text using echo command redirection and append [lisi@lokott test]$ echo "123123" > 2.txt [lisi@lokott test]$ cat 2.txt 123123 [lisi@lokott test]$ echo "123456" >> 2.txt [lisi@lokott test]$ cat 2.txt 123123 123456 [lisi@lokott test]$ su //Password: [root@lokott test]# ls -l //Total usage 8 -rw-r--r--. 1 lisi lisi 27 10 Month 31 22:43 1.txt -rw--w--w-. 1 lisi lisi 14 10 Month 31 22:47 2.txt [root@lokott test]# cat 2.txt 123123 123456 [root@lokott test]#

5. Set the attribution of files and directories

  1. chown owner
  2. chown: genus group
  3. chown owner: genus group
[root@lokott opt]# ls -l //Total dosage 0 -rw-r--r--. 1 root root 0 10 Month 31 16:19 demo01.txt drwxr-xr-x. 2 root root 6 3 February 26, 2015 rh drwx-wx-wx. 2 root root 32 10 Month 31 22:45 test [root@lokott opt]# chown lisi test [root@lokott opt]# ls -l //Total dosage 0 -rw-r--r--. 1 root root 0 10 Month 31 16:19 demo01.txt drwxr-xr-x. 2 root root 6 3 February 26, 2015 rh drwx-wx-wx. 2 lisi root 32 10 Month 31 22:45 test //The test directory's ownership is changed to lisi without changing its group [root@lokott opt]# chown root:lisi test [root@lokott opt]# ls -l //Total dosage 0 -rw-r--r--. 1 root root 0 10 Month 31 16:19 demo01.txt drwxr-xr-x. 2 root root 6 3 February 26, 2015 rh drwx-wx-wx. 2 root lisi 32 10 Month 31 22:45 test //The test directory's own owner becomes root and its own group becomes lisi [root@lokott opt]# chown :root test [root@lokott opt]# ls -l //Total dosage 0 -rw-r--r--. 1 root root 0 10 Month 31 16:19 demo01.txt drwxr-xr-x. 2 root root 6 3 February 26, 2015 rh drwx-wx-wx. 2 root root 32 10 Month 31 22:45 test //The test directory's own group becomes root

6. Permission mask umask

Role: Control permissions for newly created files or directories - note that only new ones are valid

Default permissions Remove umask permissions to

[root@lokott opt]# mkdir umasktest [root@lokott opt]# umask 000 umasktest/ [root@lokott opt]# ll //Total dosage 0 -rw-r--r--. 1 root root 0 10 Month 31 16:19 demo01.txt drwxr-xr-x. 2 root root 6 3 February 26, 2015 rh drwx-wx-wx. 2 root lisi 32 10 Month 31 22:45 test drwxrwxrwx. 2 root root 6 10 Month 31 23:26 umasktest [root@lokott opt]# cd umasktest/ [root@lokott umasktest]# mkdir 2019 [root@lokott umasktest]# touch 1.txt [root@lokott umasktest]# ll //Total dosage 0 -rw-rw-rw-. 1 root root 0 10 Month 31 23:26 1.txt //File permissions are 666 drwxrwxrwx. 2 root root 6 10 Month 31 23:26 2019 //Directory permissions are 777 [root@lokott umasktest]# cd .. [root@lokott opt]# The umask 111 umasktest/ //original 1.txt and 2019 permissions have not changed! [root@lokott opt]# cd umasktest/ [root@lokott umasktest]# mkdir 2018 [root@lokott umasktest]# touch 2.txt [root@lokott umasktest]# ll //Total dosage 0 -rw-rw-rw-. 1 root root 0 10 Month 31 23:26 1.txt drw-rw-rw-. 2 root root 6 10 Month 31 23:28 2018 //Directory permissions are 666 drwxrwxrwx. 2 root root 6 10 Month 31 23:26 2019 -rw-rw-rw-. 1 root root 0 10 Month 31 23:28 2.txt // 2.txt permission is 666 [root@lokott umasktest]# cd .. [root@lokott opt]# umask 666 umasktest/ [root@lokott opt]# cd umasktest/ [root@lokott umasktest]# mkdir 2017 [root@lokott umasktest]# touch 3.txt [root@lokott umasktest]# ll //Total dosage 0 -rw-rw-rw-. 1 root root 0 10 Month 31 23:26 1.txt d--x--x--x. 2 root root 6 10 Month 31 23:29 2017 //Directory permissions 111 drw-rw-rw-. 2 root root 6 10 Month 31 23:28 2018 drwxrwxrwx. 2 root root 6 10 Month 31 23:26 2019 -rw-rw-rw-. 1 root root 0 10 Month 31 23:28 2.txt ----------. 1 root root 0 10 Month 31 23:29 3.txt //File 3.txt permissions are all zero [root@lokott umasktest]# Umask //View umask values 0666

7 November 2019, 16:27 | Views: 2417

Add new comment

For adding a comment, please log in
or create account

0 comments