Linux Account and Rights Management

Linux/Centos7 Account and Rights Management

  1. Manage user accounts, group accounts
  2. Query account information
  3. Set permissions for files and directories
  4. Set file and directory attribution

1. Preamble overview

As a multi-user, Multi-tasks server operating system, Linux provides a strict rights management mechanism, which mainly restricts resources from two aspects: user identity and file permissions.Linux controls access to resources based on user identity.

  • User Account Category:
  1. Super user - root, highest privilege
  2. Ordinary user - Custom user anonymous user (nobody) is similar to Guest in Windows
  3. Program Users - Control programs and services, unable to log on
  • Group Account - A collection of users (which can actually be thought of as a collection of user privileges)
  1. Basic Groups (Private Groups) - Groups that are created with the same name (or can be set up by yourself) as users but must be created when a user is created
  2. Additional Groups (Public Groups) - Create empty groups directly to add existing users and set permissions for groups that all users in the group have
  • UID and GID
  1. UID (User IDentity) - User ID number (0 means root 1-999 by default) Program user 1000-60000 means normal user)
  2. GID (Group IDentity) - Group Identification Number

2. User Account Documents

/etc/passwd - Save basic information such as user name, host directory, login shell, etc.

[root@lokott ~]# head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin

Root:x:0:0:root:/root:/bin/bash -- Explanation separated by colons

  1. root - User account name
  2. x -- Password encrypted using an encryption algorithm, which will not be shown here
  3. 0 - User UID number
  4. 0 - UID of the basic group account to which you belong
  5. root - Full user name, user details can be filled in
  6. /root - Host Directory
  7. /bin/bash - Login Shell for the specified user

/etc/shadow - Save user's password, valid account, etc.

[root@lokott ~]# Head-2/etc/shadow //View the first two lines of information
root:$6$P0mVYDgJo8HZnZWl$oYlITJyv.hP.6wS/OCuAdc61QoWTkYJMcONdy9aAjRW4Cpmc5Mor40xn/RiZ9Hi1PzhVoX5Chur4VfFB8JmKO1::0:99999:7:::
bin:*:17110:0:99999:7:::
[root@lokott ~]# 

Root: $6$P0mVYDgJo8HZnZWl$oYlITJyv.hP.6wS/OCuAdc61QoWTkYJMcONdy9ajRW4Cpmc5Mor40xn/RiZ9Hi1PzhVoX5Chur4VfFB8JmKO1::0:999:7::- Separated by colons, explained one by one below

  1. root - User account name

  2. Bold part - denotes the password encrypted by the encryption algorithm, which is invalid for login input

  3. :- The content between them is the last modified time

  4. 0 - Minimum number of days a password is valid (0 means it can be changed at any time)

  5. 99999 - Maximum valid days for passwords

  6. 7 - Remind users 7 days in advance that their password will expire

    :: - Represents the handling of operations after passwords and accounts expire (basically ignored)

2. Managing user accounts

1. Add a user account - useradd command

option

  1. -u - UID number of the specified user, which is not used by other users
  2. -d -- Host directory location for the specified user (not valid with -M!)
  3. -e - Account expiration time (expiration time)
  4. -g - Basic Group
  5. -G - Additional Group
  6. -M - No Starters Directory
  7. -s - Login shell for the specified user

Example: useradd-d/opt/mike (-g mike) -G caiwu-s/sbin/nologin Mike

[root@lokott ~]# Useradd-d/opt/mike-G caiwu-s/sbin/nolgin Mike //Note that Caiwu group needs to precede - groupadd caiwu
[root@lokott ~]# Tail-2/etc/passwd //View the last two lines of the passwd file
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
mike:x:1001:1001::/opt/mike:/sbin/nolgin
[root@lokott ~]# tail -2 /etc/group
caiwu:x:1002:mike
mike:x:1001:
[root@lokott ~]# tail -2 /etc/shadow
lokott:$6$aq3AU9oDZf/ERE2D$Ol.zBTLNqbsPDdsJYE0yU3Wa7EUU1SonR3rUQ616PsgA2u.DtQ99ecTUbdw2y2RhmlaL75WlcqMsfEUNretgb0:18192:0:99999:7:::
mike:!!:18200:0:99999:7:::
[root@lokott ~]# id mike //View mike's id information
uid=1001(mike) gid=1001(mike) group=1001(mike),1002(caiwu)
[root@lokott ~]# Ls/home/ //Because -d specifies the user's host directory, the home directory is created in the specified / opt/mike directory
demo  lokott
[root@lokott ~]# ls /opt/
demo01.txt  mike  rh  test
[root@lokott ~]#

2. Set/change user password (password) passwd

passwd Options.... User Name

  1. -d Clear password
  2. -l lock
  3. -S Check to see if it is locked or unlocked (uppercase!!!)
  4. -u unlock
[root@lokott ~]# useradd -d /opt/lisi -s /sbin/nologin lisi
[root@lokott ~]# tail -2 /etc/passwd
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
 lisi:x:1001:1001::/opt/lisi:/sbin/nologin//here/sbin/nologin means that the user cannot log on
[root@lokott ~]# passwd lisi
 Change user lisi's password.
New password: //Requires you to enter a password
 Invalid password: Password is less than 8 characters//Because you entered a simple password, you can continue to enter it once, although complex passwords are OK
 Re-enter the new password:
passwd: All authentication tokens have been successfully updated.
[root@lokott ~]# su - lisi
 Last failed login: October 31, 18:49:45 CST 2019 from:1:1
 The most successful login was followed by a failed login attempt.
This account is currently not available. //Unable to log on because the logged on shell is/sbin/nologin
[root@lokott ~]# pwd
/root
 [root@lokott ~]# vim/etc/passwd //enter the passwd file to change the user's/sbin/nologin to/bin/bash
 [root@lokott ~]# Su - Lisi //root switch user without entering password
 Last logon: on October 31, 18:52:42 CST 2019pts/2
 [lisi@lokott ~]$PWD //Log in to Lisi user
/opt/lisi
 [lisi@lokott ~]$Su //equivalent to su - root The results below show that the average user needs a password to switch roots, and the password entered will not be displayed
 Password:
[root@lokott lisi]# pwd
/opt/lisi
[root@lokott lisi]# cd 
[root@lokott ~]# pwd //Indicates switching to root user
/root
 [root@lokott ~]#passwd-l Lisi //Lock lisi's password
 Lock the password of user lisi.
passwd: Operation successful
 [root@lokott ~]# passwd-S lisi //View the password status of the lisi user
 Lisi LK 2019-10-31 0 99999 7-1 (password locked).)
[root@lokott ~]# su - lisi
 Last logon: on April 31, 19:01:10 CST 2019pts/2  
[lisi@lokott ~]$PWD //You can see that although locked, root can switch logins without a password
/opt/lisi
[lisi@lokott ~]$ 
[root@lokott ~]# passwd -u lisi
 Unlock user lisi's password.
passwd: Operation successful
[root@lokott ~]# passwd -S lisi
 Lisi PS 2019-10-31 0 99999 7-1 (Password set, using SHA512 algorithm).)

This example can be summarized as follows:

  1. Where/sbin/nologin users cannot log on directly and be switched
  2. The user is locked after passwd-l Lisi is executed, and logon is not possible in the GUI, but logon can be switched from root (and no password is required for root switching)

3. Modify user account properties usermod

  1. -u Modify the user's UID number
  2. -d Modify the user's host directory location
  3. -e Modify user account expiration time
  4. -s Logon shell for specified user
  5. -l Change user login account name
  6. -L Lock - -- equivalent to passwd -l
  7. -U unlock - -- equivalent to passwd-u

One-four, similar to useradd, demonstrates the following-l operation

[root@lokott ~]# usermod -l zhangsan lisi
usermod: user lisi is currently used by process 71736
[root@lokott ~]# ps -ef | grep lisi
root      71735  71117  0 19:01 pts/2    00:00:00 su - lisi
lisi      71736  71735  0 19:01 pts/2    00:00:00 -bash
root      72433  71829  0 19:11 pts/2    00:00:00 su - lisi
lisi      72435  72433  0 19:11 pts/2    00:00:00 -bash
root      73325  72935  0 19:24 pts/2    00:00:00 grep --color=auto lisi
[root@lokott ~]# kill 71735 // can also be restarted, automatically ending the process
[root@lokott ~]# 
Session terminated, killing shell... ...Killed.
[root@lokott ~]# exit
[root@lokott ~]# usermod -l zhangsan lisi
[root@lokott ~]# tail -2 /etc/passwd
mike:x:1001:1001::/opt/mike:/sbin/nolgin
zhangsan:x:1002:1003::/opt/lisi:/bin/bash  //Just changed the lisi user name but the name of the home directory is lisi
[root@lokott ~]#ls /opt
demo01.txt  lisi  mike  rh  test   
[root@lokott ~]# 

4. Delete user account userdel

-r Host directory deleted together, the following illustration follows above

[root@lokott ~]# Tail-2/etc/passwd //Show two users
mike:x:1001:1001::/opt/mike:/sbin/nolgin
zhangsan:x:1002:1003::/opt/lisi:/bin/bash
[root@lokott ~]# Userdel-r mike //Delete mike users and copy home
[root@lokott ~]# tail -3 /etc/passwd  
tcpdump:x:72:72::/:/sbin/nologin
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
zhangsan:x:1002:1003::/opt/lisi:/bin/bash
[root@lokott ~]# Ls-l/opt/mike //Indicates that the role of -r deletes the specified home directory
ls: cannot access/opt/mike: No file or directory
[root@lokott ~]# Ls/opt //There is currently a lisi home directory under / opt (name changed to zhangsan above)
demo01.txt  lisi  rh  test
[root@lokott ~]# Userdel-r zhangsan //Delete the zhangsan user and also delete the lisi directory
[root@lokott ~]# tail -3 /etc/passwd
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
[root@lokott ~]# Ls-l/opt //The home directory will not be deleted without -r because the zhangsan user is deleted and -r deletes the home directory
//Total dosage 0
-rw-r--r--. 1 root root  0 10 Month 31 16:19 demo01.txt
drwxr-xr-x. 2 root root  6 3 February 26, 2015 rh
drwx-wx-wx. 2 root root 32 10 Month 31 18:33 test
[root@lokott ~]# useradd wang //Create a new user
[root@lokott ~]# Usermod-l sung Wang //Change user name
[root@lokott ~]# Tail-2/etc/passwd //View passwd information
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
sung:x:1001:1003::/home/wang:/bin/bash
[root@lokott ~]# userdel sung //Delete sung user but do not delete wang
[root@lokott ~]# ls /home/
demo  lokott  wang

5. Initial profile of user account

File Source - New user account is copied from / etc/skel directory (cd to home directory with ls-a)

  1. ~/.bash_profile indicates that it is loaded after entering Bash
  2. ~/.bashrc user loaded at logon
  3. ~/.bash_logout is executed at logoff

3. Management Group Accounts

Group Account File - Similar to User Account File

  1. /etc/group: Save basic group account information
  2. /etc/shadow: Save password information for group accounts (typically not set)

1. Add group account groupadd command

groupadd option group name

-g - Specify GID

[root@lokott ~]# groupadd lisi //add lisi group
[root@lokott ~]# Tail/etc/group//view group information
postdrop:x:90:
postfix:x:89:
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
tcpdump:x:72:
lokott:x:1000:
printadmin:x:985:
caiwu:x:1002:
lisi:x:1003:
[root@lokott ~]# Groupadd-g 1005 wangwu //add wangwu group and configure it with GID 1005
[root@lokott ~]# tail -2 /etc/group
lisi:x:1003:
wangwu:x:1005:
[root@lokott ~]# 

2. Add and remove group members

Add - gpasswd
  1. -a Adding a user a to the group will not overwrite
  2. -d Remove a user from the group
  3. -M comma separated list of group members, overwriting group members, kicking out
[root@lokott ~]# Tail-2/etc/group//View group information
lisi:x:1003:
wangwu:x:1005:
[root@lokott ~]# Tail-2/etc/passwd //View user information
tcpdump:x:72:72::/:/sbin/nologin
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
[root@lokott ~]# useradd lisi //Add lisi user will fail because the lisi group already exists shown above
useradd: lisi Group already exists - If you want to join this user to the group, use -g Parameters.
[root@lokott ~]# Useradd-g lisi Lisi //Add lisi user to lisi group
[root@lokott ~]# useradd zhangsan //Add another zhangsan user
[root@lokott ~]# Tail-2/etc/passwd //View user information
lisi:x:1001:1003::/home/lisi:/bin/bash
zhangsan:x:1002:1006::/home/zhangsan:/bin/bash
[root@lokott ~]# Gpasswd-a lisi wangwu //add lisi to wangwu group (first wangwu group)
//Adding user "lisi" to the "wangwu" group
[root@lokott ~]# id lisi //View lisi's UID
uid=1001(lisi) gid=1003(lisi) group=1003(lisi),1005(wangwu)
[root@lokott ~]# Gpasswd-d lisi wangwu //Remove lisi from wangwu group
//Removing user'lisi'from'wangwu' group
[root@lokott ~]# id lisi //View lisi UID, no longer belongs to wnagwu group
uid=1001(lisi) gid=1003(lisi) group=1003(lisi)

[root@lokott ~]# Tail-5/etc/passwd //Show user information
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
lokott:x:1000:1000:lokott:/home/lokott:/bin/bash
lisi:x:1001:1003::/home/lisi:/bin/bash
zhangsan:x:1002:1006::/home/zhangsan:/bin/bash
[root@lokott ~]# Tail-5/etc/group//Show group information
printadmin:x:985:
caiwu:x:1002:
lisi:x:1003:
wangwu:x:1005:
zhangsan:x:1006:
[root@lokott ~]# Gpasswd-M lisi, Zhangsan wangwu //Add two users in bulk to the wangwu group
[root@lokott ~]# tail -5 /etc/group
printadmin:x:985:
caiwu:x:1002:
lisi:x:1003:
wangwu:x:1005:lisi,zhangsan                         //View Information
zhangsan:x:1006:
[root@lokott ~]# useradd hh //Add two new users to verify -M coverage
[root@lokott ~]# useradd ww
[root@lokott ~]# gpasswd -M hh,ww wangwu
[root@lokott ~]# tail -5 /etc/group
lisi:x:1003:
wangwu:x:1005:hh,ww                                //Both lisi and zhangsan were kicked out
zhangsan:x:1006:
hh:x:1007:
ww:x:1004:
Delete - groupdel group account

Be careful!!!Groupdel commands cannot be used to delete groups at will.This command only applies to deleting groups that are not "any user's initial group (primary group)". In other words, if there is a group or a user's initial group (primary group), the groupdel command cannot be used to delete successfully.For example:

[root@lokott ~]# tail  -10 /etc/group                
stapdev:x:158:
tcpdump:x:72:
lokott:x:1000:
printadmin:x:985:
caiwu:x:1002:
lisi:x:1003:
wangwu:x:1005:hh,ww
zhangsan:x:1006:
hh:x:1007:
ww:x:1004:
[root@lokott ~]# groupdel caiwu 
[root@lokott ~]# groupdel lisi
groupdel: User cannot be removed. lisi"Master Group
[root@lokott ~]# groupdel wangwu 
[root@lokott ~]# groupdel zhangsan 
groupdel: User cannot be removed. zhangsan"Master Group
[root@lokott ~]# groupdel hh
groupdel: User cannot be removed. hh"Master Group
[root@lokott ~]# groupdel ww
groupdel: User cannot be removed. ww"Master Group
[root@lokott ~]# 

If you really want to delete, you can delete the initial member who created the group before deleting it

[root@lokott note]# tail -1 /etc/passwd
ww:x:10000:10000::/home/ww:/bin/bash
[root@lokott note]# groupdel ww
groupdel: User cannot be removed. ww"Master Group
[root@lokott note]# userdel ww
[root@lokott note]# tail -1 /etc/group
zhangsan:x:1006:
[root@lokott note]# 
The last command is used to view information about the most recent login
[root@lokott ~]# lastb
lisi     :1           :1               Thu Oct 31 18:49 - 18:49  (00:00)    
root     pts/1                         Thu Oct 31 17:07 - 17:07  (00:00)    
root     :0           :0               Thu Oct 24 14:43 - 14:43  (00:00)    
root     :0           :0               Thu Oct 24 14:43 - 14:43  (00:00)    
root     :0           :0               Thu Oct 24 14:43 - 14:43  (00:00)    

btmp begins Thu Oct 24 14:43:01 2019
[root@lokott ~]# 

4. Permissions and Attribution of Files/Directories

1. Access rights

Read r: Allows viewing of file contents, showing directory listings

Write w: Allow modification of file contents, allow creation, movement, deletion of files or subdirectories in the directory

Executable x: Allow programs to run, switch directories

2. Ownership (Ownership)

Owner: User account for the file or directory

Subgroup: Group account used for the file or directory

3. Introduce permissions with examples

[root@lokott ~]# ls -l
//Total usage 8
-rw-------. 1 root root 1785 10 23/12:21 anaconda-ks.cfg
-rw-r--r--. 1 root root 1833 10 23/12:24 initial-setup-ks.cfg
drwxr-xr-x. 4 root root   73 10 Month 30 22:03 note  //Take this as an example

The following explains drwxr-xr-x.4 root 73 October 30 22:03 note

  1. D - File type (d for directory, l for linked file, c for character device (I/O) file, b for block device (storage) file - normal file)
  2. rwx, r-x, R-X represent ownership (read, write, executable here), group (read, executable here), and other (read, executable here)
  3. 4 - Number of subdirectories
  4. First root - owner
    5. Second root - genus group
  5. 73 - Size
  6. October 30 22:03 - Creation Time
  7. note - Directory name (file)

4. Set permissions for files and directories chmod command (-R recursion)

  1. chmod [ugoa][+-=][rwx]
  2. chmod nnn file or directory (preferred)
//The following are permission operations on files
[root@lokott note]# touch 2.sh    
[root@lokott note]# Ls-l 2.sh //2.sh permission is 644
-rw-r--r--. 1 root root 0 10 Month 31 21:41 2.sh 
[root@lokott note]# chmod u+x 2.sh 
[root@lokott note]# ls -l 2.sh 
-rwxr--r--. 1 root root 0 10 Month 31 21:41 2.sh
[root@lokott note]# chmod ugo+w 2.sh 
[root@lokott note]# ls -l 2.sh 
-rwxrw-rw-. 1 root root 0 10 Month 31 21:41 2.sh
[root@lokott note]# chmod 655 2.sh 
[root@lokott note]# ls -l 2.sh 
-rw-r-xr-x. 1 root root 0 10 Month 31 21:41 2.sh

//Here are the permission operations for the directory
[root@lokott note]# L l //l L is an alias for ls-l --color
//Total usage 8
-rwxrwxrwx. 1 root root   0 10 Month 31 21:40 1.txt
-rw-r-xr-x. 1 root root   0 10 Month 31 21:41 2.sh
-rwxrwxrwx. 1 root root 286 10 Month 30 22:03 ifcfg-ens33
drwxrwxrwx. 2 root root  26 10 23/13:20 linux-cmd
-rwxr-xr-x. 1 root root  30 10 Month 30 22:02 readme.txt
drwxrwxrwx. 2 root root 173 10 Month 30 21:56 shell
drwxr-xr-x. 2 root root   6 10 Month 31 21:38 test
[root@lokott note]# which ll         
alias ll='ls -l --color=auto'
    /usr/bin/ls
[root@lokott note]# Chmod 777 test/Change permissions to 777
[root@lokott note]# ll
//Total usage 8
-rwxrwxrwx. 1 root root   0 10 Month 31 21:40 1.txt
-rw-r-xr-x. 1 root root   0 10 Month 31 21:41 2.sh
-rwxrwxrwx. 1 root root 286 10 Month 30 22:03 ifcfg-ens33
drwxrwxrwx. 2 root root  26 10 23/13:20 linux-cmd
-rwxr-xr-x. 1 root root  30 10 Month 30 22:02 readme.txt
drwxrwxrwx. 2 root root 173 10 Month 30 21:56 shell
drwxrwxrwx. 2 root root   6 10 Month 31 21:38 test
[root@lokott note]# touch test/1.sh
[root@lokott note]# ls -l test/1.sh 
-rw-r--r--. 1 root root 0 10 Month 31 21:50 test/1.sh   //A directory's permissions are independent of its subdirectories and file permissions unless recursively -R
[root@lokott note]# Chmod 777-R test/ //Recursive change permissions means that all file permissions for test and its subdirectories are 777
[root@lokott note]# ls -l test/1.sh 
-rwxrwxrwx. 1 root root 0 10 Month 31 21:50 test/1.sh

If you give subordinate groups and other users write access only (622), you can force a write, but it will overwrite the original content!

[root@lokott test]# Absolute path to pwd //current directory
/opt/test
[root@lokott test]# ll //Show Details
//Total usage 8
-rw-r--r--. 1 root root 13 10 Month 31 16:33 1.txt        //All user privileges except root are read-only
-rw--w--w-. 1 root root 18 10 Month 31 18:33 2.txt         //Write-only permissions for all users except root
[root@lokott test]# cat 1.txt 
tehsda
hello
[root@lokott test]# cat 2.txt //The original 2.txt here is as follows
231354
2222244878
[root@lokott lisi]# su - lisi //Switch to lisi user
//Last logon: on April 31, 22:36:45 CST 2019pts/1
[lisi@lokott ~]$ cd /opt/test/
[lisi@lokott test]$ ll                                  //No ls permission
ls: Unable to open directory.: insufficient privilege
[lisi@lokott test]$ cat 1.txt                           //Indicates that you can view 1.txt content
tehsda
hello
[lisi@lokott test]$ vim 1.txt                          //Attempt to write data
[lisi@lokott test]$ cat 1.txt                           //Can wq!Force save to exit, the result is writable
tehsda
hello
dada
asdaadas
[lisi@lokott test]$ cat 2.txt
cat: 2.txt: insufficient privilege
[lisi@lokott test]$ vim 2.txt
[lisi@lokott test]$ cat 2.txt                             //It seems that you can view it after forcing data to be written, because the owner is lisi, but if the //owner is root, the user cannot view it when the Lisi user logs in
ssdad                                                           
dsawdad
[lisi@lokott test]$ ls -l 2.txt
-rw--w--w-. 1 lisi lisi 14 10 Month 31 22:45 2.txt
//Write data to text using echo command redirection and append
[lisi@lokott test]$ echo "123123" > 2.txt    
[lisi@lokott test]$ cat 2.txt
123123
[lisi@lokott test]$ echo "123456" >> 2.txt
[lisi@lokott test]$ cat 2.txt
123123
123456  
[lisi@lokott test]$ su 
//Password:
[root@lokott test]# ls -l
//Total usage 8
-rw-r--r--. 1 lisi lisi 27 10 Month 31 22:43 1.txt
-rw--w--w-. 1 lisi lisi 14 10 Month 31 22:47 2.txt
[root@lokott test]# cat 2.txt 
123123
123456
[root@lokott test]# 

5. Set the attribution of files and directories

  1. chown owner
  2. chown: genus group
  3. chown owner: genus group
[root@lokott opt]# ls -l 
//Total dosage 0
-rw-r--r--. 1 root root  0 10 Month 31 16:19 demo01.txt
drwxr-xr-x. 2 root root  6 3 February 26, 2015 rh
drwx-wx-wx. 2 root root 32 10 Month 31 22:45 test
[root@lokott opt]# chown lisi test    
[root@lokott opt]# ls -l                           
//Total dosage 0
-rw-r--r--. 1 root root  0 10 Month 31 16:19 demo01.txt
drwxr-xr-x. 2 root root  6 3 February 26, 2015 rh
drwx-wx-wx. 2 lisi root 32 10 Month 31 22:45 test        //The test directory's ownership is changed to lisi without changing its group

[root@lokott opt]# chown root:lisi test
[root@lokott opt]# ls -l 
//Total dosage 0
-rw-r--r--. 1 root root  0 10 Month 31 16:19 demo01.txt
drwxr-xr-x. 2 root root  6 3 February 26, 2015 rh
drwx-wx-wx. 2 root lisi 32 10 Month 31 22:45 test        //The test directory's own owner becomes root and its own group becomes lisi

[root@lokott opt]# chown :root test
[root@lokott opt]# ls -l 
//Total dosage 0
-rw-r--r--. 1 root root  0 10 Month 31 16:19 demo01.txt
drwxr-xr-x. 2 root root  6 3 February 26, 2015 rh
drwx-wx-wx. 2 root root 32 10 Month 31 22:45 test        //The test directory's own group becomes root

6. Permission mask umask

Role: Control permissions for newly created files or directories - note that only new ones are valid

Default permissions Remove umask permissions to

[root@lokott opt]# mkdir umasktest
[root@lokott opt]# umask 000 umasktest/
[root@lokott opt]# ll
//Total dosage 0
-rw-r--r--. 1 root root  0 10 Month 31 16:19 demo01.txt
drwxr-xr-x. 2 root root  6 3 February 26, 2015 rh
drwx-wx-wx. 2 root lisi 32 10 Month 31 22:45 test
drwxrwxrwx. 2 root root  6 10 Month 31 23:26 umasktest
[root@lokott opt]# cd umasktest/
[root@lokott umasktest]# mkdir 2019
[root@lokott umasktest]# touch 1.txt
[root@lokott umasktest]# ll
//Total dosage 0
-rw-rw-rw-. 1 root root 0 10 Month 31 23:26 1.txt             //File permissions are 666
drwxrwxrwx. 2 root root 6 10 Month 31 23:26 2019              //Directory permissions are 777

[root@lokott umasktest]# cd ..
[root@lokott opt]# The umask 111 umasktest/ //original 1.txt and 2019 permissions have not changed!
[root@lokott opt]# cd umasktest/
[root@lokott umasktest]# mkdir 2018
[root@lokott umasktest]# touch 2.txt
[root@lokott umasktest]# ll
//Total dosage 0
-rw-rw-rw-. 1 root root 0 10 Month 31 23:26 1.txt
drw-rw-rw-. 2 root root 6 10 Month 31 23:28 2018            //Directory permissions are 666
drwxrwxrwx. 2 root root 6 10 Month 31 23:26 2019
-rw-rw-rw-. 1 root root 0 10 Month 31 23:28 2.txt           // 2.txt permission is 666

[root@lokott umasktest]# cd ..
[root@lokott opt]# umask  666 umasktest/
[root@lokott opt]# cd umasktest/
[root@lokott umasktest]# mkdir 2017
[root@lokott umasktest]# touch 3.txt
[root@lokott umasktest]# ll
//Total dosage 0
-rw-rw-rw-. 1 root root 0 10 Month 31 23:26 1.txt
d--x--x--x. 2 root root 6 10 Month 31 23:29 2017              //Directory permissions 111
drw-rw-rw-. 2 root root 6 10 Month 31 23:28 2018
drwxrwxrwx. 2 root root 6 10 Month 31 23:26 2019
-rw-rw-rw-. 1 root root 0 10 Month 31 23:28 2.txt
----------. 1 root root 0 10 Month 31 23:29 3.txt            //File 3.txt permissions are all zero  
[root@lokott umasktest]# Umask //View umask values
0666

Tags: shell Linux vim Windows

Posted on Thu, 07 Nov 2019 16:27:14 -0500 by mjahkoh