Five ways to view file permissions
# Use five methods to view file permissions in digital form
[root@wzh ~]# stat 123|awk -F '[(0/]' 'NR==4{print $3}'
755
[root@wzh ~]# stat 123|sed -nr '4s#.*\(0(.*)/d.*#\1#gp'
755
[root@wzh ~]# ll 123 -d|tr 'rwx-' '4210'| awk -F '' '{print $2+$3+$4$5+$6+$7$8+$9+$10}'
755
[root@wzh ~]# stat 123|head -4|tail -1|cut -d '0' -f2|cut -d '/' -f1
755
[root@wzh ~]# stat 123|grep -w 'Gid'|grep -o '[0-9*]'|xargs -l4|grep -w '5'|cut -d '0' -f2,4,6
7 5 5
[root@wzh ~]# stat 123|grep -o '755'
755
[root@wzh ~]# name="$(stat 123|head -4|tail -1)"&& echo ${name:10:3}
755
Impact of rwx on files
r:View the contents of the file. It cannot be written or executed w:Cannot read, cannot execute, write to use echo >>,Can be appended and used for writing vim,Cannot append, can only overwrite x:Nothing can be done because the contents of the file cannot be read, so I don't know what to execute rw:Read / write cannot be executed rx:Read and execute, not write wx:And single w equally rwx:Readable, writable and executable
Effects of rwx on directories
r:You can view the file name under the directory, but you cannot view the properties w:Nothing can be done x:Nothing can be done rx:To view file attributes, you can enter the cp,No rm No mv rw:Can view, can write, but cannot cp,No rm,No mv rwx:Can view, can write, can cp Yes rm Yes mv wx:Can be created, can be deleted, and cannot be viewed
Authorization command
# chown chown Owner.Group file or directory -R:Recursively change group and owner # chmod chmod 777 File or directory chmod u=rwx chmod u+x u:user Owner g:group Genus group o:other Other users a:all Ownership limit -R: Recursive authorization
Introduction to linux special permissions
[root@www ~]# ll /usr/bin/passwd -rwsr-xr-x. 1 root root 27832 6 October 2014 /usr/bin/passwd [root@www ~]# ll /usr/bin/write -rwxr-sr-x. 1 root tty 19624 4 November 2018 /usr/bin/write [root@www ~]# ll /tmp/ -d drwxrwxrwt. 9 root root 4096 4 March 09:49 /tmp/
SUID
Full spelling: set uid
On the sovereignty limit, an s appears in the execution permission that should be x
Generally for executable files
If an executable file is within the sovereignty limit x On position s Authority, then prove that the file has set uid Special permissions. set uid: Any user (except root External) execution has suid When a file has permissions, it will be executed as the owner of the file  ## SUID authorization # chmod ugo mode [root@www ~]# chmod u+s file or directory # chmod number mode 4000 [root@www ~]# chmod 4755 aaaa [root@www ~]# chmod 4000 aaaa Note: when the authorization document originally belongs to the theme, there are x Permission, yes s,Originally belongs to the theme x Permission, yes S
SGID
Full spelling: set gid permission
On the group permission bit, an s appears in the x execution permission
Generally, it is for directories, and there are also executable files (most of them are for directories)
[root@www ~]# ll /usr/bin/write -rwxr-sr-x. 1 root tty 19624 4 November 2018 /usr/bin/write
1. for user group permission bit modification, the group of the directory or file created by the user is consistent with the group of the directory.
2. when sgid is set for a directory, the new file in the directory is no longer the default group to which the file is created
3. using sgid can make it easy for multiple users to share all files in a directory.
Main purpose: share directory
## SGID authorization method # chmod ugo mode [root@www ~]# chmod g+s /tmp/test/ # chmod number mode 2000 [root@www ~]# chmod 2000 3 Note: when the authorization document, the original group has x Permission, yes s,Not in the original group x Permission, yes S
Sbit (sticky bit)
sticky (SI TI KI) viscosity
On other user permission bits, a t
Ordinary users have W and x permissions on this directory, that is, ordinary users can have write permission in this directory. If there is no sticky bit, ordinary users have w permission and can delete all files in this directory, including files of other users' resumes. However, once the sticky bit is assigned, all files except root can be deleted. Even if ordinary users have w permission, they can only delete the files created by themselves, not the files of other users' resumes.
The /tmp directory in the system is a classic sticky bit directory. Everyone has write permission, so security is a problem. It is often the first-hand springboard for Trojans.
## SB authorization method # chmod ugo mode [root@www ~]# chmod o+t SB # chmod number mode [root@www ~]# chmod 1755 IT Note: in the authorization directory, there are x Permission, yes t,Originally, there were no other user permissions x Permission, yes T
"Cixi" in the order
# When creating a user: 1.Create user information record to > /etc/passwd 1.1 User related passwords are recorded to > /etc/shadow 2.Create user group information record to > /etc/group 2.1 User group related passwords are logged to > /etc/gshadow chattr Shackles( root Can not be operated by chattr Command locked files) i:Lock it. You can do nothing but watch it a:Can only see and add content(Cannot overwrite) lsattr View additional permissions
linux system process mask UMASK
[root@www ~]# umask 0022 mkdir dir 0777 0022 ---- 0755 touch file 0666 0022 ---- 0644 [root@www ~]# umask 0033 [root@www ~]# umask 0033 dir:744 file:644 [root@www ~]# umask 0011 dir:766 file:666 0777 0011 ---- 0766 0666 0011 ---- 0655 0666 [root@www ~]# umask 0044 dir:733 file:622 umask Calculation, when umask When an odd number appears in: the directory calculation method remains the same, but the result of the odd number is+1 0777 0033 ---- 0744 0666 0033 ---- 0633 0644 [root@www ~]# umask 0045 dir:732 0777 0045 ---- 0732 file:622 0666 0045 ---- 0622
