Table of contents
1. Shell commands and operating principles
2.1 Classification of file visitors (people)
2.2 File Type and Access Permissions (Thing Attributes)
2.3 Representation method of file permission value
2.4 Related setting methods of file access permissions
People always have to pay the price for past laziness!
1. Shell commands and operating principles
Strictly speaking, Linux is an operating system, which we call
"kernel " ,
but
we
general users cannot directly use the kernel. Instead, it communicates with the kernel through the kernel 's " shell " program, the so-called shell . [Popular understanding: users communicate with the operating system through the shell] shell: shell program
(1) From a technical point of view, the simplest definition of Shell : command line interpreter ( command Interpreter ) mainly includes:Translate the user's commands to the core ( kernel ) for processing; at the same time, translate the processing results of the core to the user.(2) The significance of the existence of the shell: the shell reduces the cost of operating the OS; protects the OS;
Note: under linux, the shell refers to the command line interpreter; under windows, the shell refers to the graphical interface.
The command line interpreter (shell) commonly used by our centos 7 is called bash. [shell is a general term, bash is a specific one]
2. The concept of authority
There are two types of users under Linux
: super user (
root
) and ordinary user.
Super user: can
do anything under the
linux system without restriction
Ordinary users:
do limited things under
linux .
The command prompt for super users is
"#"
, and the command prompt for ordinary users is
"$"
.
Command
:
su [
username
]
Function
: switch user.
For example, to
switch from
the root user to the normal user
user , use su user . To switch from an ordinary user user to a root user, use su root ( root can be omitted), and the system will prompt you to enter the password of the root user
(1) From ordinary user to ordinary user, a password is required.(2) From super user to common user, no password is required. [Super user password is very important]
Suggestion: The root password is recommended to be set differently from the common user password, and the super user password must be complex.
3. Rights Management
2.1 Classification of file visitors (people)
Owner of files and file directories:
u---User
Users in the group of the owner of files and file directories:
g---Group
Other users:
o---Others
In the Linux system, people are divided into three categories: (1) the owner of the file (owner) (2) the group to which the file belongs (grouper)(3) Other users of the file (other)There are two types of users under Linux : super user ( root ) and ordinary user. (root and ordinary users can be one of the above three categories)
2.2 File Type and Access Permissions (Thing Attributes)
File type: (Under linux, the file suffix is not used to distinguish files)d : folder (text, source code, executable program, third-party static library, etc.) [directory file]- : normal filel : soft link (similar to Windows shortcut) [link file]b : block device file (such as hard disk, optical drive, etc.)p : pipeline filec : character device file (such as a serial device such as a screen)s : socket file
gcc is a compiler software on linux. [Although linux does not use file suffixes to distinguish files, but the software in linux will ]
b) Basic permissionsi. Read ( r/4 ): For a file, Read has the authority to read the content of the file; for a directory, it has the authority to browse the directory informationii. Write ( w/2 ): For files, Write has the right to modify the content of the file; for directories, it has the right to delete files in the moved directoryiii. Execution ( x/1 ): For files, execute has the permission to execute files; for directories, it has the permission to enter directoriesiv. "—" indicates that it does not have this permission
Permissions revolve around user and file attributes (read, write, execute).
Permission operations on files: (1) Modify file attributes (2) Modifiers
2.3 Representation method of file permission value
a)
Character representation method
b) Octal value representation method
2.4 Related setting methods of file access permissions
root is not restricted by ordinary user rights.
a)chmod
Function:
Set the access permission of the file
Format:
chmod [
parameter
]
permission file name
Common options:
R ->
recursively modify the permissions of directory files
Note: Only the owner of the file and root can change the permissions of the file
The format of the permission value of the chmod command:① User indicator +/-= permission character+: Add the authority represented by the authority code to the scope of authority-: Cancel the permission indicated by the permission code from the permission scope=: Grant the authority represented by the authority code to the scope of authorityUser symbol:u : the ownerg : used by the same group as the ownero : other usersa : all usersExample:# chmod u+w /home/abc.txt# chmod ox /home/abc.txtchmod a=x /home/abc.txt【All users can only execute this permission】
②Three-digit octal numbersExample:# chmod 664 /home/abc.txt# chmod 640 /home/abc.txt
b)chown
Function
: modify the owner of the file
Format
:
chown [
parameter
]
username filename
Example:
# chown user1 f1
# chown -R user1 filegroup1
chown to change the owner file ; at this time, an error will be reported, and it should be written as (1) sudo chown to change the owner file ; [sudo’s role is to elevate the authority to execute the program as root] (2) First change the user to a super user , then chown to change the owner of the file .
c)chgrp
Function
: Modify the group to which a file or directory belongs
Format
:
chgrp [
parameter
]
user group name file name
Common options
:
-R
recursively modify the group to which a file or directory belongs
Example:
chgrp users /abc/f2
(1) Sudo chgrp changes the belonging group file [sudo function, elevates the privilege to execute the program as root] (2) First change the user to a super user, and then chgrp changes the belonging group file .
Change owner and group directly at once:
(1) sudo chown the changed owner: the changed group file (2) first change the user to a super user, and then chown the changed owner: the changed group file .
d)umask
function
:
View or modify file masks
The default permission of the new folder
= 0666 (octal, the first 0 is the representation of octal)
New directory default permissions
= 0777 (octal)
But in fact, the permissions you see for the files and directories you create are often not the above value. The reason is that when creating a file or directory, it is also affected by the umask. Assuming the default permission is
mask
, the actually created file permission is
:
mask & ~umask
Format
:
umask
permission value
Explanation
: After subtracting the permission mask from the existing access permission, the default permission when creating a file can be generated. The default mask value is
0022 for super users
and 0002 for common users
.
Example:
# umask 755
# umask //
View
# umask 044//
set
(1) Our permission to create a directory is: 775; the permission to create a file is: 664 (different systems may vary)
The default directory permission is: 777; the default file permission is: 666
(2) umark 0000; then our permission to create a directory is: 777; the permission to create a file is: 666 [that is, the default permission]
3. file command
Function description
: identify the file type.
Syntax
:
file [
options
]
file or directory
...
Common options
:
-c
Displays the execution process of the instruction in detail, which is convenient for troubleshooting or analyzing the execution of the program.
-z
Attempts to decipher the contents of the compressed file.
file file/directory
4. Directory permissions ★
Executable permissions : If the directory does not have executable permissions , you cannot cd into the directory .Readable permissions: If the directory does not have readable permissions , you cannot view the list of files in the directory with commands such as ls .Writable permissions : If the directory does not have writable permissions , files cannot be created in the directory , and files cannot be deleted in the directory
5. Sticky bit ★
When you have write permissions to the directory, you can create and delete files. But everyone who has write permissions to the directory can delete any file in the directory. [At this time, we don't want others to delete our own files, and the directory can add sticky bits]
When a directory is set to
"
sticky bit
" (
use
chmod +t directory),
the files in this directory can only be accessed by
1. Super administrator delete
2. Delete the owner of the directory
3. The owner of the file deletes
6. Summary of Permissions
(1) The executable permission of the directory indicates whether you can execute commands in the directory.
(2) If the directory does not have
the -x
permission, you cannot execute any commands on the directory, or even
cd
into the directory
,
even if the directory still has
the -r
read permission (this place is easy to make mistakes, thinking that you can enter the directory and read the directory if you have the read permission file under
(3) If the directory has
-x
permission but not
-r
permission, the user can execute commands and enter the directory with
cd
. But since there is no read permission for the directory
(4) So in the directory, even if the ls command can be executed, there is still no permission to read the documents in the directory.