Task:
2.17 hide authority lsattr / chattr
2.18 special permission set_uid
2.19 special permission set_gid
2.20 special permission stick_bit
2.21 soft link file
2.22 hardwired file
lsattr/chattr
chattr + i locked file can not be modified
chattr + a can append, to the log file
add the -R
set_uid
create set_uid authority, is to enable the average user in the implementation of some programs, can have temporary permission to the program owner. Column such as: account number and password storage file actually is / etc / passwd and / etc / shadow, which is owned by root. In this authority, only root can be forced to write. When an ordinary user to update their password, use is / usr / bin / passwd program, but can be updated successfully, and / usr / bin / passwd is owned by root
set_gid
可以应用在文件和目录上。设置在文件上和set_uid类似,前提是这个文件必须是可执行的二进制文件。设置set_gid后,执行该文件的用户会临时以该文件所属组的身份执行。若目录被设置这个权限后,任何用户在此目录下创建的文件或者目录都具有和该目录所属组相同的组
stick_bit
SBit一般用于目录上,对文件的意义不大。SBit对目录的作用是:在具有SBit的目录下,用户若在该目录下具有w及x权限,则当用户在该目录下创建文件或目录时,只有文件拥有者与root才有权利删除。SBit可以理解为防删除位。如果希望用户能够添加文件但同时不能删除文件,则可以对文件使用SBit位。设置该位后,就算用户对该文件的父目录具有写权限,也不能删除文件
chmod o+t directiory
一个文件能否被删除,取决于该文件的父目录的权限
stick_bit设定之后会在rwxr-xr-x前面加一位,就是1755,chmod o+t 和 chmod 1755等价,变成 rwxr-xr-t
Soft link files
ln -s source dest create a soft link
ln source dest create hard links to
soft links: inode number of files A and B, although not the same, but the content is the path file A file B. When reading the file A, the system will automatically direct visitors file B. Therefore, no matter which file to open, the final reading is a file B. Soft links At this time, the file is called A file B (soft link) or symlink (symbolic link) This means that the file A depends on B file exists, if you delete a file B, open the file will error A
file A B point to the file name of the file, rather than the inode number of file B, inode file B 'link number' will not change and therefore occur. Soft link shortcuts similar to Windows
hard link: Under normal circumstances, the file name and inode number is one to one, each inode number corresponds to a file name, multiple file names at the same time pointing to a inode, modify a file that is on this inode number corresponding to the file modification does not support hard links to directories make hard links, support for files only to do hard links, and can not cross partitions