2015年8月30日 星期日

Red Hat 7 chapter 6

Linux File System Permissions
 Effects of permissions on files and directories
permission effect on files   effect on directories
r(read)   contents of the file can be read    contents of the directory can by listed
w(write)   contents of the file can be changed   any file in the directory may be created or deleted
x(exec)   files can be executed as commands   contents of the directory can be accessed
special permission
u+s(suid) File executes as the user that owns the file, not the user that ran the file. No effect.
g+s(sgid) File executes as the group that owns the file.   File newly created in the directory have their  group owner set to match the group owner of the directory
o+t(sticky) No effect. Users with write on the directory can only  remove files that they own; they cannot remove or force saves to files owned by other user.

  • note that users normally have both read and exec on read-only directories , so that they can list the directory and access its contents. 
  • If a user only has read access on a directory , the names of the files in it can be listed, but no other information, including permissions or time stamps, are available , nor can they be accessed.
  • If a user only has exec access on a directory , they cannot list the names of the files in the directory, but if they already know the name of a file which they have permission to read , then they can access the contents of that file by explicitly specifying the file name.
  • A file may be removed by anyone who has write permission to the directory in which the file reside, regardless of the ownership or permissions on the file itself.
  • The command ls -l directoryname will show the expanded listing of all of the files that reside inside the directory . To prevent the descent into the directory and see the expanded listing of the directory itself.
Managing File System Permissions from the Command Line
  • The command used to change permissions from the command line is chmod, short for "change mode".
  • Symbolic method keywords
    #chmod whowhatwhich file | directory
    who is u, g, o, a(for user, group, other, all)
    what is +, -, = (for add, remove, exactly)
    which is r, w, x (for read, write, executable) 
  • Numeric method
    #chmod XXX file | directory 
    Each digit represents an access level : user, group, other.
    X is sum of r=4, w=2, and x=1.
    The chmod commands supports the -R option for recursively setting permissions on an entire directory tree.
  • File ownership can be changed with the chown command.
    The chown command can used with -R option to recursively change the ownership of an entire directory tree.
    The chown command can also be used to change group ownership of a file by preceding the group name with a colon(:).
Managing Default Permissions and File Access

Special permissions
  • The setuid permission on an executable file means that the command will run as the user(or group)of the file, not as the user that ran the command.
  • The sticky bit for a directory sets a special restriction on deletion of files: Only the owner of the file (and root) can delete files within the directory .
  • setgid on a directory means that files created in the directory will inherit the group affiliation from the directory , rather than inheriting it from the creating user.
Default file permission
  • Every process on the system has a umask, which is an octal bitmask that is used to clear the permissions of new files and directories that are created by the process.
  • The umask command  without arguments will display the current value of the shell's umask.
  • For example, the previous umask, 0002, clears the write bit for other users. The leading zeros indicate the special, user, group permission are not cleared.

沒有留言:

張貼留言