Linux File hidden properties - Create file default permissions ,umask Detailed explanation


Linux Introduction to special authority


# password Originally only root Yes, but why can ordinary users change the contents when they change their passwords .
[[email protected] ~]# ll /usr/bin/passwd 
-rwsr-xr-x. 1 root root 27832 Jun 10  2014 /usr/bin/passwd
[[email protected] ~]# ll /usr/bin/write 
-rwxr-sr-x. 1 root tty 19624 Oct 31  2018 /usr/bin/write
[[email protected] ~]# ll /tmp/ -d
drwxrwxrwt. 7 root root 120 Apr  3 09:22 /tmp/


suid(set uid)


  • In terms of the authority of the owner, it was x There is a problem with the execution authority s; It's usually for executable files .
#  If an executable file , Within the limits of sovereignty x Who is on the s jurisdiction , Then prove that the document has set uid Special permissions for .set uid: Any user ( except root Outside ) Execution has suid Permission file , It will be executed as the owner of the file
set uid: 
# SUID Usage method
chmod u+s  file name
chmod 4000  file name
Be careful : When the authorization file , The original theme has x Authority , yes s, The original owner did not x Permission is S.


sgid(set gid)


  • In the group permission bit , It should have been x There is a problem with the execution authority s

  • It's usually for directories , There are also executable files ( Most of them are for directories )

1. Modify the user group permission bit , The user created directory or file belongs to the same group as the directory .
2. When a directory is set sgid after , The new file created in this directory is no longer the default group to which the file is created
3. Use sgid It makes it easy for multiple users to share all the files in a directory .

Main purpose : share directory

#  Authorization way
chmod g+s  Catalog
chmod 2000  Catalog
Be careful : When the authorization file , In the original genera, there are x Authority , yes s, The original group does not have x Permission is S.


sbit(seticky)


On other user rights bits , It should have been x There is a problem with the execution authority t

Ordinary users have w and x jurisdiction , That is, ordinary users can have write permission in this directory , If there is no viscous position , So ordinary users have w jurisdiction , You can delete all the files in this directory , Include other user profiles . But once it's given a viscous position , except root All files can be deleted , Even ordinary users have w Permissions can only delete files created by themselves , You can't delete the resume files of other users .

There's something in the system /tmp Directory is the classic sticky bit Directory , Everyone has permission to write , So safety is a problem , Often *** First hand springboard .

#  Authorization way
chmod o+t  Catalog
chmod 1000  Catalog
Be careful : When the authorization file , Original other Who is on the x Permission is s, The original group does not have other Permission is S.


Hidden properties of files


 When creating a user, information is recorded to
Create user :/etc/passwd
User password :/etc/shadow
User group :/etc/group 
Set the password :/etc/gshadow
chattr  Lock  root It doesn't work
a Make the file or directory appendable only ( Can't cover )
chattr +a 
chattr -a
i You can't do anything , You can only see
chattr +i
chattr -i


umask


[[email protected] ~]# umask
0022
mkdir
 0777
-0022
----------
 0755
touch
 0666
-0022
-----------
 0644
 
[[email protected] ~]# umask
0022
umask  When creating a directory, use 777-umask Get permission to file , create a file 666-umask It's going to be odd  +1.
---------------------------------------------------------------------------
If you're creating a file , Use 0666-umask,umask If there are odd numbers, add 1,
If you create a directory , Use 0777-umask, The result is file permissions
[[email protected] ~]# umask 
0222
       current umask=0222
[[email protected] ~]# mkdir aa
[[email protected] ~]# ll aa -d
dr-xr-xr-x 2 root root 6 Apr  3 16:54 aa
       Create a directory , Permissions are 0777-umask=555; That's letter authority r-xr-xr-x
[[email protected] ~]# touch bb
[[email protected] ~]# ll bb 
-r--r--r-- 1 root root 0 Apr  3 16:56 bb  
       Create a file , Authority 0666-umask=0444, That's letter authority r--r--r--
--------------------------------------------------
       When umask When it's odd
[[email protected] ~]# umask
0555
[[email protected] ~]# mkdir aa1
[[email protected] ~]# ll -d aa1
d-w--w--w- 2 root root 6 Apr  3 16:59 aa1
       Create a directory , Permissions are 0777-umask=222; That's letter authority -w--w--w-
[[email protected] ~]# touch bb1
[[email protected] ~]# ll bb1
--w--w--w- 1 root root 0 Apr  3 17:01 bb1
Create a file , Authority 0666-umask=111, But when you have odd numbers, you need +1; So it is 222, That's letter authority -w--w--w-