• Home
  • Categories
  • WIKI
  • LANGUAGE: en
    • [Share Experiences] [1060a Series] Permission Management
    Experiences and Insight 84 views · 0 replies ·
    Tofloor
    poster avatar
    SuperDavid
    Moderator
    2024-09-06 17:08
    Author

    [1060a Series] Permission Management

    I. Explanation of ls -l** Output**

    [root@1060a ~]# ls -l

    total 8

    -rw------- 1 root root 1206 Nov 2 19:40 anaconda-ks.cfg

    drwxr-xr-x 2 root root 59 Nov 2 19:42 Desktop

    drwxr-xr-x 2 root root 6 Nov 2 19:37 Documents

    drwxr-xr-x 2 root root 6 Nov 2 19:37 Downloads

    -rw------- 1 root root 1483 Nov 2 19:41 initial-setup-ks.cfg

    drwxr-xr-x 2 root root 32 Nov 2 19:37 Music

    drwxr-xr-x 3 root root 24 Nov 2 19:37 Pictures

    drwxr-xr-x 2 root root 6 Nov 2 19:37 Videos

    Each line can be divided into 8 fields:

    -|rw------- | 1 | root | root | 1206 | Nov 2 19:40 | anaconda-ks.cfg

    1. File Type: - indicates a regular file. Other types include:

      • d: directory
      • l: link file
      • b: block device file

    2. Permissions: Divided into three groups (owner, group, others), with an additional + indicating ACL permissions.

    3. Number of Links: For directories, this represents the number of subdirectories; for files, the number of hard links.

    4. File Owner: The owner of the file.

    5. Group Owner: The group owning the file.

    6. File Size: Size of the file in bytes.

    7. Last Modification Time: Last time the file content was modified. Use stat command to view all timestamps:

    [root@1060a ~]# stat anaconda-ks.cfg

    1. File Name: The name of the file.

    II. Basic Permissions

    Permissions define what actions users can perform on files. Basic permissions in Linux are:

    • r (read)
    • w (write)
    • x (execute)

    Effect of Permissions on Files and Directories:

    • Files:

      • r: Read file content.
      • w: Modify file content.
      • x: Execute the file as a command.

    • Directories:

      • r: Read the directory content.
      • w: Modify directory content.
      • x: Enter the directory.

    Determining Permissions:

    • When running a command, a process is created with the user's UID and GID.
      • If the process UID matches the file UID, the user permissions apply.
      • If the process GID matches the file GID, the group permissions apply.
      • Otherwise, the others' permissions apply.
    • Permission priority: user > group > others.

    Modifying Permissions:

    • Use chmod to change permissions.
    • Symbolic Mode:

    chmod [options] u/g/o/a +/-/= filename

    • u: user
    • g: group
    • o: others
    • a: all
    • Numeric Mode:

    chmod [options] permissions filename

    • Permissions are represented by three digits, e.g., 755.
    • Examples:

    chmod 777 file1

    chmod 651 file1

    • Changing Ownership:
      • Use chown to change file owner and group:

    chown [options] [OWNER][:[GROUP]] FILE...

    • Examples:

    chown admin file1

    chown :admin file1

    chown user1:user1 file1

    III. Special Permissions

    Representation of Special Permissions

    Permission Symbol Corresponding Number
    suid s 4
    sgid S 2
    sticky T 1

    Types of Special Permissions:

    1. SUID: When a user executes a file with SUID, they execute it as the file owner. It applies only to executable files.

    chmod u+s filename

    1. SGID:
      • Files: Similar to SUID but for groups.
      • Directories: Files created within inherit the directory's group.

    chmod g+s filename/dirname

    1. Sticky Bit: Only file owners and root can delete files in a directory with this permission.

    chmod o+t dirname

    Setting Special Permissions with Numeric Mode:

    chmod 4xxx filename # SUIDchmod 2xxx filename/dirname # SGIDchmod 1xxx dirname# Sticky bit

    IV. Hidden Permissions

    Types of Hidden Permissions:

    1. i Permission: Immutable. Cannot modify or delete the file.
    2. a Permission: Append-only. Can only add to the file.

    Managing Hidden Permissions:

    • Use chattr to set hidden permissions:

    chattr +/- permission filename

    • Use lsattr to view hidden permissions:

    lsattr filename

    V. ACL Permissions

    Access Control Lists (ACLs) provide fine-grained permissions for files and directories.

    Viewing ACLs:

    • Use ls -l to see if a file has ACL permissions (indicated by a + at the end).
    • Use getfacl to view ACL details:

    getfacl filename

    Setting ACLs:

    • Use setfacl to manage ACLs:

    setfacl [options] filename/dirname

    • Common Options:
      • -m: Modify ACL.
      • -x: Remove a specific ACL.
      • -b: Remove all ACLs.
      • -d: Set default ACLs.
      • -k: Remove default ACLs.
      • -R: Recursively set ACLs.
    • Examples:

    setfacl -m u:st:r file

    setfacl -m g:stg:rx file

    setfacl -x g:stg file

    setfacl -x u:st file

    setfacl -b file

    setfacl -dm u:user1:rwx,g:user1:rx dir

    Reply Favorite View the author
    All Replies

    No replies yet