一、文件权限
权限对象:
权限类型:
1
2
3
4
5
6
|
[root@jeson ~] # chmod u+x file1 //属主增加执行 [root@jeson ~] # chmod a=rwx file1 //所有人等于读写执行 [root@jeson ~] # chmod a=- file1 //所有人没有权限 [root@jeson ~] # chmod ug=rw,o=r file1//属主属组等于读写,其他人只读 [root@jeson ~] # ll file1 //以长模式方式查看文件权限 -rw-rw-r-- 1 alice it 17 10-25 16:45 file1 // 显示的结果 |
1
2
3
|
[root@jeson ~] # chmod 644 file1 [root@jeson ~] # ll file1 -rw-r--r-- 1 alice it 17 10-25 16:45 file1 |
1
2
3
4
5
6
7
8
|
[root@jeson ~] # groupadd hr [root@jeson ~] # useradd hr01 -G hr [root@jeson ~] # useradd hr02 -G hr [root@jeson ~] # mkdir /home/hr [root@jeson ~] # chgrp hr /home/hr [root@jeson ~] # chmod 770 /home/hr [root@jeson ~] # ll -d /home/hr/ drwxrwx---. 2 root hr 4096 3月 13 14:26 /home/hr/ |
1
2
3
4
5
6
|
[root@jeson ~] # mkdir /home/test [root@jeson ~] # vim /home/test/file1 [root@jeson ~] # chmod 777 /home/test/file1 [alice@jeson ~]$ rm -rf file1 rm : cannot remove `file1': Permission denied |
==测试2:alice用户对目录有写权限
1
2
3
4
5
6
7
8
9
10
11
|
[root@jeson ~] # chmod 777 /home/test [root@jeson ~] # chmod 000 /home/test/file1 [alice@jeson ~]$ cd /home/test [alice@jeson test ]$ ll ----------. 1 root root 3 Mar 13 14:45 file1 [alice@jeson test ]$ cat file1 cat : file1: Permission denied [alice@jeson test ]$ rm -rf file1 [alice@jeson test ]$ touch file2 [alice@jeson test ]$ mkdir dir2 |
二、文件权限管理之二: 特殊权限
[root@jeson ~]# chmod u+s /bin/cat [alice@jeson ~]$ cat /root/install.log
[root@yangs ~]# groupadd sale [root@yangs ~]# useradd sale01 -G sale [root@yangs ~]# useradd sale02 -G sale [root@yangs ~]# id sale01 uid=5006(sale01) gid=5006(sale01) groups=5006(sale01),508(sale) [root@yangs ~]# id sale02 uid=5007(sale02) gid=5007(sale02) groups=5007(sale02),508(sale) [root@yangs ~]# mkdir /home/sale [root@yangs ~]# chgrp sale /home/sale [root@yangs ~]# chmod 770 /home/sale [root@yangs ~]# chmod o+t /home/sale [root@yangs ~]# ll -d /home/sale drwxrwx--T 2 root sale 409609-0202:26/home/sale
示例3:普通用户启动1024下的端口
Tips:操作系统默认只允许root用户使用1024下的端口。
1
2
3
4
5
6
7
8
9
10
11
|
#ll /usr/bin/nc -rwxr-xr-x 1 root root 25864 Jan 7 2007 /usr/bin/nc #chmod u+s /usr/bin/nc tty :[1] jobs:0] cwd:[~] #su - jeson tty :[1] jobs:0] cwd:[~] $nc -l 40 //通过nc监听40这个端口 #netstat -an|grep 40 tcp 0 0 0.0.0.0:40 0.0.0.0:* LISTEN |
[root@yangs ~]# chmod 3770 /home/sale [root@yangs ~]# ll -d /home/sale drwxrws--T 2 root sale 409609-0202:26/home/sale
三、文件权限管理之三: umask
[root@jeson ~]# umask //查看当前用户的umask权限0022 [root@jeson ~]# umask -S u=rwx,g=rx,o=rx [root@jeson ~]# umask 000 //设置umask权限 [root@jeson ~]# umask 0000 [root@jeson ~]# touch file8 //创建file8文件 [root@jeson ~]# mkdir dir8 //创建目录 [root@jeson ~]# ll -d dir8 file8 //查看文件目录权限 drwxrwxrwx 2 root root 409610-2614:10 dir8 -rw-rw-rw-1 root root 010-2614:10 file8 [root@jeson ~]# umask 022 [root@jeson ~]# umask 0022
[root@jesonc_com ~]# umask 060
[root@jesonc_com ~]# touch file060.txt
[root@jesonc_com ~]# ll file060.txt
-rw----rw- 1 root root 0 10月 29 14:29 file060.txt
[root@jesonc_com ~]# touch file060_2.txt
-rw----rw- 1 root root 0 10月 29 14:30 file060_2.txt
[root@jesonc_com ~]# (umask 060;touch file060_sub.txt)
[root@jesonc_com ~]# ll file060_sub.txt
-rw----rw- 1 root root 0 10月 29 14:31 file060_sub.txt
[root@jesonc_com ~]# touch file060_sub2.txt
[root@jesonc_com ~]# ll file060_sub2.txt
-rw-r--r-- 1 root root 0 10月 29 14:31 file060_sub2.txt