Linux file permissions and directory management details

1. Three identities of the Linux file system

1) file owner
2) users in the same group
Users of the same user group can access the files of that user group;
Each account can join multiple user groups.
Files in the same user group can also be set different permissions, you can not let the group of users to see.
3) others
Other than the file owner, the same group of users are other people.
PS: /etc/passwd records all user accounts
/etc/shadow records all user passwords
/etc/group records all group names

2. File properties

ls-al displays all file names and associated properties (including hidden files beginning with.)

total 72
drwxr-xr-x+ 28 chaibozhou staff  952 4 23 08:08 .
drwxr-xr-x  5 root    admin  170 4 13 21:24 ..
-r--------  1 chaibozhou staff   9 3 21 12:00 .CFUserTextEncoding
-rw-r--r--@ 1 chaibozhou staff 10244 4 23 11:25 .DS_Store
drwx------  5 chaibozhou staff  170 4 23 14:13 .Trash
-rw-------  1 chaibozhou staff  3205 4 23 16:37 .bash_history
drwxr-xr-x  6 chaibozhou staff  204 4 4 15:51 .config

Column 1: file type and permissions
d: directory files
- : normal file
l: link files
b: device file used to store data
c: device files used to transfer data: mouse, keyboard

The next three characters are a group of 1, representing respectively the permission of the file owner, the permission of the same group of users and the permission of other users, and the order of r, w and x is fixed.

Column 2: how many file names are connected to this node

Column 3: the owner account of the file/directory
Column 4: the user group to which this file belongs
Column 5: the size of this file in B
Column 6: the date the file was created or modified
If you want a complete date and time, you can add the following parameters to ls: ls-l and full-time
PS: in Linux's command, if the argument begins with -, the following argument is abbreviated; If it begins with --, the argument is complete. Here, full-time is a complete parameter.
PS: if you have installed Linux in Chinese, the full date should be displayed in Chinese, but Chinese cannot be displayed in the command window. At this time, there will be scrambled codes. At this time, you can only set 1, so that the date can be displayed in English: LANG=en_US
Column 7: file name

3. Importance of the Linux authority

1. Function of protecting system files
Usually only root administrators have the right to read, write, and execute system files.
2. Provide the function of data sharing for team development
The same development team can be set up to share files with the same group of users.

4. Command to change file properties and permissions

1. chgrp: change the user group to which the file belongs
chgrp [-R] new user group directory or file: change the user group of the file in this path to "new user group"
PS: this new user group 1 must be under /etc/group, otherwise an error will be reported.
PS: if the last parameter is a directory, change the user group of only the files in that directory to this one.
PS: -R means that if the last parameter is a directory, change the user group of the files in the current directory along with all the files in the subdirectory to this.
2. chown: change the file owner
chown [-R] username file or directory: change the file owner of all files in this directory to this username.
PS: this username must be under /etc/passwd.
This command can modify both the file master and the user group: chown [-R] user name: user group name directory/file
chown [-R] user name. User group name directory/file
PS: because the user name can have a decimal point, when the user name with the decimal point appears, the system will misjudge, so we usually use: to connect the user name and the user group name.
You can also change user group name only: chown [-R]. User group name directory/file
When do you need to change the file master and user group for the file?
When we copy a file to others, we assume that the file can only be read by the file master. Because copying copies the permissions of the file and all the attributes of the file with 1 copy, then another person will still be unable to access the file after getting the copy. So after the copy is complete, the first person should modify the file's properties and permissions.

cp original/original file new directory/new file
1. chmod: change the permissions of the file
There are two ways to change the permissions of the file, which are: using Numbers to modify the permissions, and using symbols to modify the permissions.
a) modify permissions with Numbers
As we already know, the permissions are composed of nine letters, and each of them is a group of three, indicating: the permissions of the file owner, the permissions of users in the same group, and the permissions of others. In this way, r = 4, w = 2, x = 1, and the three values of each group are added together to form a single three-digit number. Such as:
File master: rwx = 4+2+1 = 7;
Users in the same group: rwx = 4+2+1 = 7;
Others: -- = 0+0+0 = 0;
So the command is as follows:

chmod [-R] 770 files/directories

b) use symbols to modify permissions
chmod u/g/o/a + / - / = r/w/x file/directory
Example: file master can read, write and execute; The same group of users and other users can read and execute.
chmod u=rwx,go=rx
Suppose you didn't know the properties of the file, but now you just want everyone to be able to execute the file:
chmod a+x files/directories
Suppose you didn't know the properties of the file before, but now you just want the same group of users and other users to be unable to write, then:
chmod go-w files/directories
The meaning of directory and file permissions

A file has rwx, which simply means that the user can read, write, and execute the contents of the file, that is, read the contents of the file, write to the file, and execute the file. You do not have permission to delete this file.

1 directory with rwx:
r: means that I have permission to read the directory structure, which means that I can view the directory structure through the command ls, but I cannot get into the directory through cd.
w: represents permission to change the directory structure, that is, the ability to create/delete/rename/move files/directories.
x: indicates that a user can access this directory through cd.
PS: whether a directory has the x permission is very important. If there is no x permission, it means that you cannot enter this directory, that is, you cannot execute all the programs in this directory. Example: there are 1 directory files as follows

drwxr--r-- 3 root root 4096 date.ssh
The same group of users and other users of this directory file can only view the structure of the directory through ls, not cd into this directory, nor can they execute all the programs here.

When you are on a shelf, you want to give some resources in the server to the outside world for access, but if a directory only has the r permission open, then only the ls directory structure can be entered into this directory to access the data inside. If you want to open the data in the directory for others to browse, you should at least open the r and x permissions, but the w permissions cannot be easily opened. Such as:

Suppose you have an account name user1, her home folder is: /home/user1, user1 has the rwx permission for this directory file, in this folder there is an data file, the permission is as follows: -rwx -- 1 root root... , then:
user1 belongs to other users for this file and does not have any permissions; But for this folder, it has rwx, which allows you to view the directory structure of the folder through ls, which allows you to access the folder through cd, which allows you to create, delete, rename, and move files under this folder.

Use the root account to create a directory /dir under /temp with permission of 744; Then create the file test under /dir.
Analysis: for the directory dir, the file master rwx, the same group of users and other users can only r; That is, the file owner can ls this directory structure, can cd to this directory, can create, delete, rename, move files in this directory; The same group of users and other users can only ls the directory structure.
PS: create directory: mkdir directory name
PS: create empty file: touch filename

 # use root Identity does the following 
cd /temp
mkdir dir
chmod 744 dir
touch dir/test
chmod 600 dir/test  For this file, the file master 4 + 2 : read and write, the same group of users and other users can do nothing 

 Now switch identity to chai
su - chai # Switch identity command: su -  The user name 
cd /temp
ls -l dir # Now the identity is chai For this directory, other users, then only r Permission, which means only ls This directory structure, can not cd Go to this directory 
cd dir # Direct error reporting: permission denied

exit # Exit to the same identity 
chown chai /temp/dir # will dir The file in this directory is changed to chai At this time, chai with rwx permissions 
cd /temp/dir # At this time chai can cd to dir In, can be in dir Create, delete, rename, move files 
rm test # delete test file 

5. Linux file type

General file -
1. Plain text files
You can view chai via cat /chai.
2. Base 2 file
Executable files in Linux (scripts and word batch files do not count).
So cat is a base 2 file.
3. Data format files
A file with a specific format, such as a configuration file, that is read while the program is running.
For example, when users log in Linux, the log-in log will be recorded in the file /var/log/wtmp, which is a data format file.
PS: data format files need to be read by last.

Directory file d

Connection file l
That's the shortcut under Windows.

Device file
1. Block device file b
A device file used to store data, such as a hard disk or floppy disk.
2. Character device file c
A device file used for data transfer, such as a keyboard or mouse.
3. Socket s
The device file is in /var/run.
4. Pipe p
Used to resolve errors caused by multiple programs accessing a file at the same time.

6. Linux extension

Linux does not have an extension, and whether a file of Linux can be executed depends on whether x has the permission in the properties of the file.
However, in order to improve the readability of the file, we added an "extension" to the file.
*.sh represents a script or batch file.
* Z, *.tar, *.tar.gz, *.zip, *.tgz they are all compressed files.
PS: the permissions of files downloaded from the Internet are subject to change, so when the downloaded file fails to run, we will check whether it has the permissions of x.

7. Limitation of documents by Linux

Linxu USES the Ext2/Ext3 file system by default. The length of the file name is limited to:
The maximum length of a single file name or directory name is 255 characters.
The maximum length of a full file or directory name is 4096 characters.
Avoid special characters when naming files.

8. Linux directory configuration standard

Due to the large number of vendors developing Linux distribution, the file system configuration specification (Filesystem Hierarchy Standard = FHS) is required to standardize the file system developed by these vendors.

FHS for the four types of directory specifications:

1. Shareable directories
Indicates that this directory can be Shared for use by other hosts mounting on the network.
2. Unshareable directories
Device files that can only be run on your own machine, or socket files related to your program, cannot be Shared with other hosts because they are only related to your own machine.
3. Unchanged directory
No matter what distributions is, these directories are fixed, and the file data in the directory is basically unchanged. These directories contain function libraries, system configuration files, etc.
4. Variable directories
Data 1 for files in these directories can change, such as log files.
The root directory is the most important directory of the whole system, all other directories are derived from the root directory, and the root directory is also related to boot, restore, system repair and other operations.

FHS recommends that the root directory be small enough that the application should not be on the same partition as the root directory.

FHS suggests that you must have these directories in the root directory:
- /bin: commands in the bin directory can be used by all accounts. The 1-like commands are: cat, chmod, chown, date, mv, mkdir, cp, bash
- /boot: open up the files you will use
- /dev: any device is stored as a file in this directory
- /etc: the main system configuration files are located in this directory. The properties of the files in this directory are available to all users, but only root can be modified. FHS recommends that you do not place executable files in this directory.
- /home: system default user home folder.
~ represents the home folder of the user currently logged in
~ chai represents the home folder for the specified user
- /lib: store the library functions used at startup and the library functions used by the commands in /bin and /sbin directories.
- /media: place erasable device files. Such as: floppy disk, CD.
- /mnt: if you want to temporarily mount some extra devices, put them in this folder.
- /opt: directory where third party software is located
- /root: system administrator's home folder
- /sbin: place the commands needed during the boot process, including the commands needed to boot, repair, and restore the system
- /srv: short for service, which holds some data required for web services.
- /tmp: 1 place where users execute programs to store data temporarily. Anyone can access it, so clean it up regularly. FHS recommends that distributions clear this directory when it starts up.

Other important directories:
- /lost+found: 1 directory generated using the ext2/ext3 file system. When a file system error occurs, 1 missing fragment is placed in this directory.
- /proc: is a virtual file system, which means its data is stored in memory and does not occupy the hard disk space.
- /sys: also a virtual file system that records kernel-related information.

When booting, only the root directory is mounted, and the partition where the other directories are located is mounted after the system is started. Therefore, the directory associated with the boot process must be in the same partition as the root directory. Directories that must be in the same partition as the root directory include:

/etc: configuration file
/bin: important executable file
/dev: required device files
/lib: library functions needed to execute the file and modules required by the kernel
/sbin: important system execution files

/ usr directory
= UNIX Software Resource, the directory where the operating system's key resources are located.
FHS suggests that all software developers place their data in subdirectories of this directory, rather than creating separate directories themselves.
This directory is equivalent to c:\program files.

/ var directory
/usr stores the larger files needed to install the program, while /var stores the files under /var during the program's execution, gradually occupying the hard disk's directory. Such as: cache, log, etc.

Each directory can not only mount the local file system, but also use the file system on the network. You can mount the specified directory of the network mountain using Network File System server =NFS server.

The above is the entire content of this article, I hope to help you with your study.