Linux permissions

Australopithecus north 2022-11-24 20:26:18 阅读数:88

linuxpermissions

在这里插入图片描述

权限

权限的概念

权限:restrictive,It is also possible that things do not have this property naturally;
换而言之:权限=人+事物属性;Is one thing allowed to be done by whom??
就比如:We watch TV on iQiyi,For average users may see little video,但对与vipThere's a lot to see,That is, ordinary users do not have permission to watch wonderful videos!;这是对人;
let's talk about something:Like iQIYI is obviously a look at the video software,But now you want to brush in the above code,这显然是不可能!Because iQiyi is not born with this attribute,So it is not allowed to brush codes on iQiyi!!

LinuxThe above user categories

在LinuxThe environment is divided into two main users:
1、root(超级管理员),can do almost anything;
2、普通用户,权限受到限制;

普通用户和root用户之间的切换:
命令:su [用户名]
功能:切换用户.

例如,要从root用户切换到普通用户user,则使用 su user. 要从普通用户user切换到root用户则使用 su
root(root可以省略),此时系统会提示输入root用户的口令.
在这里插入图片描述
在这里插入图片描述
Of course, we can also use shortcut keys:Ctrl+dSwitch directly back to the original identity;
当然命令su -
It also supports us to switch from ordinary users toroot用户的:
在这里插入图片描述
But compare usingsu登录root用户:
在这里插入图片描述

We can find that they are all switched from ordinary users toroot用户,But after switching and playing, the directory we are in is different,利用su -切换的rootusers directlyroot账号进行登录,At this time, ordinary users androotThe user is two people,For this we log inrootuse whereroot/的工作目录下;当我们利用su进行切换root用户时,At this time, ordinary users androot用户是同一个,It is equivalent to the promotion of ordinary users,power has grown,So its working directory is stillhome/wzy下面;

Linux文件属性

The first attribute is a file may have:读、写、执行;
就比如下图:
在这里插入图片描述
Let's now analyze what each column represents:
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
前面3are relatively obvious,Next we get to the big game:
在这里插入图片描述
We will now its amplification:

在这里插入图片描述
we're segmenting it,Now we discuss the meaning of the first letter of this string of characters:
the first letter is inLinuxIndicates the type of file,Use different letters to indicate different file types;
Our common file types are abovedbeginning with and following directly with-开头的:
在这里插入图片描述
These two file types are what we have inLinux中比较常见的;
Of course there are other types of files:

d:文件夹
-:普通文件
l:软链接(类似Windows的快捷方式)
b:块设备文件(例如硬盘、光驱等)
p:管道文件
c:字符设备文件(例如屏幕等串口设备)
s:套接口文件

在LinuxThe operating system in the system uses these to identify the type of a file,And like the suffix of the file,比如:.txt、.ppt、.c、.java等等再LinuxThe operating system in the system does not recognize them,Linuxtreat them as part of the filename!!!!
这点格外重要!!!
Let us give an example to showLinuxThe system doesn't care about the file suffix:
在这里插入图片描述

我们现在向test1.cA relatively simple code is written in the file:
We compile the him now:
在这里插入图片描述
现在我们来执行一下a.out文件:
在这里插入图片描述
成功运行,现在我们将a.out改个名字,See if it still works successfully
在这里插入图片描述
我们可以看到,我们将a.out 文件改为a.txt文件过后LinuxThe system also helps us run the office results!!!If we change the name and then runa.txtIf the file has no execution result,Our above conclusion is wrong,But now we run the result,That means our conclusion above is correct.,如果还不相信,we can go ahead and change the name!!:
在这里插入图片描述
We can send first and still run the results!!
这也就证实了在LinuxThe suffix of the file in the system does not play any role,just part of the filename!!
so how do we treatLinuxWhat about the suffix of the file in?

1、想用就用,To put it bluntly, the suffix is ​​to give people 看的,只有LinuxI just don't understand,we humans can understand;
2、Treat the suffix as part of the filename!

Then some readers may have doubts at this time.,既然LinuxThe system will not use the file extension to identify the file type,then i will nowtest1.c文件改一下,We will now change it totest1.txt:
在这里插入图片描述
Well now the same,我gcc来编译一下:
在这里插入图片描述
唉,发生错误了!!!The previous conclusion is wrong!!!
其实并不是这样的,We've been saying yesLinuxThis system does not identify file suffix!,而不是LinuxThe following software system,We have said before that every instruction is a program,LinuxThe system may not recognize the file extension,但是gccThis software must pass the file extension to compile the source file**,一个是Linux系统不识别文件后缀名,一个是LinuxThe software under the system needs to recognize the file extension,两者并不冲突!!!** linuxThis system does not recognize the file extension,It does not mean that the software under the system does not recognize!!!
So our above conclusion is correct!
----------------------------------------------------------------------------------------------

Let's introduce
在这里插入图片描述
后面这9meaning of characters;
Before understanding this meaning, we need to first understand:拥有者、所属组、Others several concepts:
也就是图中:
在这里插入图片描述
Two circles of red strings;
在LinuxIt has three main roles:文件拥有者、文件所属组、其他人;
Then the file owner and others are well understood,So what is the group to which the file belongs??Why there is a group to which the file belongs?
举个例子:
First assume that there is no concept of the group to which the file belongs

Now there is Xiao Wang and Xiao Li,They are now in different groups in the company,They are working on the same project now,Where Xiaowang isAThe group replays the written code in theCodeA这个文件夹里面,Where Li isBThe group will place the code they write in theCodeB文件夹里面;(Since it is the same company,They are using the same machine)
在这里插入图片描述
Now Xiao Wang wrote atest.ccode put it inCodeA的文件夹里面,现在AThe team leader wants to see the code written by Xiao Wang,But he can't view the code written by Xiao Wang now,because he is now equivalent totest.cfile is not the owner of the file,而是其他人,Naturally, there is no accesstest.c文件,Then Xiao Wang said to the group leader:“sorry team leader,I didn't give you permission,我给你开一个!”,Then Xiao Wang opened the permission to allow others to read,At this time the group leader saw,But Xiao Li, who is in a competitive relationship, can also see the code written by Xiao Wang,it's not good!In this case, wouldn’t Xiao Wang’s code be at risk of being exposed?!为了解决这个问题,LinuxIntroduced the concept of the group to which a file belongs,Just like now as long as it isAAll members of the group can access thetest.c文件,但是身为BXiao Li in the group will be identified as someone else by the file,will not be allowed to access!!!In this way, the security and privacy of files are not guaranteed.!!这也是LinuxWhy is there a concept of the group to which the file belongs in!

回归主题:
在这里插入图片描述
A string of strings circled in red in the figure,means the owner of the document!
在这里插入图片描述
The red circle in the figure represents the group to which the file belongs!!
Then others?
在Linux系统中,when you access a file,The system returns your identity and file owner、The file belongs to group of the two roles for matching,If the match will show that you are one of their own success、If the match fails you are someone else!!That's why there's no one else on here!
----------------------------------------------------------------------------------------------------
好了,Now that we are clear about these three concepts, after,Let's understand after the first column9The meaning represented by the line string:
在这里插入图片描述

我们前文说了,The attributes that a file can have are:可读、可写、可执行;
Now we will this9个字符,每3watch as a group:
在这里插入图片描述
The first group represents文件拥有者的权限
可读(r)
可写(w)
可执行(x)
The second group represents theFile according to the subordinate groups have permissions
当然如果是以-来表示的,Then it means that there is no corresponding permission for this location,as in the second group,The permissions of the group to which the file belongs are:可读、不可写、可执行;
The third group represents thePermissions other people have:
The rights of other people shown in the figure have:可读、不可写、可执行!;

So now let's integrate comprehensive knowledge to interpret the attributes of a specific file
Let's take a look at the actual:
在这里插入图片描述
First the file name is:lesson1.tgz
最近修改时间:11-23 15:21
文件大小是:236字节
文件拥有者:wzy
文件所属组:wzy
然后第一个-means that the file is inLinuxIt is an ordinary file under the system;
接下来:The file owner has:可读、可写、不可执行的权限;
文件所属组:可读、可写、不可执行的权限;
其他人:可读、不可写、不可执行的权限;

The above is our general understanding of a building attribute!
There may be a friend to realize we may have a parameter without explanation:

在这里插入图片描述
这个参数代表着:连接数In the late post updated understanding of and it back!!

权限的表示方法

In fact we have realized the above permissions of a representation:直接用r、w、x、-来表示;
corresponding position 可读 Permission to use r 来表示,use if none - 来表示;
corresponding position 可写 Permission to use w 来表示,use if none - 来表示;
corresponding position 可执行 Permission to use r 来表示,use if none - 来表示;
那么我们可以用1to indicate that the permission is granted to the location,0Indicates that the location does not have this permission;
and it happens to be3个位置,那么美3A binary group represents a8进制数字,In general a file owner、文件所属组、其他人的权限,可以用3个8进制数来表示:
比如:
在这里插入图片描述
Finally, the permissions of the file can be used
rwxr-xr-x来表示,
也可以用3octal integer representation
755;
These are the two ways of expressing the permissions of a file.!
1、字符表示方法
在这里插入图片描述
2、八进制数值
在这里插入图片描述

文件访问权限的相关设置方法

在linuxOf course, we use commands to modify

命令chmod
蓝色:chmod 选项 权限 文件名
功能:改变文件的访问权限;
常用选项:
-R:递归修改目录文件的权限;
注意:
修改一个文件的权限,Only files that have androot用户可以做到!
+表示增加权限
-表示减少权限
=表示赋值权限
用户符号:
u:拥有者
g:所属组
o:其他人
a:所有人
实战演练:
在这里插入图片描述
现在我们看到test1.txtThe permissions for the file owner is readable、可写,We also do usecatcommand readtest1.txt文件里面的内容:
现在我们:我们利用命令chmod u-rw test1.txtRemove the read and write permissions of the file owner:
在这里插入图片描述
We can't to write naturally:
在这里插入图片描述

Of course, in addition to changing the permissions of the file owner, we can also change the group to which the file belongs.、其他人的权限:
在这里插入图片描述
Of course we can also batch process:
在这里插入图片描述
当然我们也可以利用ato represent all roles,Assign permissions to them:
在这里插入图片描述
Then we introduce the use of the equal sign:
在这里插入图片描述
=Number can only assign a permissions at a time,不能向+ 、-batch assignment;
Of course we can talk-R选项,This common user uses,并不是那么好用,如果是rootIt is very smooth for users to use,Our ordinary users can only recursively modify writable permissions!!
If we recursively modifyx权限,Then when we encounter a directory, we will not be able to enter it.,We removed the executable permission of this directory,We also cannot open the directory,Enter its subdirectory to operate,In the same way, we cannot recursively modify the readable permissions,If we modify,Although we can enter the directory,But we can't know what's in the directory,Naturally, it cannot be modified:
在这里插入图片描述
We now recursively modify the writable permissions of its subdirectories:
在这里插入图片描述
We can see that it's easy to do,Then we have to modify its executable permissions:
在这里插入图片描述
很明显失败了:
在这里插入图片描述

很明显lesson2Executable permission has been revoked by us,我们无法打开lesson2files into its subdirectories!!为此我们cd、llneither can jumplesson2内部,也无法查看lesson2内部,因为我们的lesson2Executable permission has been revoked,我们没有权限打开lesson2!!!
But we want to look at the enemylesson2Have the permissions of the internal subdirectories changed?,我们可以利用rootidentity to see,在Linux中rootIt's just a coercive existence!!!,He ignores permissions set by anyone even though it appears to be someone else in the file!!
在这里插入图片描述

Of course, ordinary users cannot directly modify readable permissions recursively.(It's okay to add),If we once modified,Then it is similar to the situation of canceling the executable permission above.!Although we enterlesson2内部,But since we removed its read permission beforehand,Of course we don't knowlesson2what's in it,I can't even find its content,how do we talk about canceling!!For this, we cancel tolesson2这一层,The system will be an error,say we don't have permission:
在这里插入图片描述
当然对于root除外!!!(rootthis old fucker!!!)
-------------------------------------------------------------------------------------------------------------------------------
Of course, as we said above, the representation of permissions is not only directly represented by this letter,We can also use three octal integers to represent!!!
Then the same modification command is also:
在这里插入图片描述
We must enter three octal digits,If only one is not enough:
在这里插入图片描述
很明显报错!!!
------------------------------------------------------------------------------------------------------------------------------------
Of course, in addition to modifying the permissions of the file,We can also assign the file's owner、Belongs to group of:
This requires us to use the command:
改变拥有者:

chown
功能:修改文件的拥有者
格式:chown [参数] 用户名 文件名
常用选项:-R 递归修改文件或目录的所属组

现在我们先来看看homeHere are those people:
在这里插入图片描述
我们可以看到home里面有ikun、lighthouse、wzy三个小伙伴,现在我是wzy;
I now want totest1.txt文件给ikun,We can use the commandchown ikun test1.txt
在这里插入图片描述
The reason for the failure here is also well understood,就是权限不够,To understand from life is,Do we need to discuss with others before we give things to others??当然要啊!we can't give everything to others,without the consent of others,it's impolite!But in reality, it is also impractical for us to inform the other party every time we transfer a file.,In this way, the other party will not only annoy you,The other party will also be annoyed!!But as an ordinary user, I can't force stuff on others,rootThis hook is okay!this guy has power,你不要?“打”you want!
For this we can switch toroot身份,crammingikun:
在这里插入图片描述
Successfully stuffedikun,Now we cut the ring back,我们再去访问test1.txtThe file is accessed as the group to which it belongs.:
在这里插入图片描述
We can of course read its content directly,Because there is belong to group can read permission!!
-----------------------------------------------------------------------------------------------------------------------------

chgrp
功能:修改文件或目录的所属组
格式:chgrp [参数] 用户组名 文件名
常用选项:-R 递归修改文件或目录的所属组

当然我们也可以改变test1.txt文件的所属组,But we are nowtest1.txt文件的所属组,not the owner of the file,It's natural to think that we can't change it.!!!;
We still have to switch toroot的身份!!,no wayrootIt's a joke!
在这里插入图片描述

我们切换成root:
在这里插入图片描述
We can see that it is very successful and we changed it.!!!
所以说,在Linux中rootthe power is really great,we must use with cautionroot!!!

copyright:author[Australopithecus north],Please bring the original link to reprint, thank you. https://en.javamana.com/2022/328/202211242005282983.html