Home>Article>Operation and Maintenance> What information is stored in linux file permissions
Linux file permissions store three types of information: 1. The permission information of the file owner, that is, the permission information of the user who owns the file or directory; 2. The permission information of the group to which the file owner belongs, that is, the permission information of the user who owns the file or directory. The permission information of the group of the file or directory; 3. The permission information of other users, that is, the permission information of other people except the owner and the group.
#The operating environment of this tutorial: linux7.3 system, Dell G3 computer.
Linux file permissions store the permissions of the file owner, the permissions of the file owner's group, and the permission information of other users.Corresponds to 3 types of access identities (file owner, group, other users)
Folders are actually files
Ordinary files What is saved is text information, and what the folder saves is the directory entry information of the files under the current folder
Directory entry: it is the file name and file index
1. Readable permissions (read): Allows viewing the contents of files or folders, displaying directory lists
2. Writable permissions (write): Allows modifying file contents, allowing directory listing Create, move, delete files or subdirectories in
3. Executable permissions (execute): Allow the program to switch directories
1. File Owner: the user account that owns the file or directory--"Owner--user--"u
2. Group: the group account that owns the file or directory-- 》Organize the community--group--》g
3. Others (other): In addition to the owner and other people in the group--》outsiders--others--》o
# ls -al up.txt -rw-r--r--. 1 root root 126 4月 9 16:59 up.txt
1.1、第一列一般十个字符组成 第一个字符表示文件类型 f 为文件 d 为文件夹 l 为链接文件 b 为块设备文件(block) --》磁盘设备文件 c 为字符设备文件 --》显示字符相关 p 为管道文件 s 为socket文件 --》进程通信的 1.文件socket 本机上的不同进程之间通信的方式 2.网络socket ip:port 不同的机器之间的不同的进程通信,192.168.0.123:3
File descriptor: The Linux kernel creates a file descriptor table for each process. This table records all the files opened by the process. In order to facilitate the process to know which files it has opened, it is given to each process. Each file is numbered, and this number is the file descriptor. Moreover, when a process reads or writes a file, it directly uses the corresponding number and no longer uses the file name.
Linux System The traditional permission control method is nothing more than using three identities (file owner, belonging group, other users) and matching them with three permissions (read r, write w, access x). For example, we can use the ls -l command to view the detailed information of all files in the current directory, which includes the permission settings for each file:
# ls -l total 36 drwxr-xr-x. 2 root root 4096 Apr 15 16:33 Desktop drwxr-xr-x. 2 root root 4096 Apr 15 16:33 Documents ... -rwxr-xr-x. 2 root root 4096 Apr 15 16:33 post-install ...
In the above output information, "rwxr-xr-x" indicates Different users have permissions to access files, that is, the file owner has read, write, and access permissions to the file (rwx), the group to which the file belongs has read and access permissions to the file (r-x), and other users have read, write, and access permissions to the file. Access permissions (r-x).
The characters before permission indicate the specific type of file, such as d indicates directory, - indicates ordinary file, l indicates connection file, b indicates device file, etc.
But in practical applications, the above three identities are not enough at all. Let me give you an example.
There is a /project directory in the root directory of the above picture, which is the project directory of the class. Every student in the class can access and modify this directory. The teacher needs to have the highest permissions for the directory. Of course, students in other classes cannot access this directory.
How do I need to plan the permissions of this directory? It should be like this. The teacher uses the root user as the owner of this directory, and the permissions are rwx; all students in the class join the tgroup group, making the tgroup group the owner of the /project directory, and the permissions are rwx; the permissions of others are set to 0 (that is ---). In this way, the permissions to access this directory meet our requirements.
One day, a trial student st came to the class. She must be able to access the /project directory, so she must have r and x permissions on this directory; but she has not studied previous courses, so She cannot be given the w permission because she is afraid that she will change the wrong content in the directory, so the permission of student st is r-x. But how to assign her identity? Become the owner? Of course not, otherwise where should I put the root? Join a tgroup? It doesn't work, because the permissions of the tgroup group are rwx, and we require the permissions of the student st to be r-x. What if you change other people's permissions to r-x? This will make the /project directory accessible to all students in other classes.
Obviously, the three identities with normal permissions are not enough, and it is impossible to set access permissions for an individual user. In this case, you need to use ACL access control permissions.
ACL is the abbreviation of Access Control List. In Linux systems, ACL can set permissions for a single user to access files. It can also be said that in addition to setting file access permissions in the traditional way (three identities with three permissions), you can also use ACL to set it. Take the st student in this example. Since giving it the three traditional identities cannot solve the problem, you can consider using ACL permission control to directly set r-x permissions for accessing files for the st user.
Related recommendations: "Linux Video Tutorial"
The above is the detailed content of What information is stored in linux file permissions. For more information, please follow other related articles on the PHP Chinese website!