Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Advanced permissions Linux file system settings     - Security Features Linux and Unix operating system, programming (Linux)

- Java string intern constant pool resolution Introduction (Programming)

- Use ISO document production OpenStack used CoreOS mirror (Linux)

- Ubuntu under Spark development environment to build (Server)

- Ubuntu prevent arp attacks (Linux)

- How to test your MongoDB application upgrade? (Database)

- Linux-based Heartbeat high availability configuration httpd service (Server)

- MySQL multi-master multi-cluster deployment uses alive Galera (Database)

- Linux system security reinforcement (Linux)

- Install the Solaris 10 operating system environment over the network to sparc (Linux)

- Recover Ubuntu 14.04 wakes up from standby in case mouse keyboard appears dead (Linux)

- Use Epoll develop high-performance application server on Linux (Server)

- Linux (Debian) install software, missing dynamic link libraries .so (Linux)

- AWK principles and commands and file input (Linux)

- Denyhosts prevent hackers using SSH scanning (Linux)

- The difference Docker save and export commands (Linux)

- Samhain: Powerful intrusion detection system under Linux (Linux)

- Sort sql MySQL 5.6 upgrade slow Cause Analysis (Database)

- C ++ type conversion and RTTI (Programming)

- Linux command line ten magic usage (Linux)

 
         
  Advanced permissions Linux file system settings
     
  Add Date : 2018-11-21      
         
         
         
  Advanced Linux file system permissions
1. File hidden attribute
chattr
chattr [+ - =] [ASacdi] filename or directory
+: Increase one particular parameter, other parameters fixed originally present
-: Delete one particular parameter, other parameters fixed originally present
=: Fixed parameter settings
A: When reading and writing files or directories, his service time atime constant avoid I / O read and write over the disk slower machines.
S: When you modify a file or directory is written to disk automatically synchronized
a: the file is set only written to the file can not be deleted nor repair


Change data, only root can set
c: automatic compression, automatic decompression when reading
d: When the dump backup set d file or directory is not dump
i: Let a file can not be deleted, renamed, set the connection, write, only root can
Note that the most commonly used is a, i. root users often use protection system
Such as: ban in the system new, delete user, the same file can not be deleted is set
chattr + i / etc / passwd / etc / shadow
If you want to cancel:
chattr -i / etc / passwd / etc / shadow
If you want to clear the log Protection log file to prevent
chattr + a / var / log / messages


lsattr: permission to view hidden
chattr + ai / tmp / test
lsattr / tmp
Of course, you can use the chattr -R recursively set
lsattr -R use subdirectories are also listed along with the data

2. The file access control lists (acl), this system is somewhat similar to acl NTFS, which is used for a specific set specific permissions can be useful
acl definition file by using the setfacl
acl view files using getfacl
Such as: u01 want to give a particular user to set permissions to read and write execute
setfacl -m user: u01: rwx /etc/yum.repos.d/
See Use
getfacl /etc/yum.repos.d/
Delete permissions (note do not specify the list of permissions)
setfacl -x user: u01 /etc/yum.repos.d/


3.Set UID


SUID restrictions and functions:
1) SUID permission only for binary (binary program) effective
2) executive authority for this program have x
3) The privileges only in the execution of the program is effective (run-time)
4) execution will be given permission to the owner
For example, it is like the emperor's imperial sword, his sword has the right to the emperor, but this is only the most powerful weapon in the hands of his time.
linux in passwd is the best example, it was set SUID, ordinary users can also change the password.
Note that when you set the file if there is x
Use ls -l to view the permissions for the owner of the lowercase s
If not, for the S.
Setting method:
chmod u + s file


4.SGID
Unlike suid, SGID directory or file can be set up:
If the file is set SGID his capabilities and limitations are as follows,
1) SGID permissions on a binary (binary program) effective
2) executive authority for this program have x
3) The privileges only in the execution of the program is effective (run-time)
4) execution will be given permission group
/ Usr / bin / locate is an example
If it is set on a directory SGID and his work can be limited as follows,
1) If the user has permission to this directory and x r is, the user can enter the directory
2) users in this directory effective group (effective group) will change into a directory group
3) Use: If the user has w permission in this directory, the user of the new file will become the group that their group directory
4) SGID for the project development team is a very useful set of methods:
chmod g + s


5.Sticky Bit
SBIT currently only valid for the directory on the file is invalid. His role:
When multiple users for this directory have w, x permissions, users create a file or directory only root has the right to remove, that is, other users can only their own files del, rename, move and other actions, while others can not be deleted file.
System / tmp directory is such a

Setting method:
chmod o + t
     
         
         
         
  More:      
 
- A step by step teach have to install multi-node cluster configuration Hadoop (Server)
- VMware virtual machines to install virt-manager unable to connect to libvirt's approach (Linux)
- Linux the best download manager uGet (Linux)
- Xtrabackup creates a slave node without downtime (Database)
- Practical top command (Linux)
- Oracle to read and modify the data block process (Database)
- On event processing browser compatibility notes (Programming)
- Linux security concerns again (Linux)
- imp / exp Oracle Database import and export commands (Database)
- Redhat 7 can only be read after installation Samba service catalog approach could not be written (Server)
- Linux file system structure Introduction (Linux)
- RPM package management tools under Linux (Linux)
- IOwait Linux system monitoring diagnostic tools (Linux)
- Shuffle Process Arrangement in MapReduce (Server)
- Getting Started Linux Shell Scripting (Programming)
- Installation on the way to the root source Ubuntu Server 14.04 LTS version Odoo8.0 (Server)
- Linux check disk parameters trapping lack amendments (Linux)
- iscsiadm command usage (Linux)
- LVM management parameters commonly used commands explained in detail (Linux)
- Use GNU / Linux broadcasting of television programs (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.