"Everything is a file" is one of the basic philosophies of Unix/Linux. Directories, character devices, block devices, sockets, etc. all exist as files in Unix/Linux. Faced with numerous documents, how do you understand and manage their reading, writing and executing rights?
Under Windows, you can right-click the file and view the file's permissions in the property bar. Is the "philosophy" of files under Linux the same as Windows? We analyze the following points.
1. The role of file permissions
File permissions are set to protect system and user data security. For users, *important things are the privacy and security of data and files. From system administrators to ordinary users, from file attributes to file special encryption, all around a theme: rights management. If a critical file is accidentally written, the data is lost and the system crashes.
Take the /proc directory under the root directory as an example. This file is a virtual file system provided by the Linux kernel. It can access the internal data structure of the kernel and change the mechanism of kernel settings. Where swaps is the usage of swap space, tty saves tty device information, version Linux kernel version and gcc version. We can see that these files that are closely related to the system are all read-only, even for the root user.
Figure 1 Partial file under /proc
2. The division of file permissions
The rights management under Linux can be roughly divided into three parts from the perspective of visitors: users, user groups, and administrators. As shown in Figure 2, open the file list details in the current user directory. Most of the time we use this command to focus only on the right half of the information, such as the file name, date, size and so on. The left half shows the permission information of the corresponding file.
Figure 2 File Properties Details
Linux systems have strict management of users' rights. As shown in Figure 3, the authority of a file can be divided into three parts: the owner of the file, the authority of the user group of the owner, and the authority of other users. Among them, a user group is a collection of users having the same characteristics.
Figure 3 File permissions
The user and user group information can be read directly using the cat command in the passwd and group files in the /etc directory.
Figure 4 User/User Group Information
3. Change the file permissions Method
Linux provides chmod commands for changing or setting file permissions. The command format is shown in Figure 5, and remove the other user permission executable attributes of the hello file: vmuser@Linux-host: hello$ chmod ox hello. If you set u/g/o at the same time, you can use a, for example, add all user executable permissions for hello: vmuser@Linux-host: ~$ chmoda+x hello.
Figure 5 file permissions change (a)
As we mentioned earlier, Linux's file permissions management is a kind of "philosophical beauty." The chmod command also provides more indirect use. As shown in Figure 6, r, w, and x correspond to the numbers 4, 2, 1, respectively. The sum of the numbers represents the set of authority values. For example, rwx may be represented by 7 and rx may be represented by 5. If you want to set the hello file to * loose permissions, you can use the command chmod 777 hello directly.
Figure 6 file permissions change (2)
Then, besides creating the file and modifying the permissions, can you directly create files with specific permissions? The answer is yes, we can manage the corresponding user default permissions by modifying the umask value. You can enter umask directly to get the default value of the current user's permissions, of course, you can use umask=xxx to modify it. In addition, if you want to permanently set the value of umask, you can modify ~/.bashrc or ./bash_profile. The Umask value and the file permissions are not one-to-one, and interested readers can refer to the relevant information.
Figure 7 User Default Permission Changes
4. How to protect important documents
The protection of documents can be started from the quantitative aspect: document rights management, document timely backup.
In terms of rights management, you are not free to change file permissions, such as chmod 777 filename. Taking the working log file of the system or APP as an example, it is only readable for most of the log-in users, and if it is overwritten, it will permanently lose log information. In a complex multi-user collaboration system, strict management of single-user rights and group user rights requires root user authority.
Figure 8 read-only log file
For the standard rootfs, it is not recommended that ordinary users directly change it, and directly give it read-only access when uboot mounts the file system. Assigning "ro" to the * after item of bootargs is read only. If you need to temporarily modify the read-write mode, use mount -o remount,rw /, which is used for temporary modification to read-write mode, and try to avoid modifying the uboot code.
Figure 9 File System Permissions Change
Another means of protecting important files during file backup is not guaranteed in a strict permissions management mechanism. Important files can be automated using scripts, scheduled backups, and if necessary, files can also be saved to other physical storage media or cloud disks. When it comes to deductions and charges, the security of data and documents is particularly important.
Tonemy aroma hot sale aroma diffusers, hot scent diffuser, popluar essential oil diffuser for car, home, room, hotel, office, lobby, strores, gym... wifi remote control diffusers, plastic or metal material diffusers for small, medium and big space coverage wall mount, floor stand, HVAC installation.
Hot sale Aroma Diffusers, Hot Scent Diffuser,Poplar Essential Oil Diffuser Supplier in China
Guangzhou Tang Mei Environmental Protection Technology Co.,Ltd , https://www.tonemys.com