3.6 默认权限
[yinhan@VM-12-12-centos iter]$ ll total 0 [yinhan@VM-12-12-centos iter]$ touch test.txt [yinhan@VM-12-12-centos iter]$ mkdir new_dir [yinhan@VM-12-12-centos iter]$ ll total 4 drwxrwxr-x 2 yinhan yinhan 4096 Nov 30 15:29 new_dir -rw-rw-r-- 1 yinhan yinhan 0 Nov 30 15:29 test.txt [yinhan@VM-12-12-centos iter]$
观察现象,目录的默认权限是775,普通文件的默认权限是664(这是我的centos7.6Linux下的,不同的操作系统,它的默认权限也是可能不同的)
为什么创建的普通文件 (不包括可执行文件)的默认权限是从664开始的,为什么创建的目录的默认权限是从775开始?
先理解几个概念:默认权限(就是你看到的),起始权限(系统设定的),最终权限(也就是默认权限)
Linux规定的普通文件起始权限是666开始的(不包括可执行文件),目录的起始权限是777开始的
系统为了更好控制文件权限,系统会有默认的权限掩码,称为umask
[yinhan@VM-12-12-centos iter]$ umask 0002 [yinhan@VM-12-12-centos iter]$ //centos7.6Linux操作系统的掩码是002(八进制)
理解了权限掩码和起始权限的概念后,那么最终权限(默认权限)怎么计算的呢?
最终权限(默认权限)= 起始权限 & (~umask) (这里和异或计算还是有区别的)
普通文件:666 & (~002) = 110 110 110 & (~000 000 010)= 110 110 110 & 111 111 101 = 110 110 100 = 664
目录:777 & (~002) = 111 111 111 & (~000 000 010)= 111 111 111 & 111 111 101 = 111 111 101 = 775
下面再计算一组:
[yinhan@VM-12-12-centos iter]$ umask 0007 [yinhan@VM-12-12-centos iter]$ umask 0007 [yinhan@VM-12-12-centos iter]$ touch normal.txt [yinhan@VM-12-12-centos iter]$ mkdir dir [yinhan@VM-12-12-centos iter]$ ll total 8 drwxrwx--- 2 yinhan yinhan 4096 Nov 30 16:03 dir -rw-rw---- 1 yinhan yinhan 0 Nov 30 16:03 normal.txt //这里改动了umask,可以根据最终权限公式来算 //目录的最终权限:777 & (~007) = 770 //普通文件的最终权限(不包括可执行普通文件): 666 & (~007) = 660
3.7 粘滞位
3.7.1. 了解背景
在使用Linux时未来我们可能有共享目录,这些目录是被所有的普通用户共享,用来保存普通用户产生的临时数据
[yinhan@VM-12-12-centos ~]$ ll /home total 12 drwx------ 4 anonymous anonymous 4096 Nov 23 00:36 anonymous drwx------ 5 lighthouse lighthouse 4096 Nov 2 10:41 lighthouse drwx------ 5 yinhan yinhan 4096 Nov 27 23:39 yinhan [yinhan@VM-12-12-centos ~]$
假设一个anonymous用户要访问yinhan这个用户目录下的一个代码文件,这时,对于yinhan这个用户来说,anonymous用户就是other用户,这里anonymous用户是无法进入yinhan这个用户的家目录的,所以这里有要有个共享目录/文件,以此来达到需求
这个共享目录一般都是root提供的
3.7.2. 准备工作
在根目录下放个共享文件同时权限全部放开
模拟给share里面放进用户文件,并给对应的文件填充内容
[root@VM-12-12-centos share]# ll total 24 -rw-rw-r-- 1 anonymous anonymous 32 Nov 30 16:37 anonymous1 -rw-rw-r-- 1 anonymous anonymous 35 Nov 30 16:38 anonymous2 -rw-rw-r-- 1 anonymous anonymous 0 Nov 30 16:34 anonymous3 -rw-r--r-- 1 root root 38 Nov 30 16:39 root1 -rw-r--r-- 1 root root 37 Nov 30 16:39 root2 -rw-r--r-- 1 root root 0 Nov 30 16:33 root3 -rw-rw-r-- 1 yinhan yinhan 37 Nov 30 16:35 yinhan1 -rw-rw-r-- 1 yinhan yinhan 30 Nov 30 16:36 yinhan2 -rw-rw-r-- 1 yinhan yinhan 0 Nov 30 16:32 yinhan3 [root@VM-12-12-centos share]# cat root1 这是root用户的第一个文件! [root@VM-12-12-centos share]# cat root2 这是root用户的第二个文件! [root@VM-12-12-centos share]# cat root3 [root@VM-12-12-centos share]# su yinhan [yinhan@VM-12-12-centos share]$ whoami yinhan [yinhan@VM-12-12-centos share]$ cat yinhan1 这是yinhan用户的第一个文件 [yinhan@VM-12-12-centos share]$ cat yinhan2 this is yinhan's second file! [yinhan@VM-12-12-centos share]$ cat yinhan3 [yinhan@VM-12-12-centos share]$ su anonymous Password: [anonymous@VM-12-12-centos share]$ whoami anonymous [anonymous@VM-12-12-centos share]$ cat anonymous1 this is anonymous's first file! [anonymous@VM-12-12-centos share]$ cat anonymous2 this is a anonymous's second file! [anonymous@VM-12-12-centos share]$ cat anonymous3 [anonymous@VM-12-12-centos share]$
这里每个用户都分享出了自己的三个文件,并且每个文件都是对other用户来说都可以查看,但是不能写入和执行操作(除了root可以),但是可以删除
[yinhan@VM-12-12-centos share]$ ll total 24 -rw-rw-r-- 1 anonymous anonymous 32 Nov 30 16:37 anonymous1 -rw-rw-r-- 1 anonymous anonymous 35 Nov 30 16:38 anonymous2 -rw-rw-r-- 1 anonymous anonymous 0 Nov 30 16:34 anonymous3 -rw-r--r-- 1 root root 38 Nov 30 16:39 root1 -rw-r--r-- 1 root root 37 Nov 30 16:39 root2 -rw-r--r-- 1 root root 0 Nov 30 16:33 root3 -rw-rw-r-- 1 yinhan yinhan 37 Nov 30 16:35 yinhan1 -rw-rw-r-- 1 yinhan yinhan 30 Nov 30 16:36 yinhan2 -rw-rw-r-- 1 yinhan yinhan 0 Nov 30 16:32 yinhan3 [yinhan@VM-12-12-centos share]$ whoami yinhan [yinhan@VM-12-12-centos share]$ rm anonymous1 rm: remove write-protected regular file ‘anonymous1’? y [yinhan@VM-12-12-centos share]$ ll total 20 -rw-rw-r-- 1 anonymous anonymous 35 Nov 30 16:38 anonymous2 -rw-rw-r-- 1 anonymous anonymous 0 Nov 30 16:34 anonymous3 -rw-r--r-- 1 root root 38 Nov 30 16:39 root1 -rw-r--r-- 1 root root 37 Nov 30 16:39 root2 -rw-r--r-- 1 root root 0 Nov 30 16:33 root3 -rw-rw-r-- 1 yinhan yinhan 37 Nov 30 16:35 yinhan1 -rw-rw-r-- 1 yinhan yinhan 30 Nov 30 16:36 yinhan2 -rw-rw-r-- 1 yinhan yinhan 0 Nov 30 16:32 yinhan3 [yinhan@VM-12-12-centos share]$ //我是yinhan用户,我删除了anonumous1文件
3.7.3. 粘滞位的作用
这里作为共享文件,每个文件对于other用户来说是可以删除的,但是这不违背了我们的需求?
这里就需要粘滞位,为了不让别人删除,我们就要用到粘滞位
chmod +t 文件/目录
作用:加上粘滞位(只能给共享目录/目录添加,防止别人删除我的文件
//共享目录加上粘滞位后other用户就不能删除我的文件了(当然root用户是可以删除的) [yinhan@VM-12-12-centos share]$ whoami yinhan [yinhan@VM-12-12-centos share]$ ll total 20 -rw-rw-r-- 1 anonymous anonymous 35 Nov 30 16:38 anonymous2 -rw-rw-r-- 1 anonymous anonymous 0 Nov 30 16:34 anonymous3 -rw-r--r-- 1 root root 38 Nov 30 16:39 root1 -rw-r--r-- 1 root root 37 Nov 30 16:39 root2 -rw-r--r-- 1 root root 0 Nov 30 16:33 root3 -rw-rw-r-- 1 yinhan yinhan 37 Nov 30 16:35 yinhan1 -rw-rw-r-- 1 yinhan yinhan 30 Nov 30 16:36 yinhan2 -rw-rw-r-- 1 yinhan yinhan 0 Nov 30 16:32 yinhan3 [yinhan@VM-12-12-centos share]$ rm anonymous2 rm: remove write-protected regular file ‘anonymous2’? y rm: cannot remove ‘anonymous2’: Operation not permitted [yinhan@VM-12-12-centos share]$
既然我们的需求的是不能删除被人的文件,那么我们能不能通过root更改共享目录的other角色的w权限来限制呢?
不能,目录的w的权限是用来限制目录中的创建文件和删除文件,我自己的共享目录的文件也删除不了了
[yinhan@VM-12-12-centos /]$ ll total 76 lrwxrwxrwx. 1 root root 7 Mar 7 2019 bin -> usr/bin dr-xr-xr-x. 5 root root 4096 Jul 28 11:37 boot drwxr-xr-x 2 root root 4096 Nov 5 2019 data drwxr-xr-x 19 root root 3020 Nov 2 10:45 dev drwxr-xr-x. 95 root root 12288 Nov 23 00:35 etc drwxr-xr-x. 5 root root 4096 Nov 23 00:34 home lrwxrwxrwx. 1 root root 7 Mar 7 2019 lib -> usr/lib lrwxrwxrwx. 1 root root 9 Mar 7 2019 lib64 -> usr/lib64 drwx------. 2 root root 16384 Mar 7 2019 lost+found drwxr-xr-x. 2 root root 4096 Apr 11 2018 media drwxr-xr-x. 2 root root 4096 Apr 11 2018 mnt drwxr-xr-x. 4 root root 4096 Nov 2 10:33 opt dr-xr-xr-x 131 root root 0 Nov 2 10:45 proc dr-xr-x---. 7 root root 4096 Nov 18 23:01 root drwxr-xr-x 25 root root 880 Nov 29 14:46 run lrwxrwxrwx. 1 root root 8 Mar 7 2019 sbin -> usr/sbin drwxrwxr-x 2 root root 4096 Nov 30 16:47 share drwxr-xr-x. 2 root root 4096 Apr 11 2018 srv dr-xr-xr-x 13 root root 0 Nov 11 17:12 sys drwxrwxrwt. 9 root root 4096 Nov 30 17:30 tmp drwxr-xr-x. 14 root root 4096 Jan 8 2021 usr drwxr-xr-x. 20 root root 4096 Jan 8 2021 var [yinhan@VM-12-12-centos /]$ cd share/ [yinhan@VM-12-12-centos share]$ ll total 20 -rw-rw-r-- 1 anonymous anonymous 35 Nov 30 16:38 anonymous2 -rw-rw-r-- 1 anonymous anonymous 0 Nov 30 16:34 anonymous3 -rw-r--r-- 1 root root 38 Nov 30 16:39 root1 -rw-r--r-- 1 root root 37 Nov 30 16:39 root2 -rw-r--r-- 1 root root 0 Nov 30 16:33 root3 -rw-rw-r-- 1 yinhan yinhan 37 Nov 30 16:35 yinhan1 -rw-rw-r-- 1 yinhan yinhan 30 Nov 30 16:36 yinhan2 -rw-rw-r-- 1 yinhan yinhan 0 Nov 30 16:32 yinhan3 [yinhan@VM-12-12-centos share]$ whoami yinhan [yinhan@VM-12-12-centos share]$ rm anonymous1 rm: cannot remove ‘anonymous1’: No such file or directory [yinhan@VM-12-12-centos share]$ rm yinhan1 rm: cannot remove ‘yinhan1’: Permission denied [yinhan@VM-12-12-centos share]$