文章目录
- Linux权限介绍
- 1. shell命令及原理
- 2. Linux权限的概念
- 3. Linux权限管理
- 3.1 人(用户)
- 3.2 事物属性(文件类型和访问权限)
- 3.3 文件访问权限的相关设置方法
- 3.3.1 chmod
- 3.3.2 chown
- 3.3.3 chgrp
- 3.4 file指令
- 3.5 目录权限
- 3.6 默认权限
- 3.7 粘滞位
- 3.7.1. 了解背景
- 3.7.2. 准备工作
- 3.7.3. 粘滞位的作用
Linux权限介绍
1. shell命令及原理
linux中shell是“壳”的意思,shell是系统的用户界面,提供了用户与内核进行交互操作的一种接口,是在linux内核与用户之间的解释器程序,相当于操作系统的“外壳”,它接收用户输入的命令并把它送入内核去执行
[yinhan@VM-12-12-centos trunk]$ ls /usr/bin/bash -al
-rwxr-xr-x 1 root root 964536 Apr 1 2020 /usr/bin/bash
[yinhan@VM-12-12-centos trunk]$
在Linux下,这个bash也就是命令行解释器程序,也是个文件
操作系统和shell和用户的关系:
shell就相当于媒婆,user给的命令shell接受给kernel,但是这里也可能给的是个危险命令。那么为什么user给的命令不直接给kernel呢?这里就涉及到shell存在的意义。
shell存在的意义:1.帮忙命令行传递和返回结果。2.保护操作系统(防止危险指令对操作系统造成破坏) 3.执行命令时创建子进程执行
2. Linux权限的概念
在多用户计算机系统的管理中,权限(privilege)是指某个特定的用户具有特定的系统资源使用权力,像是文件夹,特定系统指令的使用或存储量的限制。生活中举个例子就是腾讯VIP用户,如果我们是普通用户就不能观看VIP影视节目
权限是用来限制人的,访问的对象没有天然性的属性;所以权限就是一件事情是否能做;Linux下权限=人+事物属性
3. Linux权限管理
3.1 人(用户)
Linux下分为两种用户:1.root,超级管理员(可以再linux系统下做任何事情,不受限制)2. 普通用户:(在linux下做有限的事情)
超级用户的命令提示符是"#",普通用户的命令提示符是“$”
命令:su [用户名]
作用:切换用户身份(只是切换身份而已)要想重新登陆root用户可用指令(su -) 要从普通用户user切换到root用户则使用( su root)(root可以省略)
[yinhan@VM-12-12-centos ~]$ whoami
yinhan
[yinhan@VM-12-12-centos ~]$ ll
total 8
-rw-rw-r-- 1 yinhan yinhan 50 Nov 23 00:26 README.txt
drwxrwxr-x 3 yinhan yinhan 4096 Nov 23 18:38 trunk
[yinhan@VM-12-12-centos ~]$ su (只是单纯的切换身份而已,并没有进入到root的工作目录下,上下ll可以对比看出)
Password:
[root@VM-12-12-centos yinhan]# whoami
root
[root@VM-12-12-centos yinhan]# ll
total 8
-rw-rw-r-- 1 yinhan yinhan 50 Nov 23 00:26 README.txt
drwxrwxr-x 3 yinhan yinhan 4096 Nov 23 18:38 trunk
[root@VM-12-12-centos yinhan]#
//使用su -(直接进入到root超级管理员下的工作根目录下)
[yinhan@VM-12-12-centos ~]$ whoami
yinhan
[yinhan@VM-12-12-centos ~]$ ll
total 8
-rw-rw-r-- 1 yinhan yinhan 50 Nov 23 00:26 README.txt
drwxrwxr-x 3 yinhan yinhan 4096 Nov 23 18:38 trunk
[yinhan@VM-12-12-centos ~]$ su -
Password:
Last login: Wed Nov 23 19:02:36 CST 2022 on pts/0
Last failed login: Wed Nov 23 19:04:27 CST 2022 on pts/0
There were 2 failed login attempts since the last successful login.
[root@VM-12-12-centos ~]# whoami
root
[root@VM-12-12-centos ~]# ll
total 4
drwxr-xr-x 3 root root 4096 Nov 18 23:08 study_2022_11_11
[root@VM-12-12-centos ~]#
//如何切换到home目录下的另外一个用户呢?
//我的xshell是可以直接用户切换到用户的,如果不行可以先切换到root身份再切换到某个用户身份,切记要cd ~进入该用户的根目录
[yinhan@VM-12-12-centos ~]$ whoami
yinhan
[yinhan@VM-12-12-centos ~]$ ls /home
anonymous lighthouse yinhan
[yinhan@VM-12-12-centos ~]$ su anonymous
Password:
[anonymous@VM-12-12-centos yinhan]$ ll
ls: cannot open directory .: Permission denied //没有cd ~,拒绝访问
[anonymous@VM-12-12-centos yinhan]$ cd ~
[anonymous@VM-12-12-centos ~]$ ll
total 4
-rw-rw-r-- 1 anonymous anonymous 62 Nov 23 00:36 README.txt
[anonymous@VM-12-12-centos ~]$
- 文件访问者分类
文件和文件目录的拥有者:u—User(中国平民 法律问题)
文件和文件目录的所有者所在的组的用户:g—Group(相当于团队)
其它用户:o—Others (外国人)
root&&普通用户 和 拥有者&&所属组&&其他用户的关系?
假设root&&和普通用户都是人,拥有者&&所属组&&其他用户这些都是角色,所以,他们的关系是人可以扮演各种角色的关系
3.2 事物属性(文件类型和访问权限)
- 文件类型
d: 目录
-:普通文件
b:块设备(磁盘)c:字符设备文件 l:链接文件 p:管道文件 s:套接口文件(不常见)
即然Linux普通文件不区分文件类型,那么为什么我们创建文件普通后还需要跟上后缀呢?
后缀是文件名的一部分,为了方便阅读
//实际例子
[yinhan@VM-12-12-centos xfile]$ ll
total 16
-rwxrwxr-x 1 yinhan yinhan 8360 Nov 23 18:43 a.out
-rw-rw-r-- 1 yinhan yinhan 72 Nov 23 18:43 test.c
[yinhan@VM-12-12-centos xfile]$ ./a.out
hello linux!
[yinhan@VM-12-12-centos xfile]$ mv a.out a.txt
[yinhan@VM-12-12-centos xfile]$ ll
total 16
-rwxrwxr-x 1 yinhan yinhan 8360 Nov 23 18:43 a.txt
-rw-rw-r-- 1 yinhan yinhan 72 Nov 23 18:43 test.c
[yinhan@VM-12-12-centos xfile]$ ./a.txt
hello linux!
[yinhan@VM-12-12-centos xfile]$ mv a.txt test.txt
[yinhan@VM-12-12-centos xfile]$ ll
total 16
-rw-rw-r-- 1 yinhan yinhan 72 Nov 23 18:43 test.c
-rwxrwxr-x 1 yinhan yinhan 8360 Nov 23 18:43 test.txt
[yinhan@VM-12-12-centos xfile]$ ./test.txt
hello linux!
[yinhan@VM-12-12-centos xfile]$
//说明了Linux下普通文件是不区分文件类型的,但是看下面这个gcc程序
collect2: error: ld returned 1 exit status //出现报错
说明:linux下指的是操作系统,操作系统看待文件是不区分文件类型,但是这里的gcc是程序,操作系统不区分文件类型不代表其他程序或软件不需要区分
- 基本权限
r:Read对文件而言,具有读取文件内容的权限;对目录来说,具有浏览该目录信息的权限
w:Write对文件而言,具有修改文件内容的权限;对目录来说具有删除移动目录内文件的权限
x:execute对文件而言,具有执行文件的权限;对目录来说,具有进入目录的权限
-:表示不具有任何权限
上面了解完后再来看这个:
rwx位置是固定的,怎么理解?拿上述图中a.out文件举例,看拥有者权限,他的第一个字符的含义就是是否可读,第二个字符的含义就是是否可写,第三个字符的含义就是是否可执行,那么拥有则权限就是可读可写可执行所属组和other权限也是如此
3.3 文件访问权限的相关设置方法
3.3.1 chmod
chmod [选项] 权限 文件名
常见选项:
R :递归修改目录的权限(只有文件的拥有者和root才可以改变文件的权限)
作用:设置文件的访问权限
+: 向权限范围增加权限代号所表示的权限
-: 向权限范围取消权限代号所表示的权限
u:拥有者
g:拥有者同组用
o:其他用户
a:所有用户
yinhan@VM-12-12-centos tmp]$ ll
total 0
-rw-rw-r-- 1 yinhan yinhan 0 Nov 23 20:02 test.txt
[yinhan@VM-12-12-centos tmp]$ chmod o+wx test.txt
[yinhan@VM-12-12-centos tmp]$ ll
total 0
-rw-rw-rwx 1 yinhan yinhan 0 Nov 23 20:02 test.txt
[yinhan@VM-12-12-centos tmp]$
//意思就是给test.txt文件的其他用户的写和执行权限
[yinhan@VM-12-12-centos tmp]$ chmod g+x test.txt
[yinhan@VM-12-12-centos tmp]$ ll
total 0
-rw-rwxrwx 1 yinhan yinhan 0 Nov 23 20:02 test.txt
[yinhan@VM-12-12-centos tmp]$
//给test.txt文件的所属组的执行权限
[yinhan@VM-12-12-centos tmp]$ chmod u+x test.txt
[yinhan@VM-12-12-centos tmp]$ ll
total 0
-rwxrwxrwx 1 yinhan yinhan 0 Nov 23 20:02 test.txt
//给test.txt文件的拥有者的执行执行权限
[yinhan@VM-12-12-centos tmp]$ ./test.txt
./test.txt: line 1: 这是一个拥有者可读可写可执行,所属组可读可写可执行,其他用户可读可写可执行的文件!: command not found
[yinhan@VM-12-12-centos tmp]$
//拥有者有了可执行的权限是可以执行test.txt文件的
rwx另外表示法:
[yinhan@VM-12-12-centos tmp]$ ll
total 4
-rwxrwxrwx 1 yinhan yinhan 124 Nov 23 20:08 test.txt
[yinhan@VM-12-12-centos tmp]$ chmod 000 test.txt
[yinhan@VM-12-12-centos tmp]$ ll
total 4
---------- 1 yinhan yinhan 124 Nov 23 20:08 test.txt
[yinhan@VM-12-12-centos tmp]$
[yinhan@VM-12-12-centos tmp]$ chmod 246 test.txt
[yinhan@VM-12-12-centos tmp]$ ll
total 4
--w-r--rw- 1 yinhan yinhan 124 Nov 23 20:08 test.txt
[yinhan@VM-12-12-centos tmp]$
理解权限:
[yinhan@VM-12-12-centos tmp]$ ll
total 4
--w-r--rw- 1 yinhan yinhan 124 Nov 23 20:08 test.txt
[yinhan@VM-12-12-centos tmp]$ nano test.txt
[yinhan@VM-12-12-centos tmp]$ cat test.txt
cat: test.txt: Permission denied
//这里拒绝访问,因为拥有者没有可读权限
[yinhan@VM-12-12-centos tmp]$ su
Password:
[root@VM-12-12-centos tmp]# whoami
root
[root@VM-12-12-centos tmp]# ll
total 4
--w-r--rw- 1 yinhan yinhan 124 Nov 23 20:08 test.txt
[root@VM-12-12-centos tmp]# cat test.txt
这是一个拥有者可读可写可执行,所属组可读可写可执行,其他用户可读可写可执行的文件!
//切换成root超级管理员身份就什么都可以做了
3.3.2 chown
chown [选项] 用户名 文件
作用:修改文件的拥有者
[yinhan@VM-12-12-centos tmp]$ ll
total 4
--w-r--rw- 1 yinhan yinhan 124 Nov 23 20:08 test.txt
[yinhan@VM-12-12-centos tmp]$ chown root test.txt
chown: changing ownership of ‘test.txt’: Operation not permitted
[yinhan@VM-12-12-centos tmp]$
为什么改不了拥有者呢?
虽然这个test.txt文件的拥有者时yinhan,但是当给别人一个东西的时候需要别人的允许,这里并没有自己的允许,所以不能更改,可以强制,只能由root帮你改
[yinhan@VM-12-12-centos study3]$ su
Password:
[root@VM-12-12-centos study3]# ll
total 0
-rw-rw-r-- 1 yinhan yinhan 0 Nov 30 14:22 normal.txt
[root@VM-12-12-centos study3]# chown root normal.txt
[root@VM-12-12-centos study3]# ll
total 0
-rw-rw-r-- 1 root yinhan 0 Nov 30 14:22 normal.txt
3.3.3 chgrp
chgrp [选项] 用户组名 文件名
作用:修改文件或目录的所属组
-R : 递归修改文件或者目录的所属组
[yinhan@VM-12-12-centos study3]$ clear
[yinhan@VM-12-12-centos study3]$ ll
total 0
-rw-rw-r-- 1 yinhan yinhan 0 Nov 30 14:22 normal.txt
[yinhan@VM-12-12-centos study3]$ chgrp root normal.txt
chgrp: changing group of ‘normal.txt’: Operation not permitted
[yinhan@VM-12-12-centos study3]$
同样的,不能修改所属组和上述chown的原因一样
[yinhan@VM-12-12-centos study3]$ su
Password:
[root@VM-12-12-centos study3]# ll
total 0
-rw-rw-r-- 1 yinhan yinhan 0 Nov 30 14:22 normal.txt
[root@VM-12-12-centos study3]# whoami
root
[root@VM-12-12-centos study3]# chgrp root normal.txt
[root@VM-12-12-centos study3]# ll
total 0
-rw-rw-r-- 1 yinhan root 0 Nov 30 14:22 normal.txt
[root@VM-12-12-centos study3]#
3.4 file指令
file [选项] 文件或目录
作用:辨别文件类型
-c : 详细显示指令执行过程
[root@VM-12-12-centos study3]# ll
total 4
-rw-rw-r-- 1 yinhan root 0 Nov 30 14:22 normal.txt
-rw-r--r-- 1 root root 121 Nov 30 14:44 test.c
-rw-r--r-- 1 root root 0 Nov 30 14:42 test.txt
[root@VM-12-12-centos study3]# file normal.txt
normal.txt: empty
[root@VM-12-12-centos study3]# file test.c
test.c: C source, ASCII text
[root@VM-12-12-centos study3]# file test.txt
test.txt: empty
[root@VM-12-12-centos study3]#
3.5 目录权限
进入一个目录需要什么权限呢?
进入目录需要执行权限,下面为验证
//以iter目录为例
[yinhan@VM-12-12-centos dir]$ ll
total 4
drwxrwxr-x 2 yinhan yinhan 4096 Nov 30 15:13 iter
[yinhan@VM-12-12-centos dir]$ chmod u-r iter/
[yinhan@VM-12-12-centos dir]$ ll
total 4
d-wxrwxr-x 2 yinhan yinhan 4096 Nov 30 15:13 iter
[yinhan@VM-12-12-centos dir]$ cd iter
[yinhan@VM-12-12-centos iter]$ cd ..
[yinhan@VM-12-12-centos dir]$ chmod u-w iter/
[yinhan@VM-12-12-centos dir]$ ll
total 4
d--xrwxr-x 2 yinhan yinhan 4096 Nov 30 15:13 iter
[yinhan@VM-12-12-centos dir]$ cd iter/
[yinhan@VM-12-12-centos iter]$ cd ..
[yinhan@VM-12-12-centos dir]$ chmod u-x iter
[yinhan@VM-12-12-centos dir]$ ll
total 4
d---rwxr-x 2 yinhan yinhan 4096 Nov 30 15:13 iter
[yinhan@VM-12-12-centos dir]$ cd iter/
-bash: cd: iter/: Permission denied
[yinhan@VM-12-12-centos dir]$
在目录中创建和删除文件需要什么权限
目录中创建和删除文件需要写权限,以下是验证
[yinhan@VM-12-12-centos dir]$ ll
total 4
drwxrwxr-x 2 yinhan yinhan 4096 Nov 30 15:13 iter
[yinhan@VM-12-12-centos dir]$ chmod u-r iter
[yinhan@VM-12-12-centos dir]$ ll
total 4
d-wxrwxr-x 2 yinhan yinhan 4096 Nov 30 15:13 iter
[yinhan@VM-12-12-centos dir]$ cd iter/
[yinhan@VM-12-12-centos iter]$ touch test.txt
[yinhan@VM-12-12-centos iter]$ cd ..
[yinhan@VM-12-12-centos dir]$ ll
total 4
d-wxrwxr-x 2 yinhan yinhan 4096 Nov 30 15:18 iter
[yinhan@VM-12-12-centos dir]$ chmod u-w iter
[yinhan@VM-12-12-centos dir]$ ll
total 4
d--xrwxr-x 2 yinhan yinhan 4096 Nov 30 15:18 iter
[yinhan@VM-12-12-centos dir]$ cd iter/
[yinhan@VM-12-12-centos iter]$ touch test1.txt
touch: cannot touch ‘test1.txt’: Permission denied
[yinhan@VM-12-12-centos iter]$
查看目录中的文件信息需要什么权限?
查看目录中文件信息需要读权限,以下是验证
[yinhan@VM-12-12-centos dir]$ ll
total 4
drwxrwxr-x 2 yinhan yinhan 4096 Nov 30 15:18 iter
[yinhan@VM-12-12-centos dir]$ tree iter
iter
`-- test.txt
0 directories, 1 file
[yinhan@VM-12-12-centos dir]$ ls iter/
test.txt
[yinhan@VM-12-12-centos dir]$ chmod u-r iter
[yinhan@VM-12-12-centos dir]$ ll
total 4
d-wxrwxr-x 2 yinhan yinhan 4096 Nov 30 15:18 iter
[yinhan@VM-12-12-centos dir]$ ls iter/
ls: cannot open directory iter/: Permission denied
[yinhan@VM-12-12-centos dir]$ tree iter
iter [error opening dir]
0 directories, 0 files
[yinhan@VM-12-12-centos dir]$
总结:目录r权限是为了查看目录中的文件信息,目录w权限是为了创建和删除文件或目录,目录x权限是为了进入到此目录中
3.6 默认权限
[yinhan@VM-12-12-centos iter]$ ll
total 0
[yinhan@VM-12-12-centos iter]$ touch test.txt
[yinhan@VM-12-12-centos iter]$ mkdir new_dir
[yinhan@VM-12-12-centos iter]$ ll
total 4
drwxrwxr-x 2 yinhan yinhan 4096 Nov 30 15:29 new_dir
-rw-rw-r-- 1 yinhan yinhan 0 Nov 30 15:29 test.txt
[yinhan@VM-12-12-centos iter]$
观察现象,目录的默认权限是775,普通文件的默认权限是664(这是我的centos7.6Linux下的,不同的操作系统,它的默认权限也是可能不同的)
为什么创建的普通文件 (不包括可执行文件)的默认权限是从664开始的,为什么创建的目录的默认权限是从775开始?
先理解几个概念:默认权限(就是你看到的),起始权限(系统设定的),最终权限(也就是默认权限)
Linux规定的普通文件起始权限是666开始的(不包括可执行文件),目录的起始权限是777开始的
系统为了更好控制文件权限,系统会有默认的权限掩码,称为umask
[yinhan@VM-12-12-centos iter]$ umask
0002
[yinhan@VM-12-12-centos iter]$
//centos7.6Linux操作系统的掩码是002(八进制)
理解了权限掩码和起始权限的概念后,那么最终权限(默认权限)怎么计算的呢?
最终权限(默认权限)= 起始权限 & (~umask) (这里和异或计算还是有区别的)
普通文件:666 & (~002) = 110 110 110 & (~000 000 010)= 110 110 110 & 111 111 101 = 110 110 100 = 664
目录:777 & (~002) = 111 111 111 & (~000 000 010)= 111 111 111 & 111 111 101 = 111 111 101 = 775
下面再计算一组:
[yinhan@VM-12-12-centos iter]$ umask 0007
[yinhan@VM-12-12-centos iter]$ umask
0007
[yinhan@VM-12-12-centos iter]$ touch normal.txt
[yinhan@VM-12-12-centos iter]$ mkdir dir
[yinhan@VM-12-12-centos iter]$ ll
total 8
drwxrwx--- 2 yinhan yinhan 4096 Nov 30 16:03 dir
-rw-rw---- 1 yinhan yinhan 0 Nov 30 16:03 normal.txt
//这里改动了umask,可以根据最终权限公式来算
//目录的最终权限:777 & (~007) = 770
//普通文件的最终权限(不包括可执行普通文件): 666 & (~007) = 660
3.7 粘滞位
3.7.1. 了解背景
在使用Linux时未来我们可能有共享目录,这些目录是被所有的普通用户共享,用来保存普通用户产生的临时数据
怎么来理解共享?
[yinhan@VM-12-12-centos ~]$ ll /home
total 12
drwx------ 4 anonymous anonymous 4096 Nov 23 00:36 anonymous
drwx------ 5 lighthouse lighthouse 4096 Nov 2 10:41 lighthouse
drwx------ 5 yinhan yinhan 4096 Nov 27 23:39 yinhan
[yinhan@VM-12-12-centos ~]$
假设一个anonymous用户要访问yinhan这个用户目录下的一个代码文件,这时,对于yinhan这个用户来说,anonymous用户就是other用户,这里anonymous用户是无法进入yinhan这个用户的家目录的,所以这里有要有个共享目录/文件,以此来达到需求
这个共享目录一般都是root提供的
3.7.2. 准备工作
在根目录下放个共享文件同时权限全部放开
模拟给share里面放进用户文件,并给对应的文件填充内容
[root@VM-12-12-centos share]# ll
total 24
-rw-rw-r-- 1 anonymous anonymous 32 Nov 30 16:37 anonymous1
-rw-rw-r-- 1 anonymous anonymous 35 Nov 30 16:38 anonymous2
-rw-rw-r-- 1 anonymous anonymous 0 Nov 30 16:34 anonymous3
-rw-r--r-- 1 root root 38 Nov 30 16:39 root1
-rw-r--r-- 1 root root 37 Nov 30 16:39 root2
-rw-r--r-- 1 root root 0 Nov 30 16:33 root3
-rw-rw-r-- 1 yinhan yinhan 37 Nov 30 16:35 yinhan1
-rw-rw-r-- 1 yinhan yinhan 30 Nov 30 16:36 yinhan2
-rw-rw-r-- 1 yinhan yinhan 0 Nov 30 16:32 yinhan3
[root@VM-12-12-centos share]# cat root1
这是root用户的第一个文件!
[root@VM-12-12-centos share]# cat root2
这是root用户的第二个文件!
[root@VM-12-12-centos share]# cat root3
[root@VM-12-12-centos share]# su yinhan
[yinhan@VM-12-12-centos share]$ whoami
yinhan
[yinhan@VM-12-12-centos share]$ cat yinhan1
这是yinhan用户的第一个文件
[yinhan@VM-12-12-centos share]$ cat yinhan2
this is yinhan's second file!
[yinhan@VM-12-12-centos share]$ cat yinhan3
[yinhan@VM-12-12-centos share]$ su anonymous
Password:
[anonymous@VM-12-12-centos share]$ whoami
anonymous
[anonymous@VM-12-12-centos share]$ cat anonymous1
this is anonymous's first file!
[anonymous@VM-12-12-centos share]$ cat anonymous2
this is a anonymous's second file!
[anonymous@VM-12-12-centos share]$ cat anonymous3
[anonymous@VM-12-12-centos share]$
这里每个用户都分享出了自己的三个文件,并且每个文件都是对other用户来说都可以查看,但是不能写入和执行操作(除了root可以),但是可以删除
[yinhan@VM-12-12-centos share]$ ll
total 24
-rw-rw-r-- 1 anonymous anonymous 32 Nov 30 16:37 anonymous1
-rw-rw-r-- 1 anonymous anonymous 35 Nov 30 16:38 anonymous2
-rw-rw-r-- 1 anonymous anonymous 0 Nov 30 16:34 anonymous3
-rw-r--r-- 1 root root 38 Nov 30 16:39 root1
-rw-r--r-- 1 root root 37 Nov 30 16:39 root2
-rw-r--r-- 1 root root 0 Nov 30 16:33 root3
-rw-rw-r-- 1 yinhan yinhan 37 Nov 30 16:35 yinhan1
-rw-rw-r-- 1 yinhan yinhan 30 Nov 30 16:36 yinhan2
-rw-rw-r-- 1 yinhan yinhan 0 Nov 30 16:32 yinhan3
[yinhan@VM-12-12-centos share]$ whoami
yinhan
[yinhan@VM-12-12-centos share]$ rm anonymous1
rm: remove write-protected regular file ‘anonymous1’? y
[yinhan@VM-12-12-centos share]$ ll
total 20
-rw-rw-r-- 1 anonymous anonymous 35 Nov 30 16:38 anonymous2
-rw-rw-r-- 1 anonymous anonymous 0 Nov 30 16:34 anonymous3
-rw-r--r-- 1 root root 38 Nov 30 16:39 root1
-rw-r--r-- 1 root root 37 Nov 30 16:39 root2
-rw-r--r-- 1 root root 0 Nov 30 16:33 root3
-rw-rw-r-- 1 yinhan yinhan 37 Nov 30 16:35 yinhan1
-rw-rw-r-- 1 yinhan yinhan 30 Nov 30 16:36 yinhan2
-rw-rw-r-- 1 yinhan yinhan 0 Nov 30 16:32 yinhan3
[yinhan@VM-12-12-centos share]$
//我是yinhan用户,我删除了anonumous1文件
3.7.3. 粘滞位的作用
这里作为共享文件,每个文件对于other用户来说是可以删除的,但是这不违背了我们的需求?
这里就需要粘滞位,为了不让别人删除,我们就要用到粘滞位
chmod +t 文件/目录
作用:加上粘滞位(只能给共享目录/目录添加,防止别人删除我的文件
//共享目录加上粘滞位后other用户就不能删除我的文件了(当然root用户是可以删除的)
[yinhan@VM-12-12-centos share]$ whoami
yinhan
[yinhan@VM-12-12-centos share]$ ll
total 20
-rw-rw-r-- 1 anonymous anonymous 35 Nov 30 16:38 anonymous2
-rw-rw-r-- 1 anonymous anonymous 0 Nov 30 16:34 anonymous3
-rw-r--r-- 1 root root 38 Nov 30 16:39 root1
-rw-r--r-- 1 root root 37 Nov 30 16:39 root2
-rw-r--r-- 1 root root 0 Nov 30 16:33 root3
-rw-rw-r-- 1 yinhan yinhan 37 Nov 30 16:35 yinhan1
-rw-rw-r-- 1 yinhan yinhan 30 Nov 30 16:36 yinhan2
-rw-rw-r-- 1 yinhan yinhan 0 Nov 30 16:32 yinhan3
[yinhan@VM-12-12-centos share]$ rm anonymous2
rm: remove write-protected regular file ‘anonymous2’? y
rm: cannot remove ‘anonymous2’: Operation not permitted
[yinhan@VM-12-12-centos share]$
既然我们的需求的是不能删除被人的文件,那么我们能不能通过root更改共享目录的other角色的w权限来限制呢?
不能,目录的w的权限是用来限制目录中的创建文件和删除文件,我自己的共享目录的文件也删除不了了
[yinhan@VM-12-12-centos /]$ ll
total 76
lrwxrwxrwx. 1 root root 7 Mar 7 2019 bin -> usr/bin
dr-xr-xr-x. 5 root root 4096 Jul 28 11:37 boot
drwxr-xr-x 2 root root 4096 Nov 5 2019 data
drwxr-xr-x 19 root root 3020 Nov 2 10:45 dev
drwxr-xr-x. 95 root root 12288 Nov 23 00:35 etc
drwxr-xr-x. 5 root root 4096 Nov 23 00:34 home
lrwxrwxrwx. 1 root root 7 Mar 7 2019 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Mar 7 2019 lib64 -> usr/lib64
drwx------. 2 root root 16384 Mar 7 2019 lost+found
drwxr-xr-x. 2 root root 4096 Apr 11 2018 media
drwxr-xr-x. 2 root root 4096 Apr 11 2018 mnt
drwxr-xr-x. 4 root root 4096 Nov 2 10:33 opt
dr-xr-xr-x 131 root root 0 Nov 2 10:45 proc
dr-xr-x---. 7 root root 4096 Nov 18 23:01 root
drwxr-xr-x 25 root root 880 Nov 29 14:46 run
lrwxrwxrwx. 1 root root 8 Mar 7 2019 sbin -> usr/sbin
drwxrwxr-x 2 root root 4096 Nov 30 16:47 share
drwxr-xr-x. 2 root root 4096 Apr 11 2018 srv
dr-xr-xr-x 13 root root 0 Nov 11 17:12 sys
drwxrwxrwt. 9 root root 4096 Nov 30 17:30 tmp
drwxr-xr-x. 14 root root 4096 Jan 8 2021 usr
drwxr-xr-x. 20 root root 4096 Jan 8 2021 var
[yinhan@VM-12-12-centos /]$ cd share/
[yinhan@VM-12-12-centos share]$ ll
total 20
-rw-rw-r-- 1 anonymous anonymous 35 Nov 30 16:38 anonymous2
-rw-rw-r-- 1 anonymous anonymous 0 Nov 30 16:34 anonymous3
-rw-r--r-- 1 root root 38 Nov 30 16:39 root1
-rw-r--r-- 1 root root 37 Nov 30 16:39 root2
-rw-r--r-- 1 root root 0 Nov 30 16:33 root3
-rw-rw-r-- 1 yinhan yinhan 37 Nov 30 16:35 yinhan1
-rw-rw-r-- 1 yinhan yinhan 30 Nov 30 16:36 yinhan2
-rw-rw-r-- 1 yinhan yinhan 0 Nov 30 16:32 yinhan3
[yinhan@VM-12-12-centos share]$ whoami
yinhan
[yinhan@VM-12-12-centos share]$ rm anonymous1
rm: cannot remove ‘anonymous1’: No such file or directory
[yinhan@VM-12-12-centos share]$ rm yinhan1
rm: cannot remove ‘yinhan1’: Permission denied
[yinhan@VM-12-12-centos share]$
权限介绍就介绍到这里,对文章支持的不妨点个赞,加个关注哦!
![[论文阅读] Curriculum Semi-supervised Segmentation](https://img-blog.csdnimg.cn/fccbd9557c7f4a8f918c4ab0deb7d8d3.jpeg#pic_center)
