Linux操作系统文件访问权限详解

如题所述

推荐答案 æ¨èäº2017-12-16

ä¸ç´ä»¥rootç»éä½¿ç¨linuxçäººæ¥è¯´å¾å°ææéè¢«æè¿ç§æ¦å¿µï¼ä½æäºæ¶ååæ·±åæéæç»å°æ°ã
ããç¥éä¸ºä»ä¹å¾å¤ç¨åºä¸éè¦ä½¿ç¨getuid()ï¼setuid()ï¼ä¸ºä»ä¹ä»¥æ®éæéç»éçç¨æ·ä¸è½è¿å¥/rootï¼ä¸ºä»ä¹å¨/ç®å½ä¸æ§è¡ls -låå¯ä»¥æ¾ç¤ºrootçä¿¡æ¯ï¼ä½ls /root -alå´æ¯æéä¸å¤ï¼ä¸ºä»ä¹æäºæä»¶å¤¹å¯ä»¥ç»§ç»åå»ºæä»¶ï¼ä½å°±æ¯ä¸è½lsï¼ççï¼ç¸ä¿¡çäºæ¤æå°±è½æç½ã
ããä¸»è¦æ¯å¦ä¹ ç¬è®°ï¼ä¸è¶³ä¹å¤è¯·ææ£ã
ããCentOS 5.4 [testc@xxx opt]$ uname -a Linux xxx 2.6.18-164.el5xen #1 SMP Thu Sep 3 04ï¼47ï¼32 EDT 2009 i686 i686 i386 GNU/Linux
ããä¸ãå£ä»¤æä»¶1ï¼æ ¼å¼åå¨æä»¶/etc/passwdï¼æ ¼å¼å¦ä¸ï¼rootï¼xï¼0ï¼0ï¼rootï¼/rootï¼/bin/bash aaaï¼xï¼501ï¼501ï¼bjï¼ bjï¼ 8111111ï¼136000111ï¼/home/aaaï¼/bin/bashç¨æ·åï¼å å¯å¯ç ï¼ç¨æ·IDï¼ç»IDï¼æ³¨éï¼å·¥ä½ç®å½ï¼shellï¼
ããé»è®¤æåµæ¯ç¬¬ä¸è¡çæ ¼å¼;æ³¨éåæ®µå¯ä»¥èªè¡ä¿®æ¹ï¼ç¨éå·éå¼ï¼å¦ç¬¬äºè¡æ ¼å¼ï¼è¿ä¸»è¦æ¯ç»fingerå½ä»¤ä½¿ç¨æ¶å¯è§£æã
ããå¯ä»¥vi /etc/passwdä¿®æ¹ï¼ä½ä¸ºäºä¿è¯å¶æ ¼å¼çæ£ç¡®æ§ï¼è¯·ç¨vipwå½ä»¤ç¼è¯æ¤æä»¶ã
ããsh-3.2# finger aaa Loginï¼ aaa Nameï¼ bj Directoryï¼ /home/aaa Shellï¼ /bin/bash Officeï¼ bjï¼ 8111111 Home Phoneï¼ 136000111 Never logged in. No mail. No Plan.
ãã2ï¼ç¼ç¨å®ä¾
ãã/*getpwnam_pwuid.c*/ #include #include #include
ããint main(void)
ãã{ //struct passwd *pwd = getpwnam("aaa");struct passwd *pwd = getpwuid(501);if(pwd == NULL)
ãã{ printf("err.\n");return 1;}
ããprintf("nameï¼%s\n"ï¼ pwd->pw_name);printf("passwdï¼%s\n"ï¼ pwd->pw_passwd);printf("descriptionï¼%s\n"ï¼ pwd->pw_gecos);printf("uidï¼%d\n"ï¼ pwd->pw_uid);printf("gidï¼%d\n"ï¼ pwd->pw_gid);printf("dirï¼%s\n"ï¼ pwd->pw_dir);printf("shellï¼%s\n"ï¼ pwd->pw_shell);
ããreturn 0;}
ããsh-3.2# gcc getpwnam_pwuid.c -o app sh-3.2# ./app nameï¼aaa passwdï¼x descriptionï¼bjï¼ bjï¼ 8111111ï¼136000111 uidï¼501 gidï¼501 dirï¼/home/aaa shellï¼/bin/bash
ããäºãç»æä»¶1ï¼æ ¼å¼åå¨æä»¶/etc/groupï¼æ ¼å¼å¦ä¸rootï¼xï¼0ï¼root binï¼xï¼1ï¼rootï¼binï¼daemon aaaï¼xï¼501ï¼ç»åï¼å å¯å¯ç ï¼ç»IDï¼æåçåç¨æ·å
ãã2ï¼æ¹åæä»¶uidågid.
ããsh-3.2# pwd /root/study sh-3.2# ls -al -rw-râârââ 1 root root 397 10-11 03ï¼23 test.c
ããchgrp æ¹åæå±ç»IDï¼å½ç¶åªærootæéæå¯ä»¥ä¿®æ¹ã
ããsh-3.2# chgrp aaa test.c sh-3.2# ls -al -rw-râârââ 1 root aaa 397 10-11 03ï¼23 test.c
ããè¿ä¸ªaaaå°±æ¯æ°ç»åï¼å¶å¨/etc/groupä¸ï¼å¯ä»¥éè¿adduser aaaèªè¡æ·»å sh-3.2# cat /etc/group rootï¼xï¼0ï¼root binï¼xï¼1ï¼rootï¼binï¼daemon daemonï¼xï¼2ï¼rootï¼binï¼daemon.
ããgdmï¼xï¼42ï¼sabayonï¼xï¼86ï¼plmtestï¼xï¼500ï¼aaaï¼xï¼501ï¼
ããchown æ¹åç¨æ·IDæç»ID sh-3.2# chown aaaï¼aaa test.c sh-3.2# ls -al -rw-râârââ 1 aaa aaa 397 10-11 03ï¼23 test.c
ãã3ï¼ç¼ç¨å®ä¾
ãã/*getgrnam.c*/ #include #include
ããint main(int argcï¼ char *argv[])
ãã{ if(argv[1] == NULL)
ãã{ printf("input error.\n");return 1;}
ããstruct group *gp = getgrnam(argv[1]);if(gp == NULL)
ãã{ printf("err.\n");return 1;}
ããprintf("nameï¼%s\n"ï¼ gp->gr_name);printf("psswdï¼%s\n"ï¼ gp->gr_passwd);printf("gidï¼%d\n"ï¼ gp->gr_gid);
ããint i;for(i = 0; gp->gr_mem[i] != NULL; i++)
ãã{ printf("group nameï¼%s\n"ï¼ gp->gr_mem[i]);}
ããreturn 0;}
ããsh-3.2# gcc getgrnam.c -o app sh-3.2# ./app bin nameï¼bin psswdï¼x gidï¼1 group nameï¼root group nameï¼bin group nameï¼daemon 4ï¼æä»¶æéä¸ç»è®²äºsh-3.2# ls -alæ»è®¡ 483984 drwxr-xââ 13 root root 4096 02-22 00ï¼01 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ãã-rw-râârââ 1 root root 464023491 10-25 22ï¼33 3.3.005-080425.tgz -rwââ 1 root root 9346 02-21 23ï¼16 .bash_history -rw-râârââ 1 root root 24 2007-01-06 .bash_logout -rw-râârââ 1 root root 191 2007-01-06 .bash_profile -rw-râârââ 1 root root 176 2007-01-06 .bashrc drwxrwxrwx 10 1000 users 4096 08-23 20ï¼16 cflow-1.3 -rw-râârââ 1 root root 759691 08-23 20ï¼13 cflow.tar.gz -rw-râârââ 1 root root 100 2007-01-06 .cshrc -rwxr-xr-x 1 root root 582 11-11 21ï¼48 delete_M.sh -rw-râârââ 1 root root 2518 11-11 20ï¼25 .dir_colors
ããä¸»è¦æ¯æå·¦è¾¹ä¸åï¼drwxr-xââ10ä¸ªåç¬¦ï¼æå·¦è¾¹æ¯æä»¶ç±»åï¼-é»è®¤ä¸ºæ®éæä»¶;dï¼ç®å½æä»¶;lç¬¦å·é¾æ¥â¦â¦
ããåé¢9ä¸ªï¼3ä¸ªä¸ç»å±ä¸ç»ï¼åå«è¡¨ç¤ºæå±ç¨æ·uidçæé;æå±ç»æèéå±ç»gidçæé;å¶å®æéã
ããä¸ä¸ªåç¬¦åå«æ¯è¯»ãåãæ§è¡æéè¯»4ï¼å2ï¼ æ§è¡1
ããæä»¥chmod 777 test.cï¼æåå°è¯»ãåãæ§è¡æéã
ãã5ï¼ç»æéæä½å®ä¾æ¤èæ¼ç¤ºç¸åç»çæåä¹é´å±äº«èµæºï¼å³ä¸åuidä½ç¸ågidçç¨æ·å±äº«åä¸ç»çèµæºã
ããä¸ºäºæ¹ä¾¿èµ·è§ï¼æåæ¶å¼äºä¸¤ä¸ªç»ç«¯ã
ãã"sh-3.2#"ä»¥rootæéç»éçshell /bin/sh "[testa@xxx root]"ä»¥testaç¨æ·ç»éçshell
ããæ³¨ï¼ä¸ææå°çâç¨æ·âæ¯æ/etc/passwdéå®ä¹çéè¿ç»ç«¯ç»éçç¨æ·(æ¤æå³ä»¥ä¸å¢å çä¸ä¸ªè´¦å·å)ã
ããsh-3.2# useradd testa sh-3.2# useradd testb sh-3.2# useradd testc
ããsh-3.2# tail -f /etc/passwd -n 4 sabayonï¼xï¼86ï¼86ï¼Sabayon userï¼/home/sabayonï¼/sbin/nologin testaï¼xï¼500ï¼500ï¼ï¼/home/testaï¼/bin/bash testbï¼xï¼501ï¼501ï¼ï¼/home/testbï¼/bin/bash testcï¼xï¼502ï¼502ï¼ï¼/home/testcï¼/bin/bash
ããåå¼ä¸ä¸ªç»ç«¯ç»étestaï¼ä¹åé£ä¸ªç»ç«¯ä¿æã
ããsh-3.2# su testa [testa@xxx root]$ id uid=500(testa) gid=500(testa) groups=500(testa)
ãã[testa@xxx home]$ ls -alæ»è®¡ 28 drwxr-xr-x 5 root root 4096 02-21 22ï¼52 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ããdrwxââ 3 testa testa 4096 02-21 22ï¼56 testa drwxââ 3 testb testb 4096 02-21 22ï¼48 testb drwxââ 3 testc testc 4096 02-21 22ï¼52 testc
ãã[testa@xxx home]$ cd testb bashï¼ cdï¼ testbï¼ æéä¸å¤
ããéè¿rootä¿®æ¹testbç®å½æéä¸º770ï¼å³å½åuidæègidç¸åçç¨æ·åæè¯»åæ§è¡æéã
ããsh-3.2# cd /home/ sh-3.2# chmod 770 testb
ãã[testa@xxx home]$ ls -alæ»è®¡ 28 drwxr-xr-x 5 root root 4096 02-21 22ï¼52 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ããdrwxââ 3 testa testa 4096 02-21 22ï¼56 testa drwxrwxââ 3 testb testb 4096 02-21 22ï¼48 testb (here modify)
ããdrwxââ 3 testc testc 4096 02-21 22ï¼52 testc
ãã[testa@xxx home]$ cd testb bashï¼ cdï¼ testbï¼ æéä¸å¤[testa@xxx root]$ id uid=500(testa) gid=500(testa) groups=500(testa)
ããæ¤æ¶è½ç¶å¼æ¾äºtestbçæå±ç»æéï¼ä½ç¨æ·testaçgid=500(testa) groups=500(testa)ï¼å®è¿ä¸å±äºtestbç»ã
ããä¸é¢ä¿®æ¹testaçgidä¸ºtestb(æèå¢å å¶éå±ç»groupså¼ä¸ºtestb)
ããsh-3.2# usermod -G testb testa (å¢å ç¨æ·testaçéå±ç»testb)
ããsh-3.2# id testa uid=500(testa) gid=500(testa) groups=500(testa)ï¼501(testb)
ããæ¤æ¶testaç»ç«¯éè¦éæ°ç»ä¸ï¼ä½¿åææ´æ¹çæ[testa@xxx root]$ exit exit [root@xxx ~]# su testa [testa@xxx root]$ id uid=500(testa) gid=500(testa) groups=500(testa)ï¼501(testb)
ãã[testa@xxx root]$ cd /home/ [testa@xxx home]$ ls -alæ»è®¡ 28 drwxr-xr-x 5 root root 4096 02-21 22ï¼52 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ããdrwxââ 3 testa testa 4096 02-21 22ï¼56 testa drwxrwxââ 3 testb testb 4096 02-21 22ï¼48 testb drwxââ 3 testc testc 4096 02-21 22ï¼52 testc [testa@xxx home]$ cd testb [testa@xxx testb]$ pwd /home/testb
ããä»¥ä¸æ¯å¢å äºç¨æ·testaçéå±ç»testbï¼ä½¿å¶å¯¹äºå±äºtestbç»çèµæºæäºè®¿é®æéã
ããä¸é¢åä½¿ç¨newgrpåæ¢ç¨æ·testaçgid.
ãã[testa@xxx testb]$ id uid=500(testa) gid=500(testa) groups=500(testa)ï¼501(testb)
ãã[testa@xxx testb]$ newgrp testb [testa@xxx testb]$ id uid=500(testa) gid=501(testb) groups=500(testa)ï¼501(testb)
ããæ¤æ¶testaç¨æ·çgidå·²æ¹ä¸º501(testb)ã
ããç»ä¹åçå³ç³»å¨æä»¶/etc/group sh-3.2# tail -f /etc/group -n 4 sabayonï¼xï¼86ï¼testaï¼xï¼500ï¼testbï¼xï¼501ï¼testa (æåä¸åï¼ç»åç¨æ·åè¡¨ãå³ç»testbéåå«testaï¼testaå±äºtestbç»ï¼å¤§æ¦å°±è¿ææå§â¦â¦)
ããtestcï¼xï¼502ï¼
ããè½ç¶ç¥éæ§å¶ç»å³ç³»çæä»¶ï¼ä½ä¸è½ç´æ¥ä¿®æ¹äºæä»¶ï¼å¦åæ§è¡newgrpæ¶ä¼åºç°"æ±æ"éè¯¯æç¤ºã
ããå½ç¶rootç¨æ·æéæ¯æ éå¶çï¼å®è®¿é®æä»¶æ¶ä¸éè¦è¿è¡æéæ£æ¥ã
ããä¸ãç¸å³ç³»ç»è°ç¨getuid();getgid();int setuid(uid_t uid);int setgid(gid_t gid);
ããåªæè¶çº§ç¨æ·æèéè¦è®¾ç½®çuidåå½åç¨æ·çuidä¸è´æå¯ä»¥è®¾ç½®ï¼å¦åè¿å-1ï¼ç½®errno = EPERMï¼ errnoå¯ä»¥éè¿strerror()ç¿»è¯ã
ããå¶å®ï¼[testa@xxx home]$ su testa [testa@xxx home]$ sudo touch aa
ããtesta is not in the sudoers file. This incident will be reported.
ããä»¥rootæévim /etc/sudoerså¢å testa ALL=(ALL) ALL
ããåèï¼APUE2Eï¼1.8ï¼ 4.4ï¼ 8.11

温馨提示：答案为网友推荐，仅供参考

当前网址：https://verywind.cn/ee/j3exjvveey7727veve.html

其他回答

第1个回答 2012-11-06

linux下文件权限分为四段：drwxrwxrwx
d表示这是一个目录，是一段，有时第一段也可能是l（l表示软连接）也可能没有，就用“-”表示
第二段是所属主权限，r:4（读取）；w:2（写入）；x:1（执行），rwx表示所属主用于所有权限，第三段和第四段也是一个意思，但第三段表示的是所属组，第四段表示的是其他人，懂了么？

第2个回答 2012-11-06

楼上说的很详细。

第3个回答 2012-11-06

rwx 421

你可能感兴趣的内容

大家正在搜

非常风气网www.verywind.cn

Linux操作系统文件访问权限详解

相关了解……

你可能感兴趣的内容