创建普通用户falcon
本次操作在falcon家目录下执行,test目录中默认文件644,目录755
[root@www test]# pwd
/home/falcon/test
[root@www falcon]# ll
total 4
d--------- 3 root root 4096 Feb 25 22:33 test
 
[root@www test]# ll
total 12
drwxr-xr-x 2 daemon daemon 4096 Feb 25 22:32 one
-rw-r--r-- 1   daemon daemon    4    Feb 25 22:33 three
-rw-r--r-- 1   daemon daemon    4    Feb 25 22:32 two
 
 
为什么权限设置默认主目录755root.root;里面daemon.daemon目录755,文件644
[root@www falcon]# ll
total 4
drwxr-xr-x 6 root root 4096 Feb 25 23:13 test
[falcon@www test]$ ll
drwxr-xr-x 2 daemon daemon 4096 Feb 25 22:32 one
-rw-r--r-- 1 daemon daemon    4 Feb 25 23:13 three
[falcon@www test]$ echo fafa >>three
-bash: three: Permission denied
 [falcon@www test]$ mkdir eight
mkdir: cannot create directory `eight': Permission denied
[falcon@www test]$ touch  night
touch: cannot touch `night': Permission denied
[falcon@www test]$ rm -f three
rm: cannot remove `three': Permission denied
无法修改文件,无法创建文件目录,无法删除文件
结论:安全
 
目录权限000
[falcon@www ~]$ cd test/
-bash: cd: test/: Permission denied
[falcon@www test]$ echo "fafa">>sh
-bash: sh: Permission denied
[falcon@www test]$ sh four
sh: four: Permission denied
[falcon@www test]$ cat four
cat: four: Permission denied
[falcon@www test]$ mkdir seven
mkdir: cannot create directory `seven': Permission denied
[falcon@www test]$ touch seven
touch: cannot touch `seven': Permission denied
 
什么都干不了
 
目录权限001
[root@www falcon]# chmod 001 test;ll
total 4
d--------x 3 root root 4096 Feb 25 22:33 test
 
[falcon@www test]$ ll
ls: .: Permission denied
[falcon@www test]$ mkdir seven
mkdir: cannot create directory `seven': Permission denied
[falcon@www test]$ touch eight
touch: cannot touch `eight': Permission denied
[falcon@www test]$ cat four
11111
[falcon@www test]$ sh sh
two
[falcon@www test]$ echo "fafa">>sh
-bash: sh: Permission denied
 
无法查看目录列表,无法修改文件,无法删除文件,只能查看已知文件
 
目录权限003
[falcon@www test]$ ll
ls: .: Permission denied
[falcon@www test]$ echo 2222>>sh
-bash: sh: Permission denied
[falcon@www test]$ mkdir falcon
[falcon@www test]$ touch four
[falcon@www test]$
无法查看目录列表,可以创建文件,目录,但是无法修改已有文件
 
目录权限005
[falcon@www test]$ ll
drwxrwxr-x 2 falcon falcon 4096 Feb 25 22:59 falcon
-rw-r--r-- 1 root   root      0 Feb 25 22:53 five
-rw-rw-r-- 1 falcon falcon    6 Feb 25 22:59 four
drwxr-xr-x 2 daemon daemon 4096 Feb 25 22:32 one
-rw-r--r-- 1 daemon daemon   23 Feb 25 22:50 sh
drwxrwxr-x 3 falcon falcon 4096 Feb 25 23:02 six
[falcon@www test]$ echo 222 >> sh
-bash: sh: Permission denied
[falcon@www test]$ touch  sh2
touch: cannot touch `sh2': Permission denied
[falcon@www test]$ mkdir sh2
mkdir: cannot create directory `sh2': Permission denied
[falcon@www test]$ cat sh
#!/bin/bash
echo "two"
可以查看目录,文件,但无法修改
 
目录权限007
[falcon@www test]$ echo eeee >>three
-bash: three: Permission denied
无法修改已有文件
 
结论其他组w权限可以可以创建文件,目录,危险
 
下面为反向测试。如果给了不该给的权限会造成什么后果
目录权限022
[falcon@www test]$ rm -f three
rm: cannot remove `three': Permission denied
[falcon@www test]$ ll
ls: .: Permission denied
[falcon@www test]$ ll
ls: .: Permission denied
[falcon@www test]$ mkdir touch
mkdir: cannot create directory `touch': Permission denied
[falcon@www test]$ touch v
touch: cannot touch `v': Permission denied
[falcon@www test]$ rm -f four
rm: cannot remove `four': Permission denied
[falcon@www test]$ rm -fr six
rm: cannot lstat `six': Permission denied
只具有2的权限还算安全
 
目录权限023
[falcon@www test]$ echo 111 >> v
[falcon@www test]$ rm -f three
[falcon@www test]$ echo 222 >>four
-bash: four: Permission denied
[falcon@www test]$ ll
ls: .: Permission denied
无法查看目录,无法修改文件,但是可以创建文件
 
[root@www test]# ll
-rw-rw-r-- 1 falcon falcon    4 Feb 25 23:25 v
[falcon@www test]$ cat sh
#!/bin/bash
echo "222"
[falcon@www test]$ sh sh
222
结论:wr必须在一起才有用处,虽然无法修改已有文件,但已经可以往里面插入文件了,并执行文件
 
所以。其他组拥有w权限危险