The Linux system is a typical multi-user system. Different users
are in different positions and have different permissions. In order to
protect the security of the system, the Linux system has different rules for
different users to access the same file (including directory files).
In Linux we can use the ll or ls -l command to display the
properties of a file and the users and groups to which the file belongs, such
as:
[ root@www /]# ls - l
Total 64
dr - xr - xr - x 2 root root 4096 Dec 14 2012 bin
Dr - xr - xr - x 4 root root 4096 Apr 19 2012 boot
......
In the example, the first attribute of the bin file is
represented by "d". "d" represents a file in Linux
that is a directory file.
The first character in Linux means that the file is a directory,
a file or a link file, and so on.
·
When [ d ] is the
directory
·
When it is [ - ], it is a file;
·
If it is [ l ], it is
expressed as a link file (link file);
·
If it is [ b ], it is
expressed as an interface device (a random access device) that can be stored in
the device file;
·
If it is [ c ], it is
expressed as a serial port device in the device file, such as a keyboard or a
mouse (disposable reading device).
Among the following characters, a combination of three
parameters, all of which are "rwx". Where [ r ] stands for read,
[ w ] stands for write, and [ x ] stands for executable. It should be
noted that the location of these three permissions will not change. If there is
no permission, a minus sign [ - ] will appear.
The properties of each file are determined by the 10 characters
in the first part of the left (as shown below).
From
left to right, these numbers are represented by 0-9.
Bit 0 determines the file type, and bits 1-3 determine the owner
(the owner of the file) owns the file.
Bits 4-6 determine that the group
(owner's group of users) has permission to the file, and bits 7-9 determine the
permissions of other users to own the file.
Among them, the first, fourth, and seventh digits indicate read
permission. If the "r" character is used, there is read permission.
If the "-" character is used, there is no read permission.
The 2nd, 5th, and 8th digits indicate the write permission. If
the "w" character is used, the write permission is given. If the
"-" character is used, the write permission is not used; the 3rd,
6th, and 9th digits indicate the executable permission. The x" character
indicates that there is execute permission. If the "-" character is
used, there is no execute permission.
Linux file owner and group
[ root@www /]# ls - l
Total 64
drwxr - xr - x 2 root root 4096 Feb 15 14 : 46 cron
Drwxr - xr - x 3 mysql mysql 4096 Apr 21 2014 mysql
......
For a file, it has a specific owner, which is the user who owns
the file.
Meanwhile, in a Linux system, users are classified by group, and
one user belongs to one or more groups.
Users other than the file owner can be divided into the same
group of users and other users of the file owner.
Therefore, Linux systems specify different file access rights by
file owner, file owner group users, and other users.
In the above example, the mysql file is a directory file, the
owner and the group are both mysql, the owner has readable, writable,
executable permissions; other users with the same group are readable and
executable Permissions; other users also have readable and executable
permissions.
For the root user, in general, the permissions of the file do
not work for it.
Change file properties
1, chgrp: change the file group
grammar:
Chgrp [- R ] is the group name file name
Parameter option
·
-R: Recursively change the file group, that is, when changing
the group of a directory file, if the -R parameter is added, the group of all
files in the directory will be changed.
2, chown: change the file owner, you can also change the file group at the same time
grammar:
Chown [– R ] is the main name of the file name
chown [- R ] is the main name: is the group name file name
Enter the /root directory (~) to change the owner of the
install.log to the bin account:
[ root@www ~] cd ~ [ root@www ~]# chown bin install . log
[ root@www ~]# ls - l
- rw - r -- r -- 1 bin users 68495 Jun 25 08 : 53 install . Log
Change the owner and group of install.log back to root:
[ root@www ~]# chown root : root install . log
[ root@www ~]# ls - l
- rw - r -- r -- 1 root root 68495 Jun 25 08 : 53 install . log
3, chmod: change the file 9 attributes
There are two ways to set Linux file properties, one is a number
and the other is a symbol.
There are nine basic permissions for Linux files. The three
roles of owner/group/others each have their own read/write/execute permissions.
First review the data just mentioned above: the permission
character of the file is: "-rwxrwxrwx", these nine permissions are
three three groups! Among them, we can use numbers to represent each
permission, and the score comparison table of each authority is as follows:
·
r:4
·
w:2
·
x:1
The three permission (r/w/x) scores for each identity
(owner/group/others) need to be accumulated, for example, when the permissions
are: [-rwxrwx---] The score is:
·
Owner = rwx = 4+2+1 = 7
·
Group = rwx = 4+2+1 = 7
·
Others = --- = 0+0+0 = 0
So when we set the permission change, the file permission number
is 770! The syntax for changing the permission chmod is like this:
Chmod [- R ] xyz file or directory
Options and parameters:
·
Xyz : is the permission attribute of the numeric type just
mentioned, which is the sum of the values of the rwx attribute.
·
-R : Make persistent changes to recursive, that is, all files
along with the secondary directory will change.
For example, if you want to enable all permissions for the
.bashrc file, then the command is as follows:
[ root@www ~]# ls - al . bashrc
- rw - r -- r -- 1 root root 395 Jul 4 11 : 45 . bashrc
[ root@www ~]# chmod 777 . bashrc
[ root@www ~]# Ls - al . bashrc
- rwxrwxrwx 1 root root 395 Jul 4 11 : 45 . bashrc
Then if you want to change the permissions to -rwxr-xr--? Then
the score of the authority becomes [4+2+1][4+0+1][4+0+0]=754.
Symbol type change file permissions
There is also a way to change permissions. From the previous
introduction we can find that basically the nine permissions are:
·
(1)user
·
(2)group
·
(3) others
Then we can use u,
g, o to represent the permissions of the three identities!
In addition, a stands
for all, that is,
all identities. The read and write permissions can be written as r, w, x,
which can be viewed using the following table:
|
Chmod
|
u
g o a |
+ (join)
- (remove) = (set) |
r
w x |
File or directory
|
If we need to set the file permission to -rwxr-xr--, we
can use chmod
u=rwx,g=rx,o=r filename to set:
# touch test1 // Create test1 file # ls -al test1 // View test1 default permissions - rw - r -- r -- 1 root root 0 Nov 15 10 : 32 test1
# chmod u=rwx,g=rx,o= r test1 // modify test1 permission # ls -al
test1 - rwxr - xr -- 1 root root 0 Nov 15 10 : 32 test1
And if you want to remove the permissions without changing other
existing permissions? For example, to remove the executable permissions of
all people, then:
# chmod ax test1 # ls -al test1 - rw - r -- r -- 1 root root 0 Nov 15 10 : 32 test1
0 Comments