The chmod command is used to change the access permissions of linux system files or directories. Use it to control access to files or directories. There are two uses for this command. One is a literal set containing letters and operator expressions; the other is a numerical set containing numbers.
Every file and directory in a Linux system has access permissions, which are used to determine who can access and operate on files and directories in what way.
The access permissions of a file or directory are divided into three types: read-only, write-only and executable. Taking a file as an example, the read-only permission means that only its contents are allowed to be read, and any modification operations are prohibited. Executable permission means that the file is allowed to be executed as a program. When a file is created, the owner of the file automatically has read, write, and executable permissions on the file to facilitate reading and modification of the file. The user can also set the access rights to any combination as desired.
There are three different types of users who can access a file or directory: the owner of the file, users in the same group, and other users. The owner is generally the creator of the file. The owner can allow the same group of users to have access to the file, and can also grant access to the file to other users in the system. In this case, every user on the system can access files or directories owned by that user.
There are three groups of access permissions for each file or directory, and each group is represented by three digits, which are the read, write, and execute permissions of the file owner; the read, write, and execute permissions of users in the same group as the owner; The user's read, write, and execute permissions. When displaying detailed information about a file or directory with the ls -l command, the leftmost column is the access permissions for the file. E.g:
Order:
ls -al
output:
[root@localhost test]# ll -al Total 316lrwxrwxrwx 1 root root 11 11 - 22 06 : 58 linklog.log -> log2012.log -rw-r--r-- 1 root root 302108 11-13 06:03 log2012.log -rw-r--r-- 1 root root 61 11-13 06:03 log2013.log -rw-r--r-- 1 root root 0 11-13 06:03 log2014.log -rw-r--r-- 1 root root 0 11-13 06:06 log2015.log -rw-r--r-- 1 root root 0 11-16 14:41 log2016.log -rw-r--r-- 1 root root 0 11-16 14:43 log2017.log
Let's take log2012.log as an example:
-rw-r--r-- 1 root root 296K 11-13 06:03 log2012.log
The first column has a total of 10 positions, and the first character specifies the file type. In the usual sense, a directory is also a file. If the first character is a dash, it means it is a non-directory file. If it is d, it means a directory. From the second character to the tenth, a total of 9 characters, a group of 3 characters, respectively indicate the permissions of the 3 groups of users to the file or directory. The permission character is represented by a horizontal line for an empty permission, r for read-only, w for write, and x for executable.
For example:
- rw- r-- r--
indicates that log2012.log is a common file; the owner of log2012.log has read and write permissions; users in the same group as the owner of log2012.log only have read permissions; other users also only have read permissions permissions.
After determining the access rights of a file, users can use the chmod command provided by the Linux system to reset different access rights. You can also use the chown command to change the owner of a file or directory. Use the chgrp command to change the user group of a file or directory.
The chmod command is very important to change the access permissions of a file or directory. It is used by users to control access rights to files or directories. The details of the chmod command are as follows.
1. Command format:
chmod [-cfvR] [--help] [--version] mode file
2. Command function:
It is used to change the access rights of files or directories, and use it to control the access rights of files or directories.
3. Command parameters:
Required parameters:
-c When changes occur, report processing information
-f Do not output error information
-R Process all files in the specified directory and its subdirectories
-v Display detailed processing information when running
Selection parameters:
--reference=<directory or file> Set to have the same authority as the specified directory or file
--version Display version information
<permission range>+<permission setting> Make the directory or file within the authority range have the specified authority
<permission scope>-<permission setting> Delete the specified permission of the directory or file within the
permission scope <permission scope>=<permission setting> Set the permission of the directory or file within the permission scope to the specified value
Permission scope:
u: current user of the
directory or file g: current group of the
directory or file o: user or group except the current user or group of the directory or file
a: all user and group
permissions Code:
r: read permission, represented by number 4
w: write permission, represented by number 2
x: execute permission, represented by number 1
-: delete permission, represented by number 0
s: special permission
There are two uses for this command. One is a literal set containing letters and operator expressions; the other is a numerical set containing numbers.
1). Text setting method:
chmod [who] [+ | - | =] [mode] file name
2). Number setting method
We must first understand the meaning of attributes represented by numbers: 0 means no permission, 1 means Executable permissions, 2 for writable permissions, 4 for readable permissions, then add them up. So the format of the numeric attribute should be 3 octal numbers from 0 to 7 in the order (u)(g)(o).
For example, if you want the owner of a file to have two permissions of "read/write", you need to set 4 (readable) + 2 (writable) = 6 (read/write).
The general form of the numerical setting method is:
chmod [mode] filename
The correspondence between numbers and characters is as follows:
r=4, w=2, x=1,
if you want the rwx attribute, then 4+2+1=7
, if you want the rw- attribute, then 4+2=6;
if you want the rx attribute, then 4+1=7.
4. Use example:
Example 1: Increase the executable permission of all user groups in the file
Order:
chmod a+x log2012.log
output:
[root@localhost test]# ls -al log2012.log -rw-r--r-- 1 root root 302108 11-13 06:03 log2012.log [root@localhost test]# chmod a+x log2012.log [root@localhost test]# ls -al log2012.log -rwxr-xr-x 1 root root 302108 11-13 06:03 log2012.log [root@localhost test]#
illustrate:
That is, set the attributes of the file log2012.log as: the file owner (u) increases the execution authority; the user in the same group as the file owner (g) increases the execution authority; other users (o) increases the execution authority.
Example 2: Modify different user permissions at the same time
Order:
chmod ug + w, ox log2012.log
output:
[root@localhost test]# ls -al log2012.log -rwxr-xr-x 1 root root 302108 11-13 06:03 log2012.log [root@localhost test]# chmod ug+w,o-x log2012.log [root@localhost test]# ls -al log2012.log -rwxrwxr-- 1 root root 302108 11-13 06:03 log2012.log
illustrate:
That is to set the attributes of the file text as follows: the file owner (u) increases the write permission; the user in the same group as the file owner (g) increases the write permission; other users (o) deletes the execution permission
Example 3: Delete file permissions
Order:
chmod a-x log2012.log
output:
[root@localhost test]# ls -al log2012.log -rwxrwxr-- 1 root root 302108 11-13 06:03 log2012.log [root@localhost test]# chmod a-x log2012.log [root@localhost test]# ls -al log2012.log -rw-rw-r-- 1 root root 302108 11-13 06:03 log2012.log
Description:
Remove executable permissions for all users
Example 4: Use "=" to set permissions
Order:
chmod u=x log2012.log
output:
[root@localhost test]# ls -al log2012.log -rw-rw-r-- 1 root root 302108 11-13 06:03 log2012.log [root@localhost test]# chmod u=x log2012.log [root@localhost test]# ls -al log2012.log --- xrw-r-- 1 root root 302108 11 - 13 06 : 03 log2012.log
illustrate:
Revoke all original permissions, then make the owner have read permissions
Example 5: Add permissions to all files in a directory and its subdirectories
Order:
chmod -R u+x test4
output:
[root@localhost test]# cd test4 [root@localhost test4]# ls -al Total 312drwxrwxr -x 2 root root 4096 11-13 05:50 . _ _ drwxr-xr-x 5 root root 4096 11-22 06:58 .. -rw-r--r-- 1 root root 302108 11-12 22:54 log2012.log -rw-r--r-- 1 root root 61 11-12 22:54 log2013.log -rw-r--r-- 1 root root 0 11-12 22:54 log2014.log [root@localhost test4]# cd .. [root@localhost test]# chmod -R u+x test4 [root@localhost test]# cd test4 [root@localhost test4]# ls -al Total 312drwxrwxr -x 2 root root 4096 11-13 05:50 . _ _ drwxr-xr-x 5 root root 4096 11-22 06:58 .. -rwxr--r-- 1 root root 302108 11-12 22:54 log2012.log -rwxr--r-- 1 root root 61 11-12 22:54 log2013.log -rwxr--r-- 1 root root 0 11-12 22:54 log2014.log
illustrate:
Recursively assign permissions to the owners of all files and subdirectories in the test4 directory
Some other examples:
1).
Order:
chmod 751 file
illustrate:
Assign the permissions of read, write, and execute (7) to the owner of the file, assign the permissions of read, execute (5) to the group where the file is located, and assign permissions to execute (1) to other users
2).
Order:
chmod u=rwx,g=rx,o=x file
illustrate:
Another form of the above example
3).
Order
chmod =r file
illustrate:
Assign read permission to all users
3).
Order:
chmod 444 file
illustrate:
Same as above Example
4).
Order:
chmod a-wx,a+r file
illustrate:
Same as above Example