chmod
A file has three permission bits
The 2nd bit looks back and the 9th bit is the permission
Readeble
Writable
Executable
("r" means readable) ("w" means writable) ("x" means executable) ("-" means not readable, not writable, not executable)
rw-(owner) r--(group to which he belongs) r--(other user groups) nine digits in total
Permissions are represented by numbers: r=4 w=2 x=1
Example: rwx=7 rw-=6 --x=1 Example: rw-r--r--=644 rw-r-xr-x=655
Representation: rw- =6 --x =1 -w- =2 Combined representation: rwxrwxrwx=777 rw-rw-rw-=666 -wx-wx-wx=333
1. Command syntax:
chmod xxx file name such as: #chmod 700 3.txt
2. Command description:
chmod = change mode is used to change the user's read, write and execute permissions on files/directories.
3. Command options:
The -R option is equivalent to the -R option of the chown command, which also means cascading changes.
**Knowledge point: Note: In Linux system, the default permission of a directory is 755, and the default permission of a file is 644. **
**Knowledge points: chmod a (all) u (owner) g (group) o (other user groups) + – (add or cancel) **
**Knowledge point: If in the environment where selinux is enabled, there will be a dot '.' after the created directory or file permission, indicating that the directory or file is subject to selinux; for example: **
Example: Modify 3.txt file permissions
[root@cham2 tmp]# ls -l
总用量 8
-rw-r--r-- 1 root root 2 10月 24 21:21 2.txt
-rw-r--r-- 1 root root 0 10月 25 15:24 3.txt
drwxrwx--- 2 root root 19 10月 24 13:02 cham2
drwxr-xr-x 4 root root 28 10月 24 12:58 chamlinux
-rwx------. 1 root root 836 10月 19 07:00 ks-script-JG2UJk
drwx------ 3 root root 17 10月 24 12:21 systemd-private-5ec76fd91759498b901e85cba2554a24-vmtoolsd.service-H1l4Cy
-rw-------. 1 root root 0 10月 19 06:55 yum.log
[root@cham2 tmp]# chmod 700 3.txt
[root@cham2 tmp]# ls -l 3.txt
-rwx------ 1 root root 0 10月 25 15:24 3.txt
[root@cham2 tmp]#
To modify the permissions of all sub-files and sub- directories in the directory in batches, you can add a -R option
Example: Use the -R option to change the permissions of cham2 to 770,.
[root@cham2 tmp]# chmod -R 770 cham2
[root@cham2 tmp]# ls -ld cham2
drwxrwx--- 2 root root 19 10月 25 15:41 cham2
[root@cham2 tmp]# ls -l cham2/
总用量 0
-rwxrwx--- 1 root root 0 10月 25 15:41 1.txt
chmod a (all) u (owner) g (group) o (other user groups) + – (add or cancel)
Example:
[root@cham2 tmp]# chmod u=rwx,g=r,o=r cham2
[root@cham2 tmp]# ls -ld cham2
drwxr--r-- 2 root root 19 10月 25 15:41 cham2
[root@cham2 tmp]# chmod a+x cham2
[root@cham2 tmp]# ls -ld cham2
drwxr-xr-x 2 root root 19 10月 25 15:41 cham2
[root@cham2 tmp]# chmod a-x cham2
[root@cham2 tmp]# ls -ld cham2
drw-r--r-- 2 root root 19 10月 25 15:41 cham2
[root@cham2 tmp]# chmod u-x cham2
[root@cham2 tmp]# ls -ld cham2
drw-r--r-- 2 root root 19 10月 25 15:41 cham2
[root@cham2 tmp]# chmod o+x cham2
[root@cham2 tmp]# ls -ld cham2
drw-r--r-x 2 root root 19 10月 25 15:41 cham2
chown
1. Command syntax:
#chown cham /tmp/yum.log
chown -R username:group filename
2. Command description:
chown = change owner The command chown can change the owner of the file and the group it belongs to.
3. Command options:
The -RR option is only applicable to directories, and its function is to cascade changes, that is, not only to change the current directory, but also to change all the directories or files in the directory.
Example: Change the owner of yum.log
[root@cham2 tmp]# ls -l /tmp/yum.log
-rw-------. 1 root root 0 10月 19 06:55 /tmp/yum.log
[root@cham2 tmp]# chown cham /tmp/yum.log
[root@cham2 tmp]# !ls
ls -l /tmp/yum.log
-rw-------. 1 cham root 0 10月 19 06:55 /tmp/yum.log
chgrp
Abbreviation for chgrp=change group
Example: Change the group you belong to
[root@cham2 tmp]# chgrp change group ^C
[root@cham2 tmp]# chgrp user1 /tmp/yum.log
[root@cham2 tmp]# ls -l /tmp/yum.log
-rw-------. 1 cham user1 0 10月 19 06:55 /tmp/yum.log
Example: Change the owner and group of yum.log.
[root@cham2 tmp]# chown user1:cham /tmp/yum.log
[root@cham2 tmp]# !ls
ls -l /tmp/yum.log
-rw-------. 1 user1 cham 0 10月 19 06:55 /tmp/yum.log
Example: only change the group that yum.log belongs to (the owner is ignored before the command ":")
[root@cham2 tmp]# chown :root /tmp/yum.log
[root@cham2 tmp]# !ls
ls -l /tmp/yum.log
-rw-------. 1 user1 root 0 10月 19 06:55 /tmp/yum.log
Example: -R cascade changes /tmp/cham2 and cham2 files.
[root@cham2 tmp]# chown -R user1:cham /tmp/cham2
[root@cham2 tmp]# ls -l /tmp/cham2/
总用量 0
-rwxrwx--- 1 user1 cham 0 10月 25 15:41 1.txt
[root@cham2 tmp]# ls -ld /tmp/cham2/
drw-r--r-x 2 user1 cham 19 10月 25 15:41 /tmp/cham2/
umask
By default, the umask is 0022, the permission value of the directory is 755, and the permission value of the ordinary file is 644.
1. Command syntax
umask xxx (where xxx represents 3 numbers).
2. Command description
Command umask is used to change the default permissions of files.
If you want to check the value of umask, just enter umask on the command line and press Enter.
The default value of umask here is 0022, the rules :
If the user creates an ordinary file, there is no executable permission by default, only two permissions, r and w, and the maximum value is 666 (-rw-rw-rw-). If the user creates a directory, all permissions are open by default, that is, 777 (-rwxrwxrwx). umask calculation method:
For example, if we change the value of umask to 003, what are the permissions of the normal file (maximum 666) it creates?
The maximum value of ordinary files - umask value = ordinary file permissions to be created
(rw-rw-rw-)-(-------wx)=rw-rw-r--
It can be seen that it is 666-003 =664.
For example, if we change the value of umask to 003, what are the permissions of the directory (maximum 777) it creates?
The maximum value of the directory file - the value of umask = the directory permission to be created
(rwxrwxrwx) - (-------wx) = rwxrwxr-- It
can be seen that 777-003=774
**Note that when calculating umask, it cannot be represented by numbers, only letters. **
chattr
chattr: set hidden permissions change file attributes on a Linux file system
lsattr: View hidden attributes of files/directories
1. Command syntax
chattr [+-=][Asaci][file or directory name], where +,-,= represent increase, decrease and set respectively.
2. Command description The
command chattr (chage attribute) changes the meaning of the attribute
3. After adding this attribute to command option
A, it means that the atime of the file or directory cannot be modified.
After adding this attribute, the data will be written to the disk synchronously.
a After adding this attribute, it means that it can only be appended but not deleted, and non-root users cannot set this attribute.
c After adding this attribute, it means that the file is automatically compressed, and it will be automatically decompressed when reading.
i After adding this attribute, it means that the file cannot be deleted, renamed, linked, written or added.
lsattr
1. Command syntax
lsattr [-aR] [file/directory name]
2. Command description The
command lsattr is used to read special permissions of files or directories.
3. The command option
-a is similar to the -a option of ls, that is, it is listed together with hidden files.
-R List with subdirectory data.
Example : give 11.txt file and view lsattr 11.txt
#chattr +i 11.txt
[root@cham2 ~]# chattr +i 11.txt
[root@cham2 ~]# touch 11.txt
touch: 无法创建"11.txt": 权限不够
[root@cham2 ~]# mv 11.txt 123.txt
mv: 无法将"11.txt" 移动至"123.txt": 不允许的操作
[root@cham2 ~]# rm -v 11.txt
rm:是否删除普通文件 "11.txt"?y
rm: 无法删除"11.txt": 不允许的操作
[root@cham2 ~]# head -n2 /etc/passwd > 11.txt
-bash: 11.txt: 权限不够
#chattr -i 11.txt
#chattr +a 11.txt
[root@cham2 ~]# chattr +a 11.txt
[root@cham2 ~]# touch 11.txt
[root@cham2 ~]# ls
111 11.txt 123 12.txt 1.txt 22.txt 234 2.txt anaconda-ks.cfg.1
[root@cham2 ~]# ls -l
总用量 16
drwxrwxr-- 3 root root 113 10月 25 17:20 111
-rw-rw-r-- 1 root root 70 10月 25 17:44 11.txt
drwxr-xr-x 2 root root 6 10月 25 16:39 123
-rw-r--r-- 1 root root 65 10月 25 17:20 12.txt
-rw-r--r-- 1 root root 0 10月 25 17:31 1.txt
-rw-r--r-- 1 root root 0 10月 25 17:07 22.txt
drwxrwxr-x 2 root root 6 10月 25 16:41 234
-rwx------ 1 root root 1008 10月 25 16:41 2.txt
-rw-------. 1 root root 1422 10月 19 07:00 anaconda-ks.cfg.1
[root@cham2 ~]# head -n2 /etc/passwd > 11.txt
-bash: 11.txt: 不允许的操作
[root@cham2 ~]# head -n2 /etc/passwd >> 11.txt
[root@cham2 ~]# rm -v 11.txt
rm:是否删除普通文件 "11.txt"?y
rm: 无法删除"11.txt": 不允许的操作
[root@cham2 ~]# head -n2 /etc/passwd > 11.txt
#chattr -a 11.txt
#lsattr 11.txt
[root@cham2 ~]# lsattr 11.txt
-----a---------- 11.txt
[root@cham2 ~]#
Works the same for directories as it does for files