File and directory permissions chmod , change owner and group chown , umask , hidden permissions lsattr/chattr

Linux file attributes

All files and directories in Linux have an owner and a group. The owner refers to the owner of the file or directory, and the group belongs to which user group the file belongs to. Setting file attributes in this way is for the security of files and directories.

Use the ls-l command to view the permissions of a file or directory

[root@localhost ~]# ls -l 22
-rw-r--r--. 1 root root 0 1月  31 03:33 22

As shown in the figure above, the content displayed after executing the ls-l command is the attribute of the file. -rw-r--r-- The first character "-" indicates that the file is a normal file, and the meaning of each different character is listed below.

the meaning of the first character

  • d means the file is a directory
  • - indicates that the file is a normal file
  • l indicates that the file is a link file
  • b indicates that the file is a block device, such as /dev/sda and other hard disk partition files are of this type -c indicates that the file is a serial port device file, such as keyboard, mouse, printer, tty terminal, etc.
  • s indicates that the file is a socket file for communication between processes

The last nine digits of the file attribute, each group of three, is a combination of rwx-the four characters. The first three digits represent the permissions of the owner of the file, the middle three digits represent the permissions of the group to which the file belongs, and the last three digits represent the permissions of the group to which the file belongs. Permissions of other users to the file

  • r is read permission, represented by numbers r=4
  • w is writable permission, represented by numbers w=2
  • x is the executable permission, which is represented by a number as x=1. So when we give a file permission, such as giving it the owner readable, writable and executable, the group to which it belongs, the readable and executable permissions, and other users' executable permissions, you can use chmod 731 filename

We can also see that there is a character "·" after the permission attribute character

This is because the new version of ls adds SELinux or acl attributes. If the file or directory uses the SELinux context attribute, a . will be displayed here, and if the acl attribute is set, a + will be displayed here.

[root@localhost ~]# ls -l 22
-rw-r--r--. 1 root root 0 1月  31 03:33 22

  • There is also a number "1" after "." to indicate the node occupied by the file. If it is a directory, then this value is related to the number of subdirectories under the directory.
  • The first "root" after the file indicates the owner of the file
  • The second "root" indicates the group to which the file belongs
  • "0" indicates the size of the file
  • Then it indicates the last time the file was modified (mtime), followed by month, day, point
  • The last set of characters is the filename

chmod command

The chmod (change mode) command is a command used to change file or directory permissions. The format is chmod permission filename . We mentioned above that read, write and execute permissions are represented by numbers. Then the default directory permission in the system is 755, and the default permission of the file. It is 644. In addition to being represented by numbers, we can also change it directly by characters when changing permissions. for example:

[root@localhost ~]# ls -l 22
-rw-r--r--. 1 root root 0 1月  31 03:33 22
[root@localhost ~]# chmod 777 22
[root@localhost ~]# ls -l
总用量 4
-rwxrwxrwx. 1 root root   0 1月  31 03:33 22
-rw-------. 1 root root 973 1月  31 02:11 anaconda-ks.cfg

[root@localhost ~]# chmod u=rwx,g=rw,o=--- 22
[root@localhost ~]# ls -l 22
-rwxrw----. 1 root root 0 1月  31 03:33 22
[root@localhost ~]# ^C
[root@localhost ~]# 

It can be seen that when using characters to modify, you need to use u=rwx, g=rw, o=---, where u means user, g means group, o means the permissions of others, and you can also use a, a means all , including owner, group and other users

[root@localhost ~]# chmod a+rw 22
[root@localhost ~]# ls -l 22
-rwxrw-rw-. 1 root root 0 1月  31 03:33 22

The chmod command also has a -R option, which is used for a directory, which means that the directory attributes are changed in cascade, and all directories and files in the directory are changed to the same permissions as the directory.

chown command

The chown command (change owner) can change the owner of files and directories. The format is: chown_ username: group name file name_, when the file is a directory, and to change the owner of all files in the directory, you need to use chown - R user name: group name file name , when you don't need to change the group you belong to, just delete the ":group name" parameter.

[root@localhost ~]# ls -l 22
-rwxrw-rw-. 1 root root 0 1月  31 03:33 22
[root@localhost ~]# chown lic 22
[root@localhost ~]# !ls
ls -l 22
-rwxrw-rw-. 1 lic root 0 1月  31 03:33 22
[root@localhost ~]# 

chgrp command

The chgrp command (change group) changes the group to which the file belongs. The format is: chgrp group name and file name . Similarly, if you want to change the group of a directory and the left and right files in the directory, you need to use the chgrp-R command.

umask instruction

The value of umask is used to change the default permission of the file. The default permission of a directory is 777, and the default permission of a file is 666. After analyzing the relationship between the value of umask and the default permission, it can be concluded that the default permission of the file = default value - umask value. for example:

[root@localhost ~]# umask
0022
[root@localhost ~]# mkdir test01
[root@localhost ~]# ls -ld test01/
drwxr-xr-x. 2 root root 6 2月  23 23:35 test01/
[root@localhost ~]# umask 002
[root@localhost ~]# umask
0002
[root@localhost ~]# mkdir test02
[root@localhost ~]# ls -ld test02
drwxrwxr-x. 2 root root 6 2月  23 23:36 test02
[root@localhost ~]# umask 077
[root@localhost ~]# umakd
-bash: umakd: 未找到命令
[root@localhost ~]# umask
0077
[root@localhost ~]# mkdir test03
[root@localhost ~]# ls -ld test03
drwx------. 2 root root 6 2月  23 23:37 test03
[root@localhost ~]# 

chattr command

The chattr command (change attribute), the format is: chattr [+, -, =] [parameter] file name or directory name The parameters are as follows:

  • A: After adding the modification attribute, it means that the Atime of the file or directory cannot be modified.
  • s: After adding this attribute, it means that the data will be written to the disk synchronously.
  • a : After adding the modification attribute, it means that the file can only be appended, not deleted, and only the root user can set the modification attribute.
  • c : After adding this attribute, it means that the file is automatically compressed, and it will be automatically decompressed when reading.
  • i : After adding this attribute, it means that the file cannot be deleted, renamed, linked, written or added.
[root@localhost ~]# umask
0022
[root@localhost ~]# mkdir test01
[root@localhost ~]# ls -ld test01/
drwxr-xr-x. 2 root root 6 2月  23 23:35 test01/
[root@localhost ~]# umask 002
[root@localhost ~]# umask
0002
[root@localhost ~]# mkdir test02
[root@localhost ~]# ls -ld test02
drwxrwxr-x. 2 root root 6 2月  23 23:36 test02
[root@localhost ~]# umask 077
[root@localhost ~]# umakd
-bash: umakd: 未找到命令
[root@localhost ~]# umask
0077
[root@localhost ~]# mkdir test03
[root@localhost ~]# ls -ld test03
drwx------. 2 root root 6 2月  23 23:37 test03
[root@localhost ~]# 

In the above example, after setting "i" permission to test01, even the root user cannot create directories or files in this directory. After deducting the -i permission, the command to create the directory can be executed normally.

[root@localhost ~]# chattr +a test01
[root@localhost ~]# touch test01/123
[root@localhost ~]# rm test01/123
rm:是否删除普通空文件 "test01/123"?y
rm: 无法删除"test01/123": 不允许的操作
[root@localhost ~]# chattr -a test01
[root@localhost ~]# rm test01/123
rm:是否删除普通空文件 "test01/123"?y
[root@localhost ~]# 

As you can see here, after setting a permission to the directory, you can only create files in this directory, but you cannot delete files.

lsattr command

The lsattr command (list attribute) is used to read special permissions of a file or directory, the format is: lsattr -[a, R] [file name or directory name]

  • a means to list together with hidden files
  • R means list along with subdirectory data
[root@localhost ~]# lsattr test01
---------------- test01/test04
[root@localhost ~]# lsattr -a test01
---------------- test01/.
---------------- test01/..
---------------- test01/test04
[root@localhost ~]# lsattr -R test01
---------------- test01/test04

test01/test04:

[root@localhost ~]# 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325392146&siteId=291194637