Linux file normal and default permissions
In a Linux system, almost all resources exist in the form of files, such as commonly used devices. The file permissions are very important for the management of a file. Now let's talk about the file permissions in the Linux system.
1. The object and permissions of the file
Linux adds three objects to each file : the owner of the file, the group to which the file belongs, and others. Since the Linux system is a multi-user and multi-task system, there are often multiple users who log in and create their own files and folders under their home directory. In order to better manage the files under these multi-users, Linux sets 3 belonging objects. The owner of the file is generally the user who is currently logged in and created the file. The group to which the file belongs is to facilitate the sharing of these files among these multiple users. Others are for better management of the file by non-sharers.
For each Linux file, the objects to which the three files belong have three permissions rwx : r ( readable ) , w ( writable ) , and x ( executable ) . For example, enter the following command ls -al under a folder to list some attributes of all files under the folder:
[root@www ~]# ls -al
total 156
drwxr-x--- 4 root root 4096 Sep 8 14:06 .
drwxr-xr-x 23 root root 4096 Sep 8 14:21 ..
-rw------- 1 root root 1474 Sep 4 18:27 anaconda-ks.cfg
-rw------- 1 root root 199 Sep 8 17:14 .bash_history
-rw-r--r-- 1 root root 24 Jan 6 2007 .bash_logout
-rw-r--r-- 1 root root 191 Jan 6 2007 .bash_profile
There are 6 files listed in the figure , each with 7 properties (by column):
[ permission ] [ number of links ] [ file owner ] [ group to which the file belongs ] [ file size in bytes] [ creation or modification time ] [ name ]
In the file permissions column (column) the format is: -rwxrw-rw- .
The first character in this column indicates the type of the file: d/-/l/b/c (respectively: directory / file / link file / interface device for storage / serial port device)
The 2nd to 4th characters in this column indicate the permissions that the owner of this file has: rwx
The 5th to 7th characters in this column indicate the permissions of the group to which this file belongs: rw- , where - means no "executable permissions"
The 8th to 10th characters in this column represent the permissions that others have on this file: rw- , where - means no "executable permissions"
2. Modify file permissions and objects
2.1 Change file owner
chown -R new file owner file or directory
chown -R new file owner: the group file or directory to which the new file belongs
The option -R means to perform the same operation of changing file permissions for all files or directories under the directory.
2.2 Change the group to which the file belongs
chgrp -R The new file belongs to the group file name or folder name
The option -R is similar to 2.1 .
2.3 Change permissions
2.3.1 Utilize digital change
Under Linux , r corresponds to 4 , w corresponds to 2, x corresponds to 1 , so rwx corresponds to 4+2+1=7 , rw- corresponds to 4+2=6 and so on.
chmod -R xyz filename or directory name
Where xyz represent the values of the permissions corresponding to the file owner, the group to which the file belongs, and others, respectively. For example, the new permission of a file is rwxrw-r-- , then xyz=764 .
2.3.2 Changes with r/w/x
chmod -R u=rwx,g=rw,o=rx file name or folder name (equal sign designation method)
cmod -R u+r,gw,ox file name or folder name (addition and subtraction modification method)
chmod -R a=rw -filename or foldername
The u above means the owner of the file, g means the group the file belongs to, o means others, and a means all.
3. The difference between permissions for directories and files
For files:
R : means readable
W : Indicates writable, but not deleteable
X : Indicates that the file is executable under Linux , such as *.sh , *.bat , etc.
For directories:
R : Indicates that you can query and read the file name under the directory (the directory stores the file name), that is, ls
W : Create and move files and directories, delete existing files and directories, change names
X : The permission indicates whether the corresponding user can enter the directory
4. Default permissions
The permissions and modification of files are introduced earlier, and the Linux system assigns default permissions when we create files and folders. For files, generally we only need to record data rather than execute them, so the default permissions assigned by the Linux system to files are 644 (666-022=644). Among them, 666 is obtained by the system taking out its "x" attribute for the file, and 022 is the umask (that is, the permission that needs to be subtracted from the default permission of the computing system). Similarly, for the directory, the directory is allowed to enter (determined by the permission "x"), the default permission assigned by the system to the directory is 755 (777-022), and 022 is still umask.
umask is not immutable, it can be modified and configured:
[root@www ~]# umask 002
When umask=002 is configured, when creating a file, the default permission of the file is 666-002=664, that is, rw-rw-r--, and when creating a directory, the default permission of the directory is 777-002=775, that is, rwxrwxrw-.
5. Special permissions
5.1 set UID (SUID)
This permission can only be used for binary program files , and needs to be configured to the "x" position of the owner of the binary program file, such as -rwsr-----. When the user of a program (others rather than the owner relative to the file) has "x" permission, the user of the program acts as the owner of the program and executes (with the s permission in the "x" position) the binary program .
5.2 set GID (SGID)
Relative to SUID, this permission needs to be configured to the "x" position of the group to which the binary program file or directory belongs . When the user of the program (others rather than the owner of the file) has the "x" permission, the user of the program can get the group permissions and execute (the s permission is in the "x" position) the binary. For a directory, if the user has the rx permission relative to the owner of the directory, and also has the w permission , the group of the file created by the user in the directory is the group to which the directory belongs.
5.3 Sticky Bit(SBIT)
This permission is only for the directory , the permission is configured to the "x" position of others. If the user is a user or other person in the group to which the directory belongs , and has w and x permissions (rwxrwxrwx), it means that a new file or directory can be created, but if the file has been set with SBIT permissions, the user Created files or directories can only be deleted by themselves or by root .