Modify linux file permissions command: chmod
Every file and directory in a Linux system has access permissions, which are used to determine who can access and operate on files and directories in what way.
The access permissions of a file or directory are divided into three types: read-only, write-only and executable. Taking a file as an example, the read-only permission means that only its contents are allowed to be read, and any modification operations are prohibited. Executable permission means that the file is allowed to be executed as a program. When a file is created, the owner of the file automatically has read, write, and executable permissions on the file to facilitate reading and modification of the file. The user can also set the access rights to any combination as desired.
There are three different types of users who can access a file or directory: the owner of the file, users in the same group, and other users. The owner is generally the creator of the file. The owner can allow the same group of users to have access to the file, and can also grant access to the file to other users in the system. In this case, every user on the system can access files or directories owned by that user.
There are three groups of access permissions for each file or directory, and each group is represented by three digits, which are the read, write, and execute permissions of the file owner; the read, write, and execute permissions of users in the same group as the owner; The user's read, write, and execute permissions. When displaying detailed information about a file or directory with the ls -l command, the leftmost column is the access permissions for the file. For example:
$ ls -l sobsrc.tgz
-rw-r--r-- 1 root root 483997 Ju1 l5 17:3l sobsrc.tgz The
dash represents an empty license. r stands for read-only, w for write, and x for executable. Note that there are 10 locations in total. The first character specifies the file type. In the usual sense, a directory is also a file. If the first character is a dash, it means it is a non-directory file. If it is d, it means a directory.
For example:
- rw- r-- r--
normal file file primary group user other user
is the access permission of the file sobsrc.tgz, indicating that sobsrc.tgz is a common file; the owner of sobsrc.tgz has read and write permissions; users in the same group as sobsrc.tgz have only read permissions; other users also only have read permissions.
After determining the access rights of a file, users can use the chmod command provided by the Linux system to reset different access rights. You can also use the chown command to change the owner of a file or directory. Use the chgrp command to change the user group of a file or directory.
These commands are described below.
chmod command
The chmod command is very important to change the access permissions of a file or directory. It is used by users to control access rights to files or directories.
There are two uses for this command. One is a literal set containing letters and operator expressions; the other is a numerical set containing numbers.
1. Text setting method
chmod [who] [+ | - | =] [mode]
The meaning of each option in the file name ¼ command is: the
operation object who can be any one of the following letters or their combination:
u means " user", that is, the owner of the file or directory.
g means "users in the same group", that is, all users with the same group ID as the owner of the file.
o means "others".
a means "all (all) users". It is the system default.
Action symbols can be:
+ Add a permission.
- Cancel a permission.
= Grants the given permission and revokes all others (if any).
The permissions represented by setting mode can be any combination of the following letters:
r 可读。
w 可写。
x 可执行。
X 只有目标文件对某些用户是可执行的或该目标文件是目录时才追加x 属性。
s 在文件执行时把进程的属主或组ID置为该文件的文件属主。方式“u+s”设置文件的用户ID位,“g+s”设置组ID位。
t 保存程序的文本到交换设备上。
u 与文件属主拥有一样的权限。
g 与和文件属主同组的用户拥有一样的权限。
o 与其他用户拥有一样的权限。
文件名:以空格分开的要改变权限的文件列表,支持通配符。
在一个命令行中可给出多个权限方式,其间用逗号隔开。例如:chmod g+r,o+r example
使同组和其他用户对文件example 有读权限。
2. 数字设定法
我们必须首先了解用数字表示的属性的含义:0表示没有权限,1表示可执行权限,2表示可写权限,4表示可读权限,然后将其相加。所以数字属性的格式应为3个从0到7的八进制数,其顺序是(u)(g)(o)。
例如,如果想让某个文件的属主有“读/写”二种权限,需要把4(可读)+2(可写)=6(读/写)。
数字设定法的一般形式为:
chmod [mode] 文件名¼
例子:
(1)文字设定法:
例1:$ chmod a+x sort
即设定文件sort的属性为:
文件属主(u) 增加执行权限
与文件属主同组用户(g) 增加执行权限
其他用户(o) 增加执行权限
例2:$ chmod ug+w,o-x text
即设定文件text的属性为:
文件属主(u) 增加写权限
与文件属主同组用户(g) 增加写权限
其他用户(o) 删除执行权限
例3:$ chmod u+s a.out
假设执行chmod后a.out的权限为(可以用ls – l a.out命令来看):
–rws--x--x 1 inin users 7192 Nov 4 14:22 a.out
并且这个执行文件要用到一个文本文件shiyan1.c,其文件存取权限为“–rw-------”,即该文件只有其属主具有读写权限。
当其他用户执行a.out这个程序时,他的身份因这个程序暂时变成inin(由于chmod命令中使用了s选项),所以他就能够读取shiyan1.c这个文件(虽然这个文件被设定为其他人不具备任何权限),这就是s的功能。
因此,在整个系统中特别是root本身,最好不要过多的设置这种类型的文件(除非必要)这样可以保障系统的安全,避免因为某些程序的bug而使系统遭到入侵。
例4:$ chmod a–x mm.txt
$ chmod –x mm.txt
$ chmod ugo–x mm.txt
以上这三个命令都是将文件mm.txt的执行权限删除,它设定的对象为所有使用者。
(2)数字设定法:
例1: $ chmod 644 mm.txt
$ ls –l
即设定文件mm.txt的属性为:
-rw-r--r-- 1 inin users 1155 Nov 5 11:22 mm.txt
文件属主(u)inin 拥有读、写权限
与文件属主同组人用户(g) 拥有读权限
其他人(o) 拥有读权限
例2: $ chmod 750 wch.txt
$ ls –l
-rwxr-x--- 1 inin users 44137 Nov 12 9:22 wchtxt
即设定wchtxt这个文件的属性为:
文件主本人(u)inin 可读/可写/可执行权
与文件主同组人(g) 可读/可执行权
其他人(o) 没有任何权限
chgrp命令
功能:改变文件或目录所属的组。
语法:chgrp [选项] group filename¼
该命令改变指定指定文件所属的用户组。其中group可以是用户组ID,也可以是/etc/group文件中用户组的组名。文件名是以空格分开的要改变属组的文件列表,支持通配符。如果用户不是该文件的属主或超级用户,则不能改变该文件的组。
该命令的各选项含义为:
- R 递归式地改变指定目录及其下的所有子目录和文件的属组。
例1:$ chgrp - R book /opt/local /book
改变/opt/local /book/及其子目录下的所有文件的属组为book。
chown 命令
功能:更改某个文件或目录的属主和属组。这个命令也很常用。例如root用户把自己的一个文件拷贝给用户xu,为了让用户xu能够存取这个文件,root用户应该把这个文件的属主设为xu,否则,用户xu无法存取这个文件。
语法:chown [选项] 用户或组 文件
说明:chown将指定文件的拥有者改为指定的用户或组。用户可以是用户名或用户ID。组可以是组名或组ID。文件是以空格分开的要改变权限的文件列表,支持通配符。
该命令的各选项含义如下:
- R 递归式地改变指定目录及其下的所有子目录和文件的拥有者。
- v 显示chown命令所做的工作。
例1:把文件shiyan.c的所有者改为wang。
$ chown wang shiyan.c
例2:把目录/his及其下的所有文件和子目录的属主改成wang,属组改成users。
$ chown - R wang.users /his
原文地址:
http://www.cnblogs.com/avril/archive/2010/03/23/1692809.html