Linux uses Owner-Group-All permissions by default, that is, file permissions are managed through user groups, rather than directly managed by users. The corresponding relationship between users and user groups has the following situations:
- 1 to 1: the user is the only member of the usergroup
- N to 1: N users only belong to 1 user group
- 1 to N: user belongs to N user groups
- N to N: N users correspond to N user groups
view users
Use cat /etc/passwdto view all users, and it will return :several columns of data separated by , which are:
- Login Username
- Encrypted password or password placeholder
- UID / User ID
- Default GID / Group ID
- GECOS Information / Details
- Main directory
- login shell
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
......
lighthouse:x:1001:1001::/home/lighthouse:/bin/bash
usbmux:x:116:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
postgres:x:117:121:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
mongodb:x:118:122::/var/lib/mongodb:/usr/sbin/nologin
view usergroup
Use to cat /etc/groupview all user groups, and it will also return :several columns of data separated by , which are:
- group name
- encrypted password or a placeholder
- GID number/group ID
- comma separated list of members
$ cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
......
lighthouse:x:1001:lighthouse
ssl-cert:x:120:postgres
postgres:x:121:
mongodb:x:122:
View file permissions
Use ls -l [filename]to view file permissions, use ls -ld [folder]to view directory file permissions, each row will return 7 columns, which are:
- permission character
- number of links
- owner
- Belonging group
- File capacity size, unit byte
- Last Modified
- File name, starting with a dot (
.) is a hidden file
$ ls -l requirements.txt
-rw-r--r-- 1 lighthouse lighthouse 28 Jul 20 14:47 requirements.txt
$ ls -ld sdk/linux
drwxr-xr-x 3 lighthouse lighthouse 4096 Jun 2 15:23 sdk/linux
To understand the permission characters in column 1 above, you need to understand the composition of permission characters:
| permission item | read | Write | implement |
|---|---|---|---|
| character representation | r | w | x |
| digital representation | 4 | 2 | 1 |
Usually there are the following situations:
- Permissions are read, write, and execute
- character means 'rwx', because 'r'+'w'+'x'='rwx'
- The number represents 7, because 4+2+1=7
- Permissions are read and write
- character means 'rw-', because 'r'+'w'+'-'='rw-'
- Number means 6, because 4+2+0=6
- Permissions are read and execute
- character means 'r-x', because 'r'+'-'+'x'='r-x'
- Number means 5, because 4+0+1=5
- Permissions are writable and executable
- character means '-wx', because '-'+'w'+'x'='-wx'
- Number means 3, because 0+2+1=3
There are also representations for different file types:
| file type | character representation |
|---|---|
| normal file | - |
| directory file | d |
| link file | l |
| device file | b |
| character device file | c |
| pipeline file | p |
Permissions are a 10-character string consisting of 4 parts:
- File type (character representation)
- The permissions of the file owner (character representation)
- The permission of the group to which the file belongs (character representation)
- Permissions of other users (character representation)
Give a few examples of common permission characters (in the example, the unified file type is ordinary files):
- -rw------- (600) : Only the owner has read and write permissions
- -rw-r–r-- (644): Only the owner has read and write permissions, and the group and other users only have read permissions
- -rwx------ (700) : Only the owner has read, write, execute permissions
- -rwxr-xr-x (755): Only the owner has read, write, and execute permissions, and the group and other users only have read, execute permissions
- -rwx–x–x (711): Only the owner has read, write, and execute permissions, and the group and other users only have execute permissions
- -rw-rw-rw- (666) : Everyone has read and write permissions
- -rwxrwxrwx (777): everyone has read, write, execute permissions
Set file permissions
Use chmodthe command to change the permissions of the file (usually need to add sudoto obtain system permissions), this command has the following options:
- -c : If the file permissions have indeed been changed, the change action will be displayed
- -f : Do not display an error message if the file permissions cannot be changed
- -v : show details of permission changes
- -R : Make the same permission change for all files and subdirectories in the current directory (that is, change one by one in a recursive manner)
- --help : show help
- --version : display the version
Here's an example of everyone's favorite:
sudo chmod 777 [文件或文件夹的路径]
But the above 777permissions are actually not safe, we can operate more safely, for example, /usr/IotOsbefore we are going to modify the permissions of the directory file, we can first check what permissions it is:
$ ls -ld /usr/IotOs
drwxr-xr-x 2 root root 4096 Jul 21 15:56 /usr/IotOs
drwxr-xr-x(755) corresponds to - only the owner has read, write, and execute permissions, and the group and other users only have read and execute permissions for the directory file. At the same time, the owner of the file is rootand the group it belongs to is root. If we want other users to have write permission, just change the permission to drwxr-xrwx(757).
$ sudo chmod 757 /usr/IotOs
$ ls -ld /usr/IotOs
drwxr-xrwx 2 root root 4096 Jul 21 15:56 /usr/IotOs