Table of contents
1. The concept of file permissions
2. Analysis of the result of the Linux command `ll`
3. Two ways to modify permissions in Linux
4. Change the owner and group of the file
1. The concept of file permissions
1. What is it?
Simply put, it is what users can do to files.
The core of file permissions = user (user identity) + transaction attribute (what can be done)
(this can indicate what a user can do to the file)
2. Rights management in Linux is divided into three different categories (identities of users): file owner, users in the same group, and other users.
3. Common permissions (things that can be done): r: read permission (read); w: write permission (write); x: execute (execute).
2. Analysis of the result of the Linux command `ll`
1. File Type
The first character of each column displayed by the ll command indicates the file type of the file.
eg. Use the ll command to view the file type
Tuo: Unlike Windows, Linux does not use file suffixes to distinguish file types .
(The Linux system does not look at the file suffix, but you can show it to yourself to distinguish the file)
2. Owner and belonging group and other users
The 12th to 14th characters in each column displayed by the ll command are the user name of the owner of the file, and the 15th to 17th characters are the user name of the group to which the file belongs.
The owner and the group to which it belongs are an identity and label of the user.
3. The owner, the group to which it belongs, and the permissions of other.
The 2nd to 10th characters in each column displayed by the ll command indicate the owner of the file, the group it belongs to, and the permissions of other.
The 2nd to 4th characters indicate whether the owner has read, write, and execute permissions.
The 5th to 7th characters indicate whether the group to which it belongs has read, write, and execute permissions.
The 8th to 10th characters indicate whether other has read, write, and execute permissions.r: read permission (read), w: write permission (write), x: execute (execute).
If you have this permission, the letter will be displayed, if you don't have this permission, it will be -.
The position of rwx has been fixed , for example: if there is read permission, the first position is r, otherwise it is -. Cases such as wrx and xwr are not possible.
4. The fourth character string in each column displayed by the ll command indicates the space occupied by the file, and the unit is byte.
5. The fifth character string in each column displayed by the ll command indicates the latest modification time of the file.
6. The sixth character string in each column displayed by the ll command represents the file name.
Summarize:
Extension 1: The specific embodiment of authority
Extension 2: No corresponding permission: Permission denied
eg. No execute permission:
3. Two ways to modify permissions in Linux
Both methods use the chmod command. (chmod command: modify permissions.)
1. Method 1:
chmod u/g/o +/- r/w/x filename
(+ adds permissions, - removes permissions)
a. Modify the permissions of the owner (u):
chmod u +/- r/w/x filename
eg. Delete the read permission of the owner of the test.txt file, and add the execute permission to the owner:
(To modify multiple permissions, separate them)
b. Modify the permissions of the group (g) to which it belongs:
chmod g +/- r/w/x filename
eg. Delete the write permission of the group to which it belongs, and add execute permission to the owner:
c. Modify the permissions of other (o):
chmod o +/- r/w/x filename
eg. Delete the read permission of the group to which it belongs, and add write permission to the owner:
d. Modify permissions for all identities (a):
chmod a +/- r/w/x filename
eg. Delete the execution permissions of all identities, and add read permissions to all identities:
eg. Delete the owner's read and write permissions, add write permissions to the group to which it belongs, and delete other's write permissions:
(To modify multiple permissions, separate them.)
Extension 1: The specific embodiment of authority
cat is reading a file and requires read permission.
> Output redirection is writing a file, which requires write permission.
Enter the file path and press Enter to execute the file, which requires execution permission.
Extension 2: Permission denied (permission denied)
When there is no permission to perform the corresponding operation, the prompt will be printed.
2. Octal modification method
chmod XXX filename
Permissions can be changed using chmod and a three-digit octal number.
eg. chmod 777 test.txt
Modify the permissions so that all identities of the file.tx file have read, write, and execute permissions:
eg. chmod 664
Modify the file to read and write for the owner, read and write for the group it belongs to, and read only for other:
principle:
Because yes and no are exactly two states, which can be represented by 0 and 1 in binary. An identity has three permissions that need to be judged. A three-digit binary number can be used to indicate which permissions the identity has, and a three-digit binary number can be used. Converted to an octal number, there are three identities (owner, group, other) to represent the permissions, so we can use a three-digit octal number to represent the permissions of all identities.
like:
111 indicates that all identities have only execute permissions.
777 indicates that all identities have only read, write, and execute permissions.
000 means that all identities do not have any permissions.
4. Change the owner and group of the file
Method 1: Forcibly change under the root user
(cannot be forcibly changed under normal users)
1.chown username path/filename: Change the owner of the file to the specified user.
When modifying the owner of the directory, you can add the option -R: Recursive processing, all files and subdirectories under the specified directory will be processed together.
2.chgrp user name path/file name: Change the group of the file to the specified user.
3.chown user name : user name path/file name: Modify the owner and group of the file to the specified user.
(chown is followed by two users (separated by: in the middle) to modify the owner and group of the file to the specified user at the same time.)
Method 2: Add sudo before the command to execute the command with root privilege level
To use sudo, you must first add the current user to the trust list. Adding a trust list needs to be executed under the root identity.
Adding users to the trust list is not the focus of this chapter, so I won’t expand on it here. For friends who want to know more, please see:
To execute this command, you must also enter the password of the user currently executing the command. The password of a user who is not the owner of the file you want to modify.
In this way, the owner and group of the file can be directly modified without switching to the root user.
Tuo: Why is there no command to directly change the user identity to other?
Because others are not sure.
5. Judgment of Identity
When a user operates on a file, it must first determine the identity of the user with respect to the file:
Look at the user name of the current user to determine the identity, whether it is the owner or group of the file or other
It is only judged once, and the owner is judged first. Once it is judged as the owner, it will not be judged even if it belongs to the group.
(A user can be both an owner and a group)
6. System mask
1. Linux default:
A directory is created with initial permissions starting from 777;
A normal file is created with starting permissions starting at 666.
2. But why is it not like this when we create it?
eg. Observe the permissions of the newly created file
Because Linux will perform some calculations through the system mask, and get a new permission, which becomes the permission of the created directory and file. So the permissions of the files/directories we created are not 666/777.
3. The default system mask of Linux system is 0002. (Only take the last 3 digits when calculating)
eg. Use umask to view the system mask:
4. Calculate the final authority
Calculation process: final authority = initial authority & (~system mask)
Convert the 3-digit octal number of the authority and the system mask into a 9-digit binary number (the octal number of the system mask has 4 digits, but only the last 3 digits are used for calculation), and then press the 9-digit binary number of the system mask to The bit is reversed, and the two strings of binary numbers are bitwise ANDed to obtain the final authority.
eg. The calculation process of permissions after creating a directory/ordinary file:
So the function of the system mask is that the system is used to modify the initial permissions of the newly created file/directory to generate the final permissions.
5. Use umask to modify the system mask:
eg. umask 0777: Modify the system mask to 0777:
After the modified system mask, the modified system mask is used when calculating the final permissions.
eg. Create a file after modifying the system mask to 0777:
7. Permissions required to delete files
For files that cannot be read, written and executed by this user , we can directly use rm to delete them. Does this mean that no permissions are required to delete a file?
What happens is because: Deleting a file or directory is not the owner and group of the file, but the directory where the file is located. Deleting a file/directory in the directory requires the right to write to the directory. authority.
Summary: So whether a file/directory can be deleted depends on whether the user has write permission to the upper-level directory of the file/directory.
So a user can delete another user's files in a public directory. (Set the public directory: set the permission of other in the directory to rwx)
eg. A user deletes another user's file in a public directory:
Eight, sticky bit
0. Problem import
When all users share a directory and have read, write and execute permissions on the directory, can it be done:
a. Multiple users share a directory, and can read, write, create, and execute files in this directory.
b. But you can only delete your own files, but not other users' files.
Can this be achieved by removing the write permission (w)?
No, because the write permission of the directory is deleted, although the files in the directory cannot be deleted, but at the same time we cannot create files in the directory.
At this time we are going to use a new permission: the sticky bit.
extension: create public directory
The public directory must be created under the root directory (/), and the permissions of the created directory other have been changed to rwx to complete the creation of the public directory.
1. The concept of sticky bits
The sticky bit is also a kind of permission like r/w/x (read/write/execute), which is a flag of system permission, represented by the symbol t.
Setting t (sticky bit) to other in the directory can make it possible for multiple users to read, write, create, and delete their own files when working in the same directory, but they cannot delete files of other users.
2. Set the sticky bit: chmod +t mytemp
eg. Set the sticky bit permission for the public directory:
eg. Use of sticky bits:
Note:
t is a special case of permission x, which means it can be accessed but not deleted.
t can only be set for the directory, and there is no need to specify a user when setting the setting, and it is set to other by default.
The sticky bit is generally set by whoever can cancel it (root).
The sticky bit is useful when multiple users are working in the same directory.
Don't worry that other users can delete files in their own directory, because a user does not have any permissions on other users' home directories and cannot perform any operations.
extension, common permission issues
