1.The concept of Linux permissions
There are two types of users under Linux: super user (root) and ordinary user.
超级用户:可以再linux系统下做任何事情,不受限制
普通用户:在linux下做有限的事情。
超级用户的命令提示符是“#”,普通用户的命令提示符是“$”。Command: su [username] Function: switch users. For example, to switch from the root user to the ordinary user, use su user. To switch from the ordinary user user to the root user, use su root (root can be omitted). At this time, the system will prompt you to enter the password of the root user.
2.Linux permission management
文件和文件目录的所有者:u---User
文件和文件目录的所有者所在的组的用户:g---Group
其它用户:o---Others 3. File type and access permissions (thing attributes)
Basic permissions:
i. Read (r/4): For files, Read has the permission to read the file content; for directories, it has the permission to browse the directory information.
ii. Write (w/2): For files, Write has the permission to modify the file content; for directories, it has the permission to delete files in the moved directory.
iii. Execute (x/1): For files, execute has the permission to execute the file; for directories, it has the permission to enter the directory iv. "—" means it does not have the permission.
3.1 Representation method of file permission value
1. Character representation method
2. Octal numerical representation method
4. Related setting methods for file access permissions
chmod
chmod
功能:设置文件的访问权限
格式:chmod [参数] 权限 文件名
常用选项
R -> 递归修改目录文件的权限
说明:只有文件的拥有者和root才可以改变文件的权限Format 1: User identifier +/-= permission character
+:向权限范围增加权限代号所表示的权限
-:向权限范围取消权限代号所表示的权限
=:向权限范围赋予权限代号所表示的权限
用户符号:
u:拥有者
g:拥有者同组用
o:其它用户
a:所有用户
示例:chmod a-rwx test.txtFormat 2: chmod a=x /home/abc.txt
示例:chmod 777 test.txtchown
chown
功能:修改文件的拥有者
格式:chown [参数] 用户名 文件名
实例:chgrp
chgrp
功能:修改文件或目录的所属组
格式:chgrp [参数] 用户组名 文件名
常用选项:-R 递归修改文件或目录的所属组
实例:chgrp root test.txtumask
Function:
View or modify the file mask.
Default permissions for new folders = 0666.
Default permissions for new directories = 0777.
But in fact, the permissions you see for the files and directories you create are often not the above values. The reason is that when creating files or directories, they are also affected
by umask. Assuming that the default permission is mask, the actually created file permissions are: mask & ~umask
Format : umask Permission value
description: After subtracting the permission mask from the existing access permissions, the default permissions when creating a file can be generated. The default mask value for super users is 0022, and
the default mask value for ordinary users is 0002.
# umask //查看
# umask 044//设置
file
file指令:
功能说明:辨识文件类型。
语法:file [选项] 文件或目录...
常用选项:
-c 详细显示指令执行过程,便于排错或分析程序执行的情形。
-z 尝试去解读压缩文件的内容。Use sudo to assign permissions
(1) Modify the /etc/sudoers file allocation file
(2) Use sudo to call authorized commands
5. Directory permissions
可执行权限: 如果目录没有可执行权限, 则无法cd到目录中.
可读权限: 如果目录没有可读权限, 则无法用ls等命令查看目录中的文件内容.
可写权限: 如果目录没有可写权限, 则无法在目录中创建文件, 也无法在目录中删除文件What needs to be noted here is that as long as the user has write permissions for the directory, the user can delete the files in the directory , regardless of whether the user has write permissions for the file.
5.1 Sticky bit
In order to solve this problem, the Linux operating system introduced the concept of sticky bits.
When a directory is set to the "sticky bit" (using chmod +t), the files in the directory can only be accessed by
一、超级管理员删除
二、该目录的所有者删除
三、该文件的所有者删除Summary about directory permissions
The executable permission -x of the directory indicates whether you can execute commands in the directory.
If the directory does not have -x permissions, you cannot execute any commands on the directory, or even cd into the directory, even if the directory still has -r read permissions. And if the directory has -x permissions,
but does not have -r permissions, the user can execute commands and can cd into the directory . However, since there is no read permission for the directory
, even if you can execute the ls command in the directory, you still do not have permission to read the documents in the directory.