table of Contents
linux rights management - basic rights
Competence
For certain files and processes, the user restrictions
Relationship with the user's permission
rwx rwx r-x
User Group Other
属主权限 属组权限 其他用户权限
Meaning represented permissions rwx
r具有读取\阅读文件内容权限 具有浏览目录及子目录
w具有新增、修改文件内容的权限 具有增加和删除目录内文件
x具有执行文件的权限 具有访问目录的内容(取决于目录中文件权限)
-没有权限
Classified documents
- regular file
d directory
l soft links
s socket (Socket)
c block device
Permission to modify the command chmod
+ Increase Permissions
- delete permissions
= Set permissions
-R Modify directories and subdirectories rights
#ugo方式
chmod //修改文件目录权限rwx -R级联修改
[root@db04 ~]# touch file
[root@db04 ~]# chmod a=rwx file
[root@db04 ~]# chmod a+rwx file
[root@db04 ~]# ll file
-rwxrwxrwx 1 root root 0 6月 20 23:23 file
[root@db04 ~]# chmod a-rwx file
[root@db04 ~]# chmod a=-rwx file
[root@db04 ~]# ll
总用量 0
---------- 1 root root 0 6月 20 23:23 file
[root@db04 ~]# chmod u+rw,g+r,o+rx file
[root@db04 ~]# ll
总用量 0
-rwxrwxrwx 1 root root 0 6月 20 23:23 file
[root@db04 ~]# chmod u=rwx,g=rw,o=rx file
[root@db04 ~]# ll
总用量 0
-rwxrw-r-x 1 root root 0 6月 20 23:23 file
示例2:
chmod 666 dir/file //修改file文件权限为666
chmod u+rw,g+rw,o+rw
示例3:
chmod -R 766 dir/ //修改目录及子目录权限
File Permissions test case
//默认文件匿名用户仅有读权限
[root@zls ~]# echo "date" >> filename
[root@zls ~]# ll filename
-rw-r--r-- 1 root root 5 Jan 24 08:24 filename
//测试读权限(无法执行或删除)
[root@zls ~]# su - zls
[zls@zls ~]$ cat /root/filename
date
//增加x执行权限
[root@zls ~]# chmod o+x /root/filename
[root@zls ~]# ll /root/filename
-rw-r--r-x 1 root root 5 Jan 24 08:24 /root/filename
//测试执行权限
[zls@zls ~]$ /root/filename
Wed Jan 24 08:28:34 EST 2018
//增加w执行权限
[root@zls ~]# chmod o+w /root/filename
[root@zls ~]# ll /root/filename
-rw-r--rwx 1 root root 5 Jan 24 08:24 /root/filename
//测试执行权限
[zls@zls ~]$ vim /root/filename
The impact of rwx file
Read permission (r)
Only r file permissions: have read \ read the contents of the file permissions
1. class can use the View commandcat、head、tail、less、more
2 can not be copied, can not move, can not be edited, can not be deletedWrite permissions (w)
if the file permissions only w: a new, modified contents of the file permissions
1. Use thevim
edit will be prompted to refuse permission, but can be forced to save, will cover all the contents of the file
2. Use theecho、cat
command redirection or additional weight directional technology can be written to the file data within
3 can not be copied, can not move, can not be deleted (delete permissions need to see the parent directory w)Execute permissions (x)
files only x permissions have permission to execute the file.
// Note: The average user needs to have permission to r, administrators do not need
1 can not be executed, view, edit, copy, move, delete
Directory Permissions test case
实战案例1: 对目录没有w,对文件有rwx
[root@zls ~]# mkdir /dirname
[root@zls ~]# echo "test" >> /dirname/filename
[root@zls ~]# chmod 777 /dirname/filename
[root@zls ~]# ll -d /dirname/
drwxr-xr-x 2 root root 22 Jan 24 08:40 /dirname/
[root@zls ~]# ll -d /dirname/filename
-rwxrwxrwx 1 root root 5 Jan 24 08:41 /dirname/filename
//普通用户验证权限
[zls@zls ~]$ cat /dirname/filename
test
[zls@zls ~]$ rm -f /dirname/filename
rm: cannot remove ‘/dirname/filename’: Permission denied
实战案例2: 对目录有w,对文件没有任何权限
[root@zls ~]# chmod 777 /dirname/
[root@zls ~]# chmod 000 /dirname/filename
[root@zls ~]# ll -d /dirname/
drwxrwxrwx 2 root root 22 Jan 24 08:40 /dirname/
[root@zls ~]# ll -d /dirname/filename
---------- 1 root root 5 Jan 24 08:41 /dirname/filename
file_zls//普通用户验证权限
[zls@zls ~]$ cat /dirname/filename
cat: /dirname/filename: Permission denied
[zls@zls ~]$ rm -f /dirname/filename
[zls@zls ~]$ touch /dirname/filename_
The impact of rwx directory
- Only r directory permissions: browse the directory and subdirectories have permission
1. Use the ls command can browse the directory and subdirectories, and you will be prompted to refuse permission
2. ls -l command can be used to browse the directory and subdirectories, with a question mark will, at the same time only see the file name
summary: only r directory permissions can only file name in the browser, no other operating authority - Write permissions (w)
If the directory permissions only w: have to add, delete or modify the file name within the directory permissions (with the required x)
// Note: If the directory has w permission, you can create files in the directory, delete files (with file authority independent of itself)
can not enter the directory, you can not copy the directory, you can not delete a directory, the directory can not be moved - Execute permissions (x)
directory permissions only x
1 can only enter the directory
2. can not browse, copy, move, delete,
Permissions Summary
Rw file permissions can view and edit the contents of the file
File rx permissions can only view and execute files, not edit, move, delete
Rx directory permissions, allows you to browse files and subdirectories within the directory, and allowing new files in the directory, not allowed to create, delete, files and directories
Precautions
File: x careful to give permission, it is recommended to confer r or rw
Directory: w given careful permission, no recommended special needs can be given rx
Owner is a group modify command chown
chown //更改属主以及属组 -R:递归修改
mkdir dir //创建目录
touch dir/file_test //创建文件
mkdir dir/dir_test //创建目录
示例1:
chown bin dir/ //修改所属主为bin
ll -d dir/ //检查属主
drwxr-xr-x 2 bin root 4096 7月 22 00:50 dir/
示例2:
chown .adm dir/ //修改所属组为adm
ll -d dir/ //检查属组
drwxr-xr-x 2 bin adm 4096 7月 22 00:50 dir/
示例3:
chown -R root.root dir/ //递归修改目录及目录下的所有文件属主和属组
Note: .adm bin compulsory already exists