1: basic rights
(1)-rw-r--r--. 1 root root 24772 1 月 14 18:17 install.log
The first identifies the file type:
"-": ordinary files.
- "b": block device file. This is a special device files, storage devices are of this file, such as the partition file / dev / sda1 is this document.
- "c": character device file. This is also the special device files, input devices are generally such documents, such as a mouse, keyboard, and so on.
- "d": the catalog file. Linux, everything is a file, it is also one kind of directory files.
- "l": soft-linked files.
- "p": the pipe character file. This is a very special device files rare.
- "s": socket file. This is a special device files, some services support Socket access, it will have such a socket file.
2 to 4 represents the owner of the file permissions.
- r: representatives read, read permission. 4
- w: representatives write, write permissions. 2
- x: represents the execute, execute permission is. 1
If there is a letter, on behalf of the authority have corresponding; if it is "-" represents no corresponding rights.
Bit 5 to 7 represents the file permissions of the owning group, also has "rwx" permissions.
8 to 10 permissions on behalf of other people, also has "rwx" permissions.
2 . Basic authority to order
2.1. Chmod chmod [options] mode permissions file name
Digital Rights
4: represents the "r" permissions. rwx = 7
2: represents the "w" permissions.
1: represents the "x" permission.
- u: on behalf of the owner (user).
- g: Representative belonging group (group).
- o: on behalf of someone else (other).
- a: representing the entire identity (all)
644: This is the basic file permissions, on behalf of the owner has read and write permissions, and belongs to the group and others have read-only access.
755: This is the basic directory and execute permissions file permissions, on behalf of the owner has read, write, and execute permissions, and belongs to the group and others have read and execute permissions.
777: This is the greatest privilege. In the actual production server, you should try to avoid giving such file or directory permissions, which can cause some security risks.
2.2. chgrp command
chgrp is to modify the command files and directories belonging group, the basic information is as follows.
Command name: chgrp.
English original intent: change group ownership.
The path: / bin / chgrp.
Execute permissions: All users.
Description: Modify your set of files and directories.
3: The role of basic rights
Role permissions to the file
Read (r): the file has read (r) permission, representatives can read the data file. If the permissions correspond to the command, then once read (r) permission, you can perform cat, more, less, head, tail and other documents on file for file viewing command.
- write (w): file write (w) permission, representatives can modify the data file. If the permissions correspond to the command, then once the file has write (w) permission, you can execute the command vim, echo and other modified file data on the file. Note: There is write access to the file, not delete the file itself, can only modify the data file. If you want to delete a file, you need to have write access to the parent directory of the file.
- execution (x): the file has execute (x) permission, on behalf of the file have execute permissions, you can run. In Linux,
As long as the file has execute (x) permission, this file is executed files. This file is in the end just can not be executed properly,
Not only need to execute (x) permission, but also the code in the file is not the correct language code. For files, execute (x) permission is the highest authority.
Role access to a directory.
- Read (r): has read (r) permission on the directory, you can view the contents on behalf of the directory, which is to see which sub-files and subdirectories have directory. If the permissions correspond to the command, then once the directory has read (r) permission, you can execute the ls command in the directory, view the contents of a directory.
- write (w): directory write (r) permission, representatives can modify the data in the directory, which is in the directory can create, delete, copy, cut sub-file or subdirectory. If the permissions correspond to the command, then once the directory has write (w) permission, you can perform touch, rm, cp, mv command in the directory. For a directory, write (w) permission is the highest authority.
- execution (x): the directory is not running, then the directory has execute (x) permission, representatives can enter the directory. If the permissions correspond to the command, then once the directory has the execute (x) permission, you can execute the command cd to the directory, enter the directory.
4: umask default permissions
11.1: View umask permissions system
[root@localhost ~]# umask
0022
# Umask permission to display octal value
[root@localhost ~]# umask -S
u=rwx,g=rx,o=rx
# Represents the initial permissions for files and directories with letters
11. 2 umask
The file is concerned, the new default file permissions maximum is 666, no execute (x) permission. This is because the execute permissions on the file concerned more dangerous, not given in default when the new file, and must be given through the user manual.
In terms of the directory, the new directory permissions default maximum is 777. This is because for the directory, execute (x) permission to represent only enter the directory, so even if given directly by default create a new file, there is no danger.
The maximum default file permissions only 666, while the value of umask is 022
"-Rw-rw-rw-" subtracting "----- w - w-" equal "-rw-r - r-"
The maximum possible default directory permissions is 777, and the value of umask is 022
"Drwxrwxrwx" subtracting "d ---- w - w-" equal "drwx-r-xr-x"