1. What is authority?
We can understand it as a limit on the operating system the user can perform functions established, mainly for users operating constraints made to the system, and the range of content access, or that authority refers to a particular user has specific power system resource usage. *
2. Why have the authority?
Because the system can not exist only a root user, it will certainly there are multiple users, each landing in order to protect the privacy of users and work environment, so there will be a privilege. (Such as sharing the same house three tenants, a tenant to use soap b tenant, and that this thing ??)
3. The relationship between the authority and the user?
hhu In the Linux system, for the identity document defines three, namely the owner (owner), is a group (Group), others (Others), each corresponding to three identity and privileges are read (readable's ), write (writable), executable (excutable).
Users of the resource file, there are three roles ugo, when a user accesses the file process is as follows
(1) determine whether the user is the file owner, if the owner is a privilege press access
(2) to determine whether the user files of all group members, if permission is press group have access
(3) If it is not the owner, nor is the file belongs to the group, press anonymous access permissions
4. The authority rwx What do you mean?
When we use ls -l to view the detailed properties of a file, you can see each file has a 9-bit basic rights, such as:
rwxr-xr-xwhere each character as a set of three, respectively, belong to the limit of sovereignty, is a set of permissions bit anonymous permission bits.linux substantially permission bit is used to represent these nine characters, the main control file owner (the User), is a group (Group), others (Other) *
| letter | meaning | The corresponding authority |
|---|---|---|
| r(read) | Read Permissions | 4 |
| w(write) | Write permissions | 2 |
| x(execute) | Execute permissions | 1 |
| -(Permission denied) | Permission denied | 0 |
PS: If the permission bits readable, not writable, unenforceable, all use - expressed as a placeholder.
2. permissions example
File Example: rwxrw-r-- alice hr file1.txt
Q1: alice has what permissions on the file file1?
Q2: What Jack file1.txt file permissions on the premise:? Jack belonging to the group hr
Q3: tom have to file file1.txt What authority? *
1. Why do you want to set permissions, how we modify the permissions of a file **?
Q1: Why set permissions, assigns a user or group - in what way can - to access a file
Q2: under Linux use the chmod command to change permissions, root user can change the permissions of all files, while ordinary users can only change their own files. *
2. Use the chmod permissions set example
Method 1: ugo
[root@bgx ~]# touch file #创建文件
[root@bgx ~]# chmod a=rwx file #给所有人添加读写执行权限
[root@bgx ~]# chmod a=-rwx file #取消所有的权限
[root@bgx ~]# chmod u=rwx,g=rw,o=- file #属主读写执行,属组读写,其他人无权限
[root@bgx ~]# chmod ug=rwx,o=r file #属主属组读写执行,其他人读权限
[root@bgx ~]# ll file
-rwxrw-r-- 1 root root 0 Apr 13 03:29 file
Second way, number
#选项: -R递归修改
[root@bgx ~]# touch file
[root@bgx ~]# chmod 644 file
[root@bgx ~]# chmod 600 file
[root@bgx ~]# ll file
-rw------- 1 root root 0 Apr 13 03:29 file
#针对目录设定权限
[root@bgx ~]# mkdir dir
[root@bgx ~]# chmod 777 dir/ #修改目录允许所有人访问
[root@bgx ~]# chmod -R 755 dir/ #修改目录及子目录权限
[root@bgx ~]# ll -d dir/
drwxr-xr-x 2 root root 6 Apr 13 03:34 dir/
3. Case permissions
for accessing the directory hr department / home / hr set permissions, requirements are as follows:
staff 1.root hr user and group can read, write, execute
2. Other users do not have any rights
[root@bgx ~]# groupadd hr
[root@bgx ~]# useradd hr01 -G hr
[root@bgx ~]# useradd hr02 -G hr
[root@bgx ~]# mkdir /home/hr
[root@bgx ~]# chgrp hr /home/hr
[root@bgx ~]# chmod 770 /home/hr
[root@bgx ~]# ll -d /home/hr
drwxrwx--- 2 root hr 6 Apr 13 03:26 /home/hr
3. permissions Case
In Linux permissions on files and directories on the impact there is a different distinction.
| Competence | The impact of the document | Impact on the directory |
|---|---|---|
| Read permission (r) | Has read \ read the contents of the file permissions | It has browse directories and subdirectories |
| Write permissions (w) | It has a new, modified contents of the file permissions | It has to add and delete files in the directory |
| Execute permissions (x) | Have permission to execute the file | Content with access directory (depending on directory file permissions) |
File permissions test case:
#1.新建文件,并添加内容至文件中,默认文件匿名用户仅有读权限
[root@xuliangwei ~]# echo "date" > filename
[root@xuliangwei ~]# ll filename
-rw-r--r-- 1 root root 5 Jan 24 08:24 filename
#2.切换bgx普通用户
[root@xuliangwei ~]# su - bgx
#3.对文件拥有读取的权限,但bgx用户对文件没有执行和删除的权限
[bgx@xuliangwei ~]$ cat /root/filename
date
#4.使用root增加x执行权限
[root@xuliangwei ~]# chmod o+x /root/filename
[root@xuliangwei ~]# ll /root/filename
-rw-r--r-x 1 root root 5 Jan 24 08:24 /root/filename
#5.测试x权限是否真的能执行该文件
[bgx@xuliangwei ~]$ /root/filename
Wed Jan 24 08:28:34 EST 2018
#6.增加w执行权限
[root@xuliangwei ~]# chmod o+w /root/filename
[root@xuliangwei ~]# ll /root/filename
-rw-r--rwx 1 root root 5 Jan 24 08:24 /root/filename
#7.测试执行权限
[bgx@xuliangwei ~]$ vim /root/filename
PS: summary of the impact rwx file
Read permission (r) has read \ read the contents of the file permissions
1. Use only view the class command cat, head, tail, less, more
Write permissions (w) have to add, modify contents of the file permissions for
all content 1. Use vim editor will be prompted to refuse permission, but can be forced saving, will overwrite files
2. Use the echo command to redirect the way you can write to the paper the data can be added >>
3. can not delete file, delete the file because the properties are not looking documents, it is necessary to see if the parent directory permissions have w
Execute permissions (x) has the executable file
1. Do what permissions are not
2. If the average user needs to perform file permissions need to meet r
Directory permissions test case:
#示例1: 创建目录,并在该目录下创建文件,匿名用户对目录没有w权限,对文件有777权限
[root@xuliangwei ~]# mkdir /dirname
[root@xuliangwei ~]# echo "test" >> /dirname/filename
[root@xuliangwei ~]# chmod 777 /dirname/filename
#普通用户验证权限,能正常查看,但无法删除[奇怪]
[bgx@xuliangwei ~]$ cat /dirname/filename
test
[bgx@xuliangwei ~]$ rm -f /dirname/filename
rm: cannot remove ‘/dirname/filename’: Permission denied
#示例2: 设置目录777权限,相当于匿名用户对目录有w权限,对文件没有任何权限
[root@xuliangwei ~]# chmod 777 /dirname/
[root@xuliangwei ~]# chmod 000 /dirname/filename
#普通用户验证权限
[bgx@xuliangwei ~]$ cat /dirname/filename
cat: /dirname/filename: Permission denied
[bgx@xuliangwei ~]$ rm -f /dirname/filename
[bgx@xuliangwei ~]$ touch /dirname/filename_2
PS: rwx summarizes the impact of the directory *
Read permission (r), r only if the directory permissions: browse the directory and subdirectories have permission to
1. You can use the ls command to browse the directory and subdirectories, but it will also prompt permission denied
2. Use the ls -l command to browse directories and sub directory, file attributes with a question mark, and can only see the file name
summary: only r directory permissions can only browse only the file name in no other operating authority *
Write permissions (w), if the directory permissions only w: have to add, delete or modify the file name within the directory permissions (permission required x coordinate)
PS: If there is w directory permissions can create files within the directory, delete files (with file authority independent of itself)
can not enter the directory, you can not copy the directory, you can not delete a directory, the directory can not be moved *
Execute permissions (x), x only if the directory permissions
1. Only enter the directory
2. can not browse, copy, move, delete *
Summary and Linux permissions Notes
file r permission to view only to the user, no other operations
file rw privileges can view and edit the contents of the file
file rx permissions, allows you to view and execute files, but you can not modify the file -----> PASS
file rwx permission, to read, to write, to perform, but can not be deleted, because deleting the parent directory permissions need to see there is no w -----> PASS
directory permissions rx, allows you to browse files and subdirectories within the directory, and allows New files within the directory, not allowed to create, delete files and directories
directory wx permissions, can enter the directory, you can delete content, the content can be written, but just can not use a command like ls cat -----> PASS
directory permissions rw, You can see, can write, but can not enter the directory -----> PASS
PS: x file permissions carefully given, w directory permissions give careful.
PS: usually set file permissions are 644, 755 is set directory permissions
PS: Control directory permissions 755, if the average user needs to operate file or folder, the file permissions look *
4. Set the owner is a group
Change the file owner is a group of owners and significance?
For example: I now hand how suite, which wants to sell A room be realized, then I will consider A main housing transfer payments, after the successful transfer A house belonging to a gold master, then the time A house owner gold belongs to the Lord and no longer belongs to me.
How do I change a file in Linux or a resource owner and the group it belongs to, you can use the chown, chgrp command implementation.
chown can set the owner and group, chgrp only set is a group. (So use what you know)
#chown 更改属主以及属组 -R:递归修改
#准备环境,创建文件和目录
[root@bgx ~]# mkdir dir/test1 && touch dir/file
#示例1: 修改所属主为bin
[root@bgx ~]# chown bin dir/
#示例2: 修改所属组为adm
[root@bgx ~]# chown .adm dir/
#示例3: 递归修改目录及目录下的所有文件属主和属组
[root@bgx ~]# chown -R root.root dir/