Linux file permissions basics of (a)
One of the advantages of Linux is that it has multi-user multi-tasking environment, while providing file sharing but also to ensure the security of user files. Therefore, rights management settings file becomes particularly important.
1. Basic rights
1.1 Permissions explain
[der@Der ~]$ ls -al # List detailed information about all files in the current directory
Finally, more than a file map .bash_logout for example, '' represent hidden files;
| - | rw- | r– | r– | 1 | of the | of the | 18 |
Aug | 8 | 20:06 | .bash_logout |
| file type | Owner permissions | It is a set of permissions | Other human rights |
Connections | File owner | File is a group | File size | Time of last modification | .. | .. | file name |
Representation rights
Method letters R & lt: Read-The> read access; W: write-> write permission; X: excute-> execution right; digital process 4 -> read permission; 2 -> write permissions; . 1 -> execute permission;
.Bash_logout file owner is root, there are rw privileges; is a group (there may be other users in the group) for the root, has read access to; others have r permission; when you create a new user, the user is a set of default user name .
Example: Will testgroup member of this group and others (others) whether to enter the catalog?
| drwxr-xr– 1 test1 testgroup 5238 Jun 19 10:25 groups/ |
A: testgroup groups have the right to perform directory, enter the directory does not have write permissions; and othes user has no enforcement power, can not enter the directory, even if read permissions.
1.2 Permissions Change
Command: chgrp, chown, chmod
Their group to change the file: chgrp
chgrp [OPTION]… GROUP FILE…
[root@Der_Tencent ~]# su - #切换之root用户,root才有更改文件的属性;
[root@Der_Tencent ~]# touch test.txt #用touch创建测试文件
[root@Der_Tencent ~]# ls -al test.txt #列出该文件的详细属性
-rw-r--r-- 1 root root 0 Sep 22 20:27 test.txt #文件的属组为root
[root@Der_Tencent ~]# useradd alice #添加alice用户,默认属组问alice
[root@Der_Tencent ~]# chgrp alice test.txt #更改文件属组为alice
[root@Der_Tencent ~]# ls -l test.txt
-rw-r--r-- 1 root alice 0 Sep 22 20:27 test.txt #文件的属主已改为alice
chmod: change file permissions
MODE representation Weighting notation: u =, g =, o =
[root@Der_Tencent ~]# chown alice test.txt #更改文件的属主为alice
[root@Der_Tencent ~]# ls -l test.txt
-rw-r--r-- 1 alice alice 0 Sep 22 20:27 test.txt #属主已经改为alice
[root@Der_Tencent ~]# chown root:root test.txt #同时更改属主和属组
[root@Der_Tencent ~]# ls -l test.txt
-rw-r--r-- 1 root root 0 Sep 22 20:27 test.txt
chmod: change file permissions
MODE representation
Weighting notation: u (user), g (group) =, o (others) =
[root@Der_Tencent ~]# chmod u=rwx,o=rw test.txt #以逗号隔开选项
[root@Der_Tencent ~]# ls -l test.txt
-rwxr--rw- 1 root root 0 Sep 22 20:27 test.txt
Authorization notation: u +, u-; g +, g-; o +, o-
[root@Der_Tencent ~]# chmod g+w,g-r,o-w test.txt
[root@Der_Tencent ~]# ls -l test.txt #
-rwx-w-r-- 1 root root 0 Sep 22 20:27 test.txt#
Note : Empowering representation overrides other properties, while enabling legislation to change only the specified properties
Digital methods r = 4, w = 2, x = 1
[root@Der_Tencent ~]# chmod 644 test.txt #u=4+2,g=4,o=4
[root@Der_Tencent ~]# ls -l test.txt
-rw-r--r-- 1 root root 0 Sep 22 20:27 test.txt #u读写权限,g读权限,o读权限
Meaning 1.3 permissions on files and directories
To file
r (read): to read the actual contents of this document, there are commands CAT, tail, head; W (Write): can edit, add or modify the content of the file (but without deleting the file), the command Vim, Nano; X (eXecute): this file has permission may be performed by the system, e.g. .sh script file.
Directory
r (read contents in directory): You can view the files in the directory; for example, the ls command w (modify contents of directory): Create a file directory in the directory, delete, rename, move; the X-(Directory Access): can enter the directory;
Note: 1, even if there is a directory rw, no x, can not enter the working directory; 2, the user has permissions to the directory w, w even without permission in the directory files, you can also delete a file, the entire file is deleted;