6.1 change the permissions attributes command
Chmod(change mode)
Chmod file or directory is used to change permission command, but only the file attributes and permissions that have super-user root, chmod two ways to change the file or directory permissions: one is by letters and operator permissions expression of methods, one is to set permissions by using a digital method.
6.1.1 Digital Rights methods
Using digital rights set permissions command format is as follows:
Chmod [combination of numbers] filename
Chmod digital syntax is very simple, a combination of permissions listed in the following table represents the lion, the combination of rights by the three octal numbers to represent a combination of three types of user permissions of files.
Chmod digital representation of the method described:
R |
4 |
W |
2 |
X |
1 |
- |
0 |
Digital rights is a group of notation:
digital rights into a digital array of three bits add up the sum of rights, such as the following example, the case is rw- main authority, the digital rights is 4 + 2 = 6 is a group of rights Yes. r--, 4, or user permissions r- 4, so hanjiali.txt permissions is 644.
E.g:
If we not only want to change the directory permissions, you want to change the file permissions in the directory, so we need to add the parameter -R.
E.g:
6.1.2chmod character permissions representation
Chmod [User Type] [+ | - | =] [Permissions characters] file name, use the following table:
E.g:
6.1.3 Changes file command relationship -Chown
Chown (change owner)
When we want to change the file belongs to a group of users we use it must belong to the group of the file and at the same time is the goal of the group is a member or super-user, only the super user can change the properties of the file.
Chown grammar
Chown [option] ... [Owner] [: [group]] files ...
6.1.4 default permissions assigned command umask
Create a directory, a file, the default file permissions are 755 and 644, and why?
755 and 644 with respect to users and user groups ROOT ROOT is safe, there is no way to write and change the default security watershed.
Ordinary users umask bit 0002
Administrators umask to 0022
The following section from https://blog.51cto.com/oldboy/1060032
Small file permissions computing conclusion:
Create a default maximum file permissions for the 666 (-rw-rw-rw-), no executable files created by default permissions x bits.
For a file, the umask setting is to have permission to be on the octal 666 in assumed files, file permissions is 666 minus the umask (umask each digit can not be more than 6, such as, 077 does not meet the conditions) of cover numerical code; next key content, if some or all the bits of the bit umask is odd, then, for the calculation of the corresponding file permission bits plus an odd number is the final result of each file permissions value.
The default directory permissions to create maximum 777 (-rwx-rwx-rwx) , the directory is created by default owner have x permission allows users to enter.
For a directory, umask setting is carried out on the assumption that the file has octal 777 permissions on the directory permissions octal umask value of 777 minus the mask.
General method of calculation file permissions:
The default file permissions calculation method
1) Suppose a umask: 022 (all bits is an even number)
Starting permission value 666 ==> file
022-- value ==> umask of
---------
6 4 4
2) assuming a umask: 045 (bits other user groups is odd)
Starting permission value 666 ==> file
045-- value ==> umask of
---------
621 ==> calculated permissions. Since the last digit of the umask is 5, so the other user groups plus 1 bit.
0 0 1 +
---------
622 ==> real file permissions
The default directory permissions calculation method
Starting permission value 777 ==> directory
022-- value ==> umask of
---------
7 5 5
Chart specification as follows:
Example one: the umask when all bits are all even, no doubt most readers of this example
[root@oldboy oldboy]# umask
0022 # → umask current value
[Root @ oldboy oldboy] # umask 044 # → Change 044
[root@oldboy oldboy]# umask
0044
[Root @ oldboy oldboy] # mkdir umask_test # → test build directory
[root@oldboy oldboy]# ls -ld umask_test
drwx-wx-wx 2 root root 4096 Nov 12 19:21 umask_test # → 733 corresponding to digital rights, it is not consistent with the above calculation?
[root@oldboy oldboy]# touch umask_test.txt
[root@oldboy oldboy]# ls -l umask_test.txt
-rw - w - w- 1 root root 0 Nov 12 19:21 umask_test.txt # → 622 corresponding to digital rights, is not consistent with the above calculation?
Example Two: the umask part or all of the bit values is odd, this is the largest reader question
When umask while the other is a group of odd bit values
[root@oldboy oldboy]# umask 0023
[Root @ oldboy oldboy] # mkdir dir
[root@oldboy oldboy]# touch file
[root@oldboy oldboy]# ls -l
Total 4
drwxr-xr-- 2 root root 4096 11-15 01:04 dir # → 754 corresponding to digital rights
-rw-r - r-- 1 root root 0 11-15 01:04 file # → 644 corresponding to digital rights
Tip: The calculation method of the foregoing, when umask is 0023, permission dir should be 754, and the file permissions should be 643, but since the other group of bit umask is an odd number, so the final permission plus one other set of bits, i.e., 643 plus 001 (corresponding to the practice of result 644). Note: umask bits do not even number plus one.
Three examples: the umask all bit values is odd
[root@oldboy oldboy]# umask 0551
[root@oldboy oldboy]# umask
0551
umask mask is calculated according to Method 0551: 226 directory permissions, file permissions 115, 226 and the actual file permissions (permission bits three umask is odd, therefore, each bit is correct permissions were added 1)
[root@oldboy oldboy]# mkdir dir5
[root@oldboy oldboy]# touch file5
[root@oldboy oldboy]# ls -l
Total 4
dw - w-rw- 2 root root 4096 11-15 01:27 dir5 # → directory 226 corresponding to digital rights
--w - w-rw- 1 root root 0 11-15 01:27 file5 # → directory 226 corresponding to digital rights
Verification is again one case:
[root@oldboy oldboy]# umask 0333
[root@oldboy oldboy]# umask
0333
umask mask is calculated according to Method 0333: 444 directory permissions, file permissions 333, 444 and the actual file permissions (umask three bits are odd, therefore, each bit is correct permissions were added 1)
[root@oldboy oldboy]# mkdir dir3
[root@oldboy oldboy]# touch file3
[root@oldboy oldboy]# ls -l|grep 3
dr - r - r-- 2 root root 4096 11-15 01:30 dir3 # → directory 444 corresponding to digital rights
-r - r - r-- 1 root root 0 11-15 01:30 file3 # → directory 444 corresponding to digital rights
2 ) by the 8 -ary alphabet symbols calculated (this method may be memory)
Take the above Example 3 verification.
[root@oldboy oldboy]# umask 551
umask value of 551, corresponding permissions to -r-xr-x - x, that is, all files and directories are canceled -r-xr-x permissions in the - x permission.
File permissions: [- rw-rw-rw -] - [- r-xr-x - x] = [- w - w - rw -] = 226 (no x x-bit files, they do not cancelled)
Directory permissions: [-] rwxrwxrwx - [- r-xr-x - x] (x-x have subordinate directory, can be directly canceled) = 226 = [- w - w - - rw]
Continue to take the previous example to verify:
[root@oldboy oldboy]# umask 333
umask value of 333, the corresponding authority to -wx-wx-wx, that is, all files and directories are canceled -wx-wx-wx permissions permissions of.
File permissions: [- rw-rw-rw -] - [- wx-wx-wx] = [- r - r - r -] = 444 (no x x-bit files, they do not cancel)
Directory permissions: [- rwxrwxrwx] - [- wx-wx-wx] = [- r - r - r -] = 444 (there x x bit on a directory, you can directly cancel)
3 ) calculated by the binary method (bad memory is not recommended)
By converting between binary, octal converted into binary calculation.
0022
0 2 2
---------- # → Octal to binary
0 10 10
Description: The octal umask value is converted into binary
6 6 6
------------ # → Octal to binary
110 110 110
Description: The default maximum file permissions octal converted into a binary value
0 10 10 # → umask binary
------------- # → op
110 110 110 # → ACCESS binary file
-------------
000 010 010
------------- # → Converts an octal
0 2 2
Description: The resulting value is 022, then 666 minus 022, then create the file permissions is 644
[root@oldboy oldboy]# umask 551
[root@oldboy oldboy]# umask
0551
5 5 1
------------- # → binary conversion
101 101 001 # → umask binary
------------- # → op
110 110 110 # → ACCESS binary file
-------------
100 100 000
------------- # → Converts an octal
4 4 0
Description: The resulting value is 440, then 666 minus 440, then create the file permissions is 226.