Linux permissions in kind
read
: Readable digital code: 4write
: Writable digital code: 2execute
: Executable digital code: 1
supplement:
- Has
全部权限
are: 7 (4 + 2 + 1) - Has
可读可执行
is: 5 (4 + 1) - Other permissions can be any combination!
Meaning different permissions
Representing a character | Competence | The meaning of the document | Meaning the directory |
---|---|---|---|
r | Read permission | You can view file contents | You can list the contents of a directory |
w | Write permissions | You can modify the contents of the file | Can be created in the directory, delete files |
x | Execute permissions | You can perform file | You can enter the directory |
Linux user classification
- user (ownere) owner
- group-owned group
- other others
Permissions to view the files
- According to the above classification authority and found that a combination of: 3 * 3 = 9 kinds of
- Execute $
ls -l
lists the file list- Such as:
-rw-r--r--
the first-
indicates common file type rw-
Readable representation of the owner, can write, can not execute permissionsr--
Middle three represent your group have read, and write permissions unenforceabler--
The last three represent other people's rights above
- Such as:
User group management commands
groupadd
Add User Groupgroupdel
Deleting User Groups
User management command
useradd
Add user-g
Establishment of a user group-m
Automatically create a home directory (ubuntu) centos created by default
userdel
delete users-r
Deleted along with the home directory
passwd
Modify user password (do not change the password parameter)
Permissions operation command
-
chown jack test.txt
chown
He represents the change owner change owner- The entire command, said: test.txt file owner to modify the jack
-
chgrp group1 test.txt
chgrp
It represents the change group change group- The entire command, said: Modify test.txt file shared by a group group1
-
chmod u+x ./go.sh
chmod
It represents the change mod change the permissions- The entire command, said: go.sh modify the current directory of the file owner permission to add an executable
-
chmod -R 777 /data/www
-R
It is a directory of all files,777
is the high permission (read, write, execute)- Entire command represents: change all file permissions in / data / www directory into a read-write executables
For permission to operate by way of example
1) task
-
Create two teams
- python
- php
-
Create a user assigned to the four above-mentioned two groups
- python: jack mary
- php: lily tom
-
Create a directory
- /data/python
- /data/php
-
Configuring Permissions
- Colleagues python groups allow at / data / python directory work
- Php group of co-workers allowed to work in / data / php directory
2) Operation
-
Operating under root privileges
# 创建两个组 groupadd pyhton groupadd php # 分别在两个组下创建两个用户 useradd -m -g python jack useradd -m -g python mary useradd -m -g php lily useradd -m -g php tom ls /home/ # 查看用户目录 jack joe lily mary tom # 此处是输出信息 # 创建目录 不能一次创建多层目录,如果需要,要加参数 -p mkdir /data/python -p mkdir /data/php cd /data ls php python # 此处是输出信息 # 处理jack用户 passwd jack # 给jack用户设置密码 Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
-
User login jack
# 查看当前目录 pwd /home/jack # 此处是输出信息 # 切换到data目录 cd /data ls -l total 8 # 此处是输出信息 drwxr-xr-x 2 root root 4098 Dec 15 22:00 php # 此处是输出信息 drwxr-xr-x 2 root root 4098 Dec 15 22:00 python # 此处是输出信息 # 目前jack属于other群组,在other群组中的权限是 r-x 可读、可执行 cd python # 因为可执行所以可切换 touch x.py # 尝试创建文件 touch: cannot touch 'x.py': Permission denied # 此处是输出信息 可见提示无法创建,缺少权限(-w 写权限)
-
Currently jack python directory can no longer write, we switch to the root access, transfer python directory to jack
# 在/data目录下 chown jack python/ ls -l total 8 # 此处是输出信息 drwxr-xr-x 2 root root 4096 Dec 15 22:00 php # 此处是输出信息 drwxr-xr-x 2 jack root 4096 Dec 15 22:00 python # 此处是输出信息
-
Verify the permissions are configured successfully, the next user to switch to the jack
touch x.py # 发现这时候已经可以正常创建了
-
The same test mary user, the root user, set a password to mary
passwd mary # 给mary用户设置密码 Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
-
Mary users log on again, and found the same before the jack can not create files in the directory python
# 此时同理mary在刚刚登录时候,在/data/python目录上也是没有写权限的 # 但是我们不能再像给jack权限一样,把目录转让给mary,这样jack会失去权限 # 我们可以考虑将写权限归到小组中去,将mary加入到相应的组中去即可
-
Switch to the root, the process permissions mary
# 在/data目录下操作 将python目录加入到python组中 chgrp python python/ ls -l total 8 # 此处是输出信息 drwxr-xr-x 2 root root 4096 Dec 15 22:00 php # 此处是输出信息 drwxr-xr-x 2 jack python 4096 Dec 15 22:00 python # 此处是输出信息 发现python组是r-x,依然没有写权限 # 给所属组加上可写的权限即可 chmod g+w python/ # 这个命令表示 将python目录给所属组加上写权限; g代表所属组(u代表所有者, o代表其他) + 代表加权限 (- 代表减权限) # 再次查看权限 ls -l total 8 # 此处是输出信息 drwxr-xr-x 2 root root 4096 Dec 15 22:00 php # 此处是输出信息 drwxrwxr-x 2 jack python 4096 Dec 15 22:00 python # 此处是输出信息 发现所属组新增了写权限:rwx
-
Since python assigned to the user group when creating mary, mary switch to the user, this time can be found mary write access to a
# 在python目录下 touch y.py # 此时可以正确创建 # 再次查看 ls -l total 0 -rw-r--r-- 1 jack python 0 Dec 15 22:03 x.py -rw-r--r-- 1 mary python 0 Dec 15 22:06 y.py # mary想要操作jack创建的x.py文件 此时同样是 Permission denied
-
Switch to the root user, we can x.py the group writable files
# 在python目录下 chmod g+x x.py # 此时将x.py文件在组内可写
-
Mary user to switch back and found x.py in the group to write about, not repeat them here.
-
Similarly, in the same manner as the lily, tom add to, the task is completed job done php group!
Easier operation permissions example
-
Switched again to the root user, the root privileges
# 在python目录下 chmod 777 x.py ls -l total 4 # 此处是输出信息 -rwxrwxrwx 1 jack python 30 Dec 15 22:03 x.py # 此处是输出信息 发现 x.py文件在所有组下拥有了全部权限 -rw-r--r-- 1 mary python 0 Dec 15 22:06 y.py # 此处是输出信息 # 再次修改权限, 只给拥有者全部权限,群组和其他无权限 chmod 700 x.py ls -l total 4 # 此处是输出信息 -rwx------ 1 jack python 30 Dec 15 22:03 x.py # 此处是输出信息 发现只有所有者拥有全部权限,群组和其他都没有权限了 -rw-r--r-- 1 mary python 0 Dec 15 22:06 y.py # 此处是输出信息