Three, Linux file permissions
First, let's look at the contents of files in the current directory bar
ls -l file list view in the current directory
ls -l xxx.xxx (xxx.xxx file name) to view the specified file
We can see the file permissions, -rw-rw-r--, a total of 10 digits.
Wherein: the front - represents the type (detailed map as shown below)
the intermediate is represented by the three rw- owner (user)
and represent the three rw- group (group)
that last three r-- behalf of other people (other)
then I'll explain later that 9 digits:
r indicates that the document can be read (the read)
w indicates that the file can be written (the write)
the X-file representation can be executed (if it is program, then)
- indicates that the corresponding permission has not been granted
File and folder permissions to operate:
Permissions shorthand for the role of an ordinary file folder on the role of
reading r view the file contents lists the files in a folder (ls)
writes w modify the contents of deleted files in the folder, add or rename the file (folder)
to perform x file folders can be executed as a program to cd
illustration:
One thing to note is that a directory has both read and execute permission before they can open and view files inside, and a directory have write permissions are allowed to create other files in them, because the directory file holds the actual directory inside a list of files and other information.
supplement:
Special permissions SUID, SGID, Sticky
in linux system, there are three user identity independent of the three file permissions attributes. That SUID, SGID and Sticky.
SUID (Set User ID, 4) :
This attribute is only valid file has execute permissions on the directory is invalid. The implementation of the program has SUID permissions, the owner of the process is triggered by the owner of the program file, rather than the user starts the program (unless the two are the same person). For example, if the owner is a program and having a SUID root attribute, a normal user program is executed, the program performs the same as the root. (Please note that this property of the Shell script is invalid) the property for a number of special programs (such as lpr) start to bring the convenience. But sometimes it has security implications: such a program has SUID attribute If you run a shell at the time of execution, whereby the user can get the highest authority of the system. S represents SUID available, such as:
$ LS -l / usr / bin / the passwd
-rwsr XR-47032-X. 1 the root On Feb 16, 2014 the root / usr / bin / the passwd
SGID (Set Group ID, 4) :
For executable files, SGID and SUID Similarly, all of the group process is triggered by the group program file belongs. For a directory, SGID property belongs to the group will file a new directory with the same directory. S represents SGID also be used, such as:
$ LS -l / var
drwxrwsr the root-X 2 On Apr 10, 2014 4096 Staff local
drwxrwxr-X. 4 On Apr 15 19:57 4096 the root log the syslog
Sticky,. 1:
only valid directory. File or directory in the directory with a sticky properties of its owner can be deleted or renamed. Often create such a directory using the sticky attribute: Group Users can create new files in this directory, modify the contents of the file, but only the owner can file their own files deleted or renamed. The / tmp file system folders. In the attribute string, generally indicated by t.
LS the -l $ /
drwxrwxrwt 8 root root 4096 Apr 4 23:57 tmp
Modify file and folder corresponding to the user's operating authority
if you do not want to have their own file is read other users, write, execute, then we need to make changes to the file permissions, there are two ways:
One way: binary digital representation
Three sets of permissions for each file:
u behalf of the owner (user)
group (group) g behalf of the owner where
o behalf of someone else, but not u and G (OTHER)
A representative of all the people, that is included u, g and o
according to the figure, wherein: rwx may be replaced with a digital
R & lt ------------. 4
W 2 -----------
X ------ 1 ------
-------------- 0
When we all understand the above things, then our common following some jurisdictions it is easy to understand the:
-rw ------- (600) Only the owner has read and write permissions
-rw- r - r-- (644) only the owner has read and write permissions, group and others have only read permissions
-rwx ------ (700) only the owner has read, write, execute permissions
-rwxr-xr-x (755) only the owner has read, write, and execute permissions, group and others have only read and execute permissions
-rwx - x - x (711) only the owner read, write, and execute permissions, rights groups and others have only performed
-rw-rw-rw- (666) everyone has read and write permissions
-rwxrwxrwx (777) everyone has read, write and execute competence
Actual operation
Check the permissions of the test, is the owner has read, write, and execute permissions:
Then add some content to the file, change the permissions under (700: -rwx ------), and try to read the file in shiyanlou (owner) can read.
Other users to replace Peter, and then try to read the following figure, the display is enough authority, it can not be read.
Second way: addition and subtraction assignment operator
u behalf of the owner (user)
group (group) g behalf of the owner where
o behalf of someone else, but not u and G (OTHER)
A representative of all the people, that is including u, g and o
+ And - indicate an increase and removing the appropriate permissions. + Numbers generally do not show (beginners to practice hand I would add)
Enter in a terminal:
chmod + w O xxx.xxx
chmod OW xxx.xxx expressed to others xxx.xxx grant write access to this file
chmod go-rw xxx.xxx means to delete xxx.xxx in the group and others read and write permissions
chmod ug-r xxx.xxx
Owner modify the file or folder / group belongs
use the chown command to change ownership (owner / group) directory or file
Note: Here that intermittent, will complement after learning the next content (user / group CRUD)
Files and directories can not only change the permissions, ownership and user group can modify, and set permissions Similarly, the user can set through a graphical interface, or execute the chown command to modify.
Let's take a look at the implementation of directory ls -l situation:
You can see the user group test file is root, the owner is root.
Execute the following command, the transfer of ownership to the user peter figure above test files:
# chown peter test
To change the owning group, will test files from root group to the group Peter, you can use the following command:
# chown: peter test
Change users and groups, together belong
to the owner of the folder or file modified to test shiyanlou, belongs to the group of modified shiyanlou, as shown below:
----------------
Disclaimer: This article is the original article CSDN blogger "Little Han Dian", and follow CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source and link this statement.
Original link: https: //blog.csdn.net/zbj18314469395/article/details/79884857
