43. Linux Shell Command, chmod

1. Description

Change File Access Permissions

Chmod [Option]... mode [, mode]... file...

The full numeric permission is 4 digits. However, in general, only three digits are included, which indicates the "last three digits" permission setting.

The first digit represents the particularity of an archive or directory. 4 stands for "SUID; 2 stands for" SGID "; 1 stands for" dip lag element-save text image"

2. Usage

1) Set-group-ID (SGID)

Make the process have access permissions to the group in which it is located. S, S

(1) setuid

Usage: chmod U + S xxx

This command is used for files. After the file has the permission, no matter who executes the fileProgramAll have the permissions of the file owner.

(2) setgid

This command is used for directories. When a directory has this permission, no matter which user creates a file in the directory has the same group as the directory. For example, group shared directory.

Usage: chmod g + S xxx

-RW-r -- 1 Root 2682 Sep 26 04:25 col1.man

2) sticky

Ensure that unauthorized users cannot delete or rename files of other users in a directory, unless they are the owner or root. T, T

They only occupy the position of X.

Enable in lower case and disable in upper case.

Used for directoryAfter the directory has this permission, the files in the directory can only be deleted by the root and file owner, even if the directory has the O + W permission. This prevents one user from deleting another user's files in a group.

Chmod + T xxx

3. Example

1) chmod-s PR

2) chmod + S PR

3) drwxrwxrwt 26 Root 4096 Sep 27 23:52 TMP

4) chown-r JOHN: build/tmp/src

Change the owner and group of all files in the/tmp/src directory to user John and group build

-R recursively changes the owner of all subdirectories and files under a specified directory.

-V: displays the work done by the CHOWN command.

4. File immutable attributes

This command is used for files. If this attribute is set, even the root user cannot delete the file until the attribute is canceled.

Usage: chattr + I xxx

You can use lsattr to view this attribute of a file.

5. Directory is also a document

1) The read and write permissions on the directory are different from those of common documents:

①Read: users can read documents in the directory.

②Write: it does not work independently. You can add or delete documents in a directory with execution permissions.

③Run: the user can access the Directory and call the information in the directory.

In addition to the read and write permissions, ext2 and ext3 file systems also support special permissions for the forced bit (setuid and setgid) and adventure bit (sticky.

For U, G, O, set UID, set GID, and sticky respectively.

2) Add the force bit and adventure bit to the execution permission. If the execution permission already exists at this location, the Force bit and adventure bit are expressed in lowercase letters. Otherwise, they are expressed in uppercase letters.

3) by default, documents created by the user belong to the current group of the user. Setgid is configured on the directory, indicating that any document created in this directory will belong to the directory group.

4) by default, if a directory has W and X permissions, anyone can create and delete documents in this directory. Once an adventure bit (t) is configured on the directory, only the document owner, directory owner, and system administrator can delete the document.

5) by default, a user executes a command and runs the process as the user. If the s force bit is set, the user can execute the command to run the process as the owner or group of the command document.

6) to delete a document, you do not have to have the write permission for this document, but you must have the write permission for the document's parent directory. That is to say, even if you do not have the write permission for a document, but you have the write permission for the parent directory of this document, you can also delete this document. If you do not have the write permission for a directory, you cannot create a document in this directory.

Sticky can be used to enable a directory to allow any user to write documents and Prevent Users From deleting others' documents in this directory. Stciky is generally used only on directories and does not play any role in documents. 

7)-WX permission is a combination of permissions. For a directory, the user can create or delete files in it.

8) whether the files in the directory can be moved, deleted, renamed, or other operations depends on the permissions of the upper-level directories. The files here refer to not only common files, but also directory files, that is, subdirectories of directories.

9) operations on the file content generally refer to modifying the file content. To operate the file content, first the directory must have the X permission, and then the file must have the W permission.

10) a directory is also a type of file, which mainly includes two aspects of information. The file name under the directory corresponds to the inode Number of the file, and there is a one-to-one relationship between them. However, the directory files are special and cannot be read or written using conventional methods. You must use dedicated commands of the system to perform operations. The LS command is actually used to read the directory files. The MV command and RM command are used to write the directory files.

11) the RW permission in the file is limited only for the content of the current file.The file name does not belong to the content of the current file. It is stored in the contents of the directory file at the upper level. The directory regards all the file names under it as its content.Renaming and deleting operations are classified as operationsCompositionDirectory to manage.

Reference

[1] basic usage

Http://blog.163.com/zhoumhan_0351/blog/static/39954227201052022340825/

[2]Http://linux.vbird.org/linux_basic/0210filepermission.php

[3] I spoke very clearly about CHMOD and conducted several experiments.

Http://www.360doc.com/content/11/0928/10/5407405_151806974.shtml

[4]Http://blog.csdn.net/xuhuojun/article/details/2028118

[5]Http: // 120.116.67.1/b2evolution/blogs/blog1.php/2011/03/20/S-T

[6]Http://my.oschina.net/alphajay/blog/28808