Linux Command chmod (modify file permissions)

From http://blog.csdn.net/linuxgroup

In Linux, I always encounter a headache because I don't have the permission to modify files. As a newbie, I like "chmod 777-r file directory". As a result, the system crashes.

"

<! -- @ Page {margin: 2 cm} p {margin-bottom: 0.21} -->

ChmodCommand

Purpose

Change the file mode.

Syntax

Use a symbol to change the file type

Chmod [-R] [-H] [-F] [[U] [G] [O] | [A] {-| + | = }[R] [W] [X] [X] [S] [T]} {File... | directory ...}

Use numbers to change the file type

Chmod [-R] [-H] [-F] Permissioncode {file... | directory ...}

Description

ChmodCommand to modify the mode bit and the extended access control table of the specified file or directory (ACL). It can be defined by symbols or numbers (in full mode ).

When you encounter a symbolic link and you do not specify-HFlag,ChmodCommand to change the method of linking to a file or directory, rather than the link itself. If you specify-HFlag, thenChmodCommand to prevent this method from being changed.

If you specify-HLogo and-RFlag,ChmodThe command recursively drops the specified directory in descending order, and does not change the file or directory to which the link points when a symbolic link is encountered.

Flag

-F	Disable all error reports (except invalid permissions and usage statements ).
-H	It is prohibited to change the way the symbolic link points to a file or directory. Note: The mode bit cannot be set on the symbolic link.ChgrpAndChownCommand-HThe behavior of the flag is slightly different.
-R	Recursive descending directory only, as in the patternFile... | directory....-RTo change the path of each directory matching the specified mode and all files. See examples6. When a symbolic link points to a directory, you can change the file path of the directory without traversing the directory.

Symbol Mode

To specify the flag format, you must specify three flag sets.

Note: Do not use spaces to separate the labels.

The First Flag sets the target user or denied the specified permission, as described below:

U	File owner.
G	Inherent groups and extensions of file groupsACL.
O	All other entries.
A	Users, groups, and all other entries.AThe flag is specified togetherUgoThe logo has the same effect. If these labels are not specified, the default value isASign, and apply the file creation mask (Umask).

The second flag set specifies whether to remove, apply, or set the permission:

-	Remove the specified permission.
+	The permission specified by the application.
=	Clear the selected permission field and set it to the specified permission. If you do not specify=Subsequent permission,ChmodCommand to remove all permissions from the selected field.

The third Flag Set specifies the permission to be removed, applied, or set:

r	read permission.
W	write permission.
x	permission for File Execution and permission for Directory Search.
x	if at least one user, group, or other execution bit is set for the current (unmodified) mode bit, the execution file is permitted. If the file parameter is specified and no execution bit is set in the current mode bit, the x flag is ignored. permission to search for directories.
S	If the U flag is specified or hidden, set the user identity permission for execution. If the G flag is specified or hidden, set the group identity permission during execution.
T	for a directory, only the file owner can link or cancel the link to the file in the specified directory. For files, it sets the Save-text attribute.

Number or full Mode

ChmodThe command also allows you to use the octal notation for this method. A number is a summary of one or more of the following values:

4000	Set the user ID for execution.
2000	Set the group ID for execution.
1000	Set link permissions for directories or File SettingsSave-TextAttribute.
0400	Allow the owner to read.
0200	Allow the owner to write data.
0100	Allow the owner to perform or search.
0040	Allow Group read.
0020	Allow group writing.
0010	Allow group execution or search.
0004	Allow others to read.
0002	Allow others to write data.
0001	Allow others to perform or search.

Note:

1.Disable any extension in numeric ModeACL. See 《AIX 5l v5.2System User Guide 『Access Control ListTo obtain more information.

2.Changing access permissions with symbols also affects ExtensionACL. Same as all groups of FilesACLThe Group Entries in deny any permissions removed from the method. Refer 『Access control tableTo obtain more information.

3.You can specify multiple symbols separated by commas. Perform operations from left to right.

4.When you remove the group identity permission for execution from the directory, you must use symbols to specify this method or4Octal characters with zero line spacing (for example0755).

Security

Access control:ProgramIt should be installed as a normal user program in "trusted computing base.

Only the file owner orRootYou can change the file mode.

Exit status

This command returns the following export value:

0	The command has been successfully executed and all request changes have been executed.
> 0	An error occurred.

Example

1.Add the permission type to several files:

Chmod g + W chap1 chap2

This adds the write permission of the group members to the file.Chap1 AndChap2 .

2.You need to make several permission changes immediately:

Chmod go-W + x mydir

This rejects the Creation or Deletion of group members and others.Mydir (Go-W).Mydir Or in the path name (Go + x. This is equivalent to the command sequence:

Chmod g-W mydir

Chmod o-w mydir

Chmod g + x mydir

Chmod o + x mydir

3.To allow only the ownerShellThe procedure is used as a command:

Chmod u = rwx, go = cmd

This authorization file (U = rwx) The owner's permission to read, write, and execute. It also rejects groups and others in any way (Go =) AccessCMD .

IfCMD ShellCommand File Permission, you can run it by entering the following command:

CMD

Note: Depends onPath ShellVariable, you may need to specifyCMD File Path.

4.To use the set identity (Set-ID) Method:

Chmod ug + S cmd

In executionCMD Valid user IDs and group IDs are setCMD File owner. Only change and runCMD The valid identifier of the sub-process Association of the command.ShellThe valid session ID is retained.

This feature allows you to access restricted files. Assume thatCMD  The program enables "set user identity ( Set-user-ID ) Method "and named DBMS  . Actually, the user DBMS Not a single person, but may be associated with the database management system. User Betty  Does not have access to any DBMS  Data File Permission. However, she has CMD  Command permission. When she does this, her valid user ID is temporarily changed DBMS  , So CMD  Programs can access users DBMS  Data files.

In this way, the userBetty AvailableCMD Command to access the data file, but she is not using the standardShellCommands may be destroyed in other places.

5.To useChmodCommand Format:

Chmod 644 plain text

This sets the read and write permissions of the owner and sets the read-only mode for the group and other users. This also removes all extensions that may be associated with files.ACL.

6.Recursively descending directories and changing the file and directory permissions that give the tree structure:

./Dir1/dir2/file1

./Dir1/dir2/file2

./Dir1/file1

Enter the command sequence:

Chmod-r 777 f *

This will change./Dir1/file1.

However, for the following tree structure:

./Dir1/fdir2/file1

./Dir1/fdir2/file2

./Dir1/file3

Command sequence:

Chmod-r 777 f *

The following permissions will be changed:

./Dir1/fdir2

./Dir1/fdir2/file1

./Dir1/fdir2/file2

./Dir1/file3

File

/Usr/bin/chmod

IncludeChmodCommand.

"