A brief discussion on Linux file directory permissions

1. Three kinds of basic rights
(1) r (read) read

For the directory, the Read (r) permission represents the ability to have a list of this directory function, that is, you can perform the LS command to view, plus the function of CP.
For files, the read (r) permission represents the ability to read the file and to view the contents of the file through commands such as Cat.

(2) W (write) write
For the directory, write (w) permissions represent the creation of files and directories in this directory, you can create files and directories through commands such as Touch,mkdir, and you can delete files in this directory.
For a file, the Write (W) permission represents the ability to write new content and modify the contents of the file.

(3) x (execute) execution
For the directory, there is the Execute (X) permission to enter this directory, using the CD and other commands to enter this directory
For a file, the Execute (X) permission represents the ability to execute the file.

Examples:
(4) What permissions do I need to copy files to the directory?
-----Copy files to the directory, you need to write data to the directory, so you need to write permission to this directory (W), the other action is a process of execution, so you also need to have execute (x) permission on this directory.

(5) Under what circumstances can delete files or directories
-----can not delete the file and its own permissions and Owner,group Independent, can delete the need to look at its previous level of directory permissions, that is, the current user to the previous level of the directory has write (W) and execute (x) permissions, it is possible to delete files or subdirectories in this directory
Is it possible to delete a directory that requires
1, if it is an empty directory, as long as its superiors have write (W) and execute (x) permission, you can delete
2, if the non-empty directory, then the current user to the directory including the parent directory, its own directory and all subdirectories have write (W) and execute (x) permissions, can be deleted unless empty directory.

(6) When will the mandatory save option appear? When can I be forced to save and when not?
Only when the user does not have the Write permission to the file, only then will appear to you to use when saves! The option to force the save, for example, the parent directory has no write permission to user1, the file in the directory does not have write permission to User1, then User1 cannot force the file to be saved (--but this file belongs to other users. Can not be forced to save, if this file is belonging to User1, files and directories do not have write permissions, it is also possible to force the Save)

If you change the parent directory to User1 have write permission, even if the directory of the file to User1 does not have write permission, User1 can also force save this file, and save, the owner and the group will become User1, this situation is more chaotic (especially the case of the file server), So the directory is generally the default permission is 755, to avoid other than the directory owner can write

--Summary:
(1) Only when the user does not have write permission to the file, it will appear in the save when you want to use! Force Save options
(2) You are the owner of the file, and you can force the save regardless of the permissions to the parent directory or the file itself.
(3) You are not the owner of the file, you have write permission to the parent directory, you can force the save, and after the mandatory save, the owner and group changed to be your own user.

2, the special bit causes the permission change generally has the following two kinds
(1) privilege bit (s)
setuid s bit in first three digits
Setgid s bit in middle three bit
The privilege bit is valid only for the file, and can only be added in the first three bits and the middle three bits of the permission bit; When an executable file has the S bit and the first three bits, when another user executes the file, the permission is the master permission of the executable file, and if an executable file has the S bit and in the middle three bits, When someone else's user comes to execute this file, the permissions that are used by this executable are the permissions of the group
[Email protected] test]# Ll/etc/shadow
-R--------1 root root 1425 Mar 7 16:42/etc/shadow
[Email protected] test]# LL/USR/BIN/PASSWD
-rwsr-xr-x 1 root root 22960 Jul 2006/usr/bin/passwd
--Through the above permissions, the ordinary user to change the password using passwd can change their password, but the password is stored in the/etc/shadow, that is, the normal user to/etc/shadow not write permission, but passwd executable file of the first three bits have s bit, So it is common to use root permissions when calling passswd.

(2) Paste position (t)
When a directory is shared with other users and the user can upload files and delete files, but only to delete their own files, then you must use the sticky bit (t), especially in the/tmp directory. Valid only for catalogs.
There is a directory of T-bit, any user can create files and directories in the case of permission, even if you have permission to delete other people's files or directories can not be deleted, at the same time can not force each other to save changes, you can only delete the directory you created for some shared upload file server occasions
[Email protected] test]# ll-ld/tmp/
DRWXRWXRWT. 12288 root root 20:26/tmp/

--s and T-bits are occupied x-bit, then whether there is X-position, mainly to look at the case of s or T to distinguish;
Uppercase, indicating no execute permission x bit
lowercase, indicating that there is an execution permission X-bit

3, Hidden attribute permissions--
I permissions, files with I permission cannot be deleted, modified, renamed, etc.
command to view hidden permissions and modify hidden permissions have the following command
Lsattr--listfile attributes on a Linux second extended file system
Chattr--change file Attributeson a Linux second extended file system

[Email protected]/]# Lsattr/etc/shadow
-------------/etc/shadow
[[email protected]/]# chattr +i/etc/shadow---Add i permissions
[[email protected]/]# Lsattr/etc/shadow--With I permissions, this file can not be changed, the root user can not
----I--------/etc/shadow

4. Modify permissions, commonly used commands
(1) chmod--change file access permissions
(2) Chown--change file owner and group
(3) Chgrp--change Group

Recommended reading:

Linux ACL Permissions planning: Getfacl,setfacl using http://www.linuxidc.com/Linux/2013-07/88049.htm

Linux privilege Supplement: RWT RWT RWS RWS Special Privileges http://www.linuxidc.com/Linux/2013-07/87537.htm

Linux User and user group permissions http://www.linuxidc.com/Linux/2013-05/84980.htm

Linux file directory permissions about