A simple analysis of Linux permissions __linux

Source: Internet
Author: User
Tags chmod parent directory readable file permissions

First, what is the authority
Permission (privilege) refers to a specific user with a specific system resource usage power. To give a simple example, summer heat, you see the roadside to sell watermelon, you want to eat watermelon, you have to buy it, buy it is actually to get your permission to use watermelon, buy it, you can eat.

Second, the Linux file permissions
The Linux file permissions main body now two aspects, the file visitor is the document thing attribute.
1. File Visitor
A) owner of the file and file directory: U-user
b) Users of the group where the files and file directories are owned: G-group
c) Other users: O-others

2, the document attributes (permissions)
1) General Permissions
A) Read (R/4): Read for a file, with the right to read the contents of the file, for the directory, with the right to browse the directory information
b) Writing (W/2): Write to the file, have the right to modify the contents of the file;
Directory with permission to delete files in a mobile directory
c) Execution Line (X/1): Execute has permission to execute the file for the file;
Permission to enter a directory for a directory
Note: here R, W, X and 4, 2, 1 represent the character representation of file permissions and the 8-way notation respectively.
2) Special Permissions
A) (S/4) can only be applied to executable files, allowing arbitrary users in the execution text
is executed as a file owner
b) Sgid (S/2) can only be applied to executable files so that any user can perform
When the file is executed, it is executed as a member of the group
c) Sticky bit (T/1) can only be applied to directory files, will enable users to hold in the directory
When a row is deleted, you can only delete objects that you have already owned

Here is an example to see the permissions of the file specifically:

Note: The file information displayed with ll command, from left to right are file types and permissions, number of links (hard link, that refers to the number of references to the file), file owner, file group, file size, file creation time, file name

The contents of the red box correspond to the three file's permission values (./Represents the current directory, ...). /represents the parent directory, both of which are hidden files.
Take the file's permissions, red boxes come in altogether 10 characters, the first represents the type of file, followed by each of the three groups representing the owner of the file, user groups, other users have permissions.
First look at the first character, is '-', to represent the file is a normal file (d is a directory file, about the file classification here is not too much explanation).
The next three characters, "rw-", represent the permissions that the owner of the file has, the "R" table owner has read permission, and ' W ' has writable permission on behalf of the owner, '-' which does not have executable permissions on behalf of the owner.
The next three characters, "rw-", represent the permissions that belong to the group to which the owner of the file belongs, the group that owns the "R" table has read permissions, and ' W ' represents the group that owns the writable permission, '-' which does not have executable permissions on behalf of the owning group.
The last three characters, "R –", represent the permissions that other users of the file have, and the "R" table has Read permission for other users, '-' on behalf of other users who do not have writable permission, '-' on behalf of other users do not have executable permissions.

Third, the file permission setting method
Parameters:
R-> permissions to recursively modify directory files
V-> display Instruction execution process
Note: The parameters mentioned below refer to these parameters.
1, chmod command Set permission value
Command format: chmod [parameters] permission file name
Note: Only the owner and root of the file can change the permissions of the file

1) Permission character modification
A) User identifier:
U: Owned by
G: Owners in the same group with users
O: Other users
A: All Users
b) User identifier +/-= permission character
+: Add permissions to the permission range that are represented by the permission character
-: Permission expressed to the permission range cancellation character
=: Permissions given to permission-range characters
Cases:

The original file's permission value is "rw-rw-r–", after modification, the permission value changed to "rwxr–rw-", that is to add the owner's ' x '-> executable permissions, reduce the user group's ' W '-> writable permission, increased the other user's ' W '-> writable permission, And you can see that the file becomes an executable file.

2 The 8 value of the permission to modify the way
The file's readable, writable, executable permissions corresponding to the permission values are 4, 2, 1,0 means that no permissions, then the file's permission value and file permissions have the following relationship:
0-> does not have any authority--
1-> has executable permissions---X
2-> has writable permissions-w-
3-> has writable, executable permissions-wx
4-> with readable permission R-
5-> has readable, executable permissions R-x
6-> has readable, writable permissions rw-
7-> has full permissions rwx
Cases:

Before the modification, the filename file's permission value is "rwxr–rw-", after the modification, the permission value changes to "rw-rw-r–", namely reduced the owner's ' x '-> executable permission, increased the user group's ' W '-> writable permission, reduced the other user's ' W '-> Writable permissions, and you can clearly see that the file has become an executable file from executables.

3), example weighting method
Format: chmod–reference reference target reference reference's permission value to set Target's permissions
Cases:

You can see that I first set the permissions for file and file1 respectively to "rw-rw-r–" and "----", and then executed the command chmod--reference file1 file,file permissions became the same as file1, equivalent to the file complex File1 permissions are made.
Note: Because continuous '-' will become a long horizontal line, there is a space between '-' and '-'.

2) Chown
Features: Modifying the owner of a file
Format: chown [parameter] Username file name
Cases:

After executing the command, the owner of the file becomes root.
Note: Because you want to modify the owner of the file as root, you must first enter root (superuser) mode.

3) Chgrp
Function: Modify the group to which the file or directory belongs
Format: chgrp [parameters] user group name file name
Parameters:-R recursively modifies a file or directory's owning group
Cases:

When the command is executed, the file's owning group becomes root.

4) Umask
Function: View or modify a file mask
New file default permissions: 0666
New directory default permissions: 0777
Format: Umask permission value modify File mask value
Description
When you subtract a permission mask from the default permissions, you can generate preset permissions when the file is created.
Note: The default permissions are subtracted if they have the appropriate permissions in the permission mask.
The Super User default mask value is 0022, and the normal user defaults to 0002.
Cases:

In this case, in root user mode, so umask view the permission mask as 0022 (writable permissions for the group and other users) and create a new file, because the default permissions are 0666 (the owner, the owning group, and other users ' readable, writable permissions), including 0022, So here's 0666. To subtract 0022, the final permission value is 0644, and then modify the permission mask 0444 (the owner, the owning group, and other users ' readable permissions) to see that the modification was successful, at which point a new file file1 is created because the default permissions are 0666, including 0444, So here's 0666. To subtract 0444, the final permission value is 0222.

Why does it have to be said to contain it. Because the final permission for a file is not simply to subtract the permission mask directly from the default permissions, subtraction is only done when the default permissions and mask permissions have the same permissions.
Such as:

Modify the permission mask to 0111 (owner, executable permissions of the owning group and other users, the default permissions are 0666 (readable and writable by the owner, group and other users), according to the previous idea, the final permission value should be 0555, but you can see at this time the permission value is 0666, That is, they do not subtract. This is because the default permission is 0666, which does not contain 0111.

The user's permissions are summed up here. Let's take a look at the effects of directory permissions on some operations of the directory.
Iv. the effect of directory permissions on operations

To verify the result, first modify the permission value of the created directory dir to 000, you can see that this is not access to the directory, then modify the Dir permission value of 100, you can see access to the directory, it is necessary to enter the directory is the owner of the executable rights, at this time in the directory to create files, insufficient permissions, Then modify the Dir permission value of 300 (why not 200?). Because the directory executable permissions are required to enter the directory, and want to create files in the directory must first enter the directory, so the scope of the modified here is 100,300,500,700, you can see in the directory to create files love you and delete files, but using the LS command does not have permissions, The permission to continue to modify Dir is 500, enter the directory, you can see the commands in the LS command cluster can be used.
Summary:
1, Access directory requires the execution of directory permissions
2, in the directory to create files, the directory needs to execute permissions and Write permissions (first access to the directory)
3, in the directory to delete files, the directory needs to execute permissions and Write permissions
4, You want to use the LS command cluster under the directory to require permission to execute and Read permissions for the directory
Note: Here to remember that entering a directory requires executable permissions for the directory, not read permissions.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.