Brother Bird's Linux private cuisine Learning-(vii) changing file attributes and Permissions

Source: Internet
Author: User
Tags file permissions

1.Linux the importance of file permissions

Unlike Windows systems, every file in a Linux system has a lot more attributes coming in, especially the concept of a group, so what's the use of it? In fact, the biggest use is in the "Data security" above.

    • Features of System Protection:
      As a simple example, in your system, the file about the system service is usually only root to read or write, such as the /etc/shadow account management file, because it records all the accounts in your system data, it is a very important configuration file, Of course you can't let anyone read it (otherwise the password will be stolen), only root can read it! So the permissions on the file will become [-RW-------]!

    • The ability of a team to develop software or data sharing:
      Also, if you have a software development team, in your team, you want everyone to be able to use the files in some directory, not the others who are not your team? In the above example, Testgroup's team has three people, namely Test1, Test2, test3, then I can set the required file permissions for the team as [-rwxrwx---] to provide Testgroup's work team to use!

    • Hazards that do not set permissions properly:
      For example, if your directory permissions are not being done, it could cause everyone else to mess up on your system! For example, only root can do the switch machine, ADSL dial-up program, add or delete users, and so on, if you change to anyone can execute, then if the user accidentally to you restart! Re-dial the connection! Wait a minute! Then your system will not be often inexplicably hanging off! And in case your user's password is obtained by other unknown people, as long as he logged into your system can easily perform some root work!

It's scary! Therefore, before you modify the properties of your Linux files and directories, be sure to figure out what data is mutable and what is immutable! Please be careful! Let's take a look at the changes in file properties and permissions now!

2. How to change file properties and Permissions

Several directives that are often used to modify the permissions of groups, owners, and various identities, as follows:

  CHGRP: Change file Maintenance Group

Chown: Changing the file owner

chmod: Features that change file permissions, SUID, SGID, Sbit, and so on

2.1 chgrp: Change file Maintenance Group

Chgrp=change Group

Note: The group name to be changed must exist within the/etc/group file, otherwise an error will be displayed!

2.2 Chown: Change file Owner

Chown=change owner

2.3 chmod: Features that change file permissions, SUID, SGID, Sbit, and so on

There are two ways to set permissions, and you can use numbers or symbols to change permissions.

Number types Change file permissions:

Linux file basic permissions there are nine, respectively, owner/group/others three kinds of identities have their own Read/write/execute permissions, first review the data just mentioned above: The file's permission character: "- Rwxrwxrwx ", these nine permissions are three three groups! Where we can use numbers to represent individual permissions, the scores for each permission are as follows:

R:4
W:2
X:1

Each identity (Owner/group/others) 's respective three permission (R/W/X) scores are cumulative, such as when the permission is: [-rwxrwx---] score:

owner = rwx = 4+2+1 = 7
Group = RWX = 4+2+1 = 7
others=---= 0+0+0 = 0

So wait a minute. When we set the permission change, the permission number of the file is 770! The syntax for the Change permission directive chmod is this:

From the previous introduction, we can find that basically nine permissions are (1) User (2) group (3) Others three kinds of identities! Then we can represent three kinds of identities by u, G, O! In addition, a represents all and all identity! Then the permission to read and write can be written as R, W, x! That is, you can see it in the following way:

chmod U
G
O
A
+ (Join)
-(remove)
= (set)
R
W
X
File or directory


Let's do it! If we want to "set" the permissions of a file as "-rwxr-xr-x", it is basically:

    • User (U): Has readable, writable, executable permissions;
    • Group and others (G/O): Have read and Execute permissions.


So it is:

chmod  u=rwx,go=Rx  . bashrc# Pay attention! The U=rwx,go=ls -al bashrc-rwxr-xr-x  1395 Jul  4  One: BASHRC.

So what if it's a privilege like "-rwxr-xr--"? You can use " chmod u=rwx,g=rx,o=r filename" to set it. Also, if I do not know the original file attributes, and I only want to increase the. BASHRC per-person writable permission for this file, then I can use:

ls -al. bashrc-rwxr-xr-x  1395 Jul  4each:  chmod  A +w  ls -al bashrc-rwxrwxrwx  1395 Jul  4 One: BASHRC.

And if you want to remove permissions without having to change other existing permissions? For example, to take out the executable permissions of all people:

chmod  A-  xls -al. bashrc-rw-rw-rw-  1395 Jul  4 One: BASHRC.

Do you know the difference between +,-, =? That's right! + and – as long as the item is not specified, the permission "will not be changed", for example in the example above, because only-take out X then the other two keep the value of the time unchanged! Make a lot of work and you'll know how to change your authority. This is very useful under certain circumstances ~ For example, you want to teach a friend how to make a program can have permission to execute, but you do not know the original permissions of the file, at this time, the use of "chmod a+x filename", you can let the program have the permission to execute. Is it convenient?

Brother Bird's Linux private cuisine Learning-(vii) changing file attributes and Permissions

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.