CentOS Learning Notes-The concept of file permissions

Source: Internet
Author: User
Tags comparison table

Linux file permissions concept
When "Permission deny" appears on your screen, don't worry, "It must be the wrong permission setting"! (The following excerpts are selected from Bird Brother's Linux Private Room Chapter 6, Linux File Permissions and Directory Configuration 2. Linux File Permission Concept)

Linux file attributes
After you log in to Linux as root, issue "ls -al" to see, you will see a few dongs below:

[[email protected] ~] # ls -al
total 64
dr-xr-x ---. 2 root root 4096 Dec 18 09:28.
dr-xr-xr-x. 22 root root 4096 Nov 14 16:08 ..
-rw -------. 1 root root 1098 Nov 3 19:57 anaconda-ks.cfg
-rw -------. 1 root root 12288 Dec 18 09:28 .anaconda-ks.cfg.swp
-rw -------. 1 root root 1517 Dec 18 10:36 .bash_history
-rw-r--r--. 1 root root 18 May 20 2009 .bash_logout
-rw-r--r--. 1 root root 176 May 20 2009 .bash_profile
-rw-r--r--. 1 root root 176 Sep 23 2004 .bashrc
-rw-r--r--. 1 root root 100 Sep 23 2004 .cshrc
-rw-r--r--. 1 root root 8726 Nov 3 19:57 install.log
-rw-r--r--. 1 root root 3190 Nov 3 19:56 install.log.syslog
-rw-r--r--. 1 root root 129 Dec 4 2004 .tcshrc
[1] [2] [3] [4] [5] [6] [7]
[Permission] [Connect] [Owner] [Group] [File Size] [Modified Date] [File]
The first column represents the type and permission of this file:
The first character indicates that the file is "directory, file or linked file, etc.":
When it is [d], it is a directory, for example, the line named "." In the table above;
When it is [-], it is a file, for example, the line named "install.log" in the table above;
If it is [l], it means link file.
If it is [b], it means that it can be stored as an interface device (random access device) in the device file;
If it is [c], it means that it is a serial port device in the device file, such as a keyboard and a mouse (one-time reading device)
The following characters are in groups of three, and are all combinations of the three parameters of "rwx". Among them, [r] stands for read, [w] stands for write, and [x] stands for executable. It should be noted that the position of these three permissions will not change, if there is no permission, there will be a minus sign [-] only.
The first group is "authority of the file owner". Take the file "install.log" as an example, the owner of the file can read and write, but cannot execute it
The second group is "authority of the same group";
The third group is "other permissions not in this group".
The second column indicates how many file names are linked to this node (i-node):
The third column indicates the "owner account" of this file (or directory)
The fourth column indicates the group to which this document belongs
The fifth column is the capacity of this file, the default unit is bytes;
The sixth column is the file creation date or the latest modification date of this file:
The seventh column is the file name of this file.
This field is the file name. What is special is that if there is an extra "." Before the file name, it means that the file is "hidden file".
How to change file attributes and permissions
The instructions commonly used to modify the permissions of groups, owners, and various identities are as follows:

chgrp: change the group to which the file belongs
chown: change the file owner
chmod: change file permissions, SUID, SGID, SBIT, etc.
Change the group, chgrp
Changing the group of a file is really simple, just change it with chgrp, eh! This command is the abbreviation of change group! This is easy to remember! ^ _ ^. However, please remember that the group name to be changed must exist in the / etc / group file, otherwise an error will be displayed!

[[email protected] ~] # chgrp [-R] dirname / filename ...
Options and parameters:
-R: Perform continuous recursive changes, that is, together with all files and directories in the subdirectory
     Are updated to become the meaning of this group. It is often used to change all files in a directory.
[root @ www ~] # chgrp users install.log <== change file group
[[email protected] ~] # ls -l
-rw-r--r-- 1 root users 68495 Jun 25 08:53 install.log
[root @ www ~] # chgrp testing install.log
chgrp: invalid group name `testing‘ <== An error message occurred ~ This group name could not be found ~
Did you find it? The file group has been changed to users, but when you want to change it to testing, an error will occur ~ Attention! Change file owner, chown
How to change the owner of a file? Very simple! Since the change group is a change group, the change owner is the change owner! BINGO! That is the purpose of the chown command. It should be noted that the user must be an account that already exists in the system, that is, the user name recorded in the / etc / passwd file can be changed.

[[email protected] ~] # chown [-R] account name file or directory
[[email protected] ~] # chown [-R] Account name: Group name File or directory
Options and parameters:
-R: Recursive (recursive) continuous changes, that is, all files in the subdirectory are changed

Example: Change the owner of install.log to bin account:
[root @ www ~] # chown bin install.log
[[email protected] ~] # ls -l
-rw-r--r-- 1 bin users 68495 Jun 25 08:53 install.log

Example: Change the owner and group of install.log to root:
[root @ www ~] # chown root: root install.log
[[email protected] ~] # ls -l
-rw-r--r-- 1 root root 68495 Jun 25 08:53 install.log
Change permissions, chmod
The file permissions are changed using the chmod command. However, there are two ways to set permissions. You can use numbers or symbols to change permissions. Let's talk about it:

Number type changes file permissions
There are nine basic permissions for Linux files, which are owner / group / others. Each of them has its own read / write / execute permission. Let ’s review the data just mentioned above: The file permission characters are: 『-rwxrwxrwx 』, These nine permissions are three in three! Among them, we can use numbers to represent each authority, the score comparison table of each authority is as follows:
r: 4
w: 2
x: 1
For each identity (owner / group / others), the respective three permission (r / w / x) scores need to be accumulated. For example, when the permission is: [-rwxrwx ---] the score is:
owner = rwx = 4 + 2 + 1 = 7
group = rwx = 4 + 2 + 1 = 7
others = --- = 0 + 0 + 0 = 0
So when we change the permissions, the permission number of the file is 770! The syntax of the chmod command for changing permissions is this:
[[email protected] ~] # chmod [-R] xyz file or directory
Options and parameters:
xyz: It is the permission attribute of the numeric type just mentioned, which is the addition of the rwx attribute value.
-R: Perform continuous recursive changes, that is, all files in the subdirectory will change
What if you want to change the permissions to "-rwxr-xr--"? Then the permission score becomes [4 + 2 + 1] [4 + 0 + 1] [4 + 0 + 0] = 754! So you need to issue "chmod 754 filename". In addition, one of the most common problems in the actual system operation is that often we edit a shell text batch file with vi, his permissions are usually -rw-rw-r-- which is 664. This file becomes an executable file, and if you do n’t want others to modify this file, then you need the permission of -rwxr-xr-x, at this time you have to issue the command "chmod 755 test.sh"!
In addition, if some files you do n’t want to be seen by others, you should set the file permissions to, for example: "-rwxr -----", then issue "chmod 740 filename"!

Symbol type changes file permissions
There is another way to change permissions! From the previous introduction, we can find that basically nine permissions are (1) user (2) group (3) other three identities! Then we can represent the authority of the three identities by u, g, o! In addition, a represents all, that is all identity! Then read and write permissions can be written as r, w, x! That is, you can use the following methods to see:


+ (Join)
= (Setting)


File or directory
Let's implement it! If we want to "set" the permissions of a file to become "-rwxr-xr-x", basically it is:

user (u): has read, write, and executable permissions;
group and others (g / o): have read and execute permissions.

So it is:
[[email protected] ~] # chmod u = rwx, go = rx .bashrc
# Attention! That u = rwx, go = rx are connected together, there is no space in the middle!
[[email protected] ~] # ls -al .bashrc
-rwxr-xr-x 1 root root 395 Jul 4 11:45 .bashrc
So if it is "-rwxr-xr--" such authority? You can use 『chmod u = rwx, g = rx, o = r filename』 to set. In addition, if I do n’t know the original file attributes, and I just want to increase the write permission for everyone in the .bashrc file, then I can use:

[[email protected] ~] # ls -al .bashrc
-rwxr-xr-x 1 root root 395 Jul 4 11:45 .bashrc
[root @ www ~] # chmod a + w .bashrc
[[email protected] ~] # ls -al .bashrc
-rwxrwxrwx 1 root root 395 Jul 4 11:45 .bashrc
And what if you want to remove permissions without changing other existing permissions? For example, if you want to remove the executable permissions of all people, then:

[[email protected] ~] # chmod a-x .bashrc
[[email protected] ~] # ls -al .bashrc
-rw-rw-rw- 1 root root 395 Jul 4 11:45 .bashrc
Do you know the difference between +,-, =? right! In the state of + and –, as long as it is an unspecified item, the permission "will not be changed". For example, in the above example, because only-is removed, the other two keep the same value at that time! Implement it a lot and you will know how to change permissions! This is very useful in some circumstances ~ For example, you want to teach a friend how to allow a program to have permission to execute, but you do not know the original permissions of the file, at this time, use "chmod a + x fil"ename", you can give the program permission to execute. Is it convenient?

The meaning of permissions of directories and files:

Now we know the three identities of the files in the Linux system (owner, group, and others), we know that each identity has three permissions (rwx), and we know that we can use chown, chgrp, chmod to modify these permissions and attributes Of course, it is no problem to use ls -l to observe the file. So, how are these file permissions different for general files and directory files? There is a big difference!

The importance of permissions to files

A file is a place that actually contains data, including general text files, database content files, binary executable files (binary programs), and so on. Therefore, permissions have the following meaning for files:

r (read): can read the actual content of this file, such as reading the text content of the text file;
w (write): Can edit, add or modify the content of the file (but not delete the file);
x (execute): This file has permission to be executed by the system.
The readable (r) means that the content of the read file is still easy to understand, so what about the executable (x)? You have to be careful here! Because the ability to execute a file under Windows is judged by "extension", for example: .exe, .bat, .com, etc., but under Linux, is our file executable? Determined by whether you have the authority of "x"! There is no absolute relationship with the file name!

As for the last w this permission? When you have w permissions on a file, you can have permission to write / edit / add / modify the content of the file, but you do not have permission to delete the file itself! For the rwx of the file, it is mainly for the "content of the file", and it does not matter whether the file name exists or not! Because the file records the actual data!

The importance of permissions to directories

The file is where the actual data is stored, so what are the main contents of the directory? The main content of the directory is to record the file name list, and the file name is strongly related to the directory! So if it refers to a directory, what does that r, w, x mean to the directory?

r (read contents in directory):
Indicates that you have permission to read the directory structure list, so when you have the permission to read (r) a directory, it means that you can query the file name data in that directory. So you can use the ls command to display the content list of the directory!
w (modify contents of directory):
This writable permission is great for directories! Because he said that you have the authority to change the directory structure list, that is, these permissions:
Create new files and directories;
Delete existing files and directories (regardless of the permissions of the file!)
Rename existing files or directories;
Move the files and directory locations in the directory.

In short, the w permission of the directory is related to the file name change under the directory!
x (access directory):
what! What is the use of the execute permission of the directory? The directory only records the file name, can't it be used for execution? That's right! The directory cannot be executed. The x in the directory represents whether the user can enter the directory and use it as a working directory! The so-called work directory is the directory where you are currently! For example, when you log in to Linux, your home directory is your current working directory. The instruction to change the directory is "cd" (change directory)!
File type:
We just mentioned using "ls -l" to observe the ten characters in the first column, the first character is the file type. In addition to the common general files (-) and directory files (d), what other types of files are there?

Regular file (regular file):
It is generally the type of file we are accessing. In terms of the attributes displayed by ls -al, the first character is [-], such as [-rwxrwxrwx]. In addition, according to the content of the file, it can be roughly divided into:
Plain text file (ASCII): This is the most common file type in the Linux system. It is called a plain text file because the content is data that we humans can directly read, such as numbers and letters. Almost as long as the files we can use as settings belong to this type of file. For example, you can issue "cat ~ / .bashrc" to see the contents of the file.
Binary file: Executable files (scripts, text batch files are not counted) in Linux are in this format ~ For example, the command cat just issued is a binary file.
Data format files (data): Some programs will read files in certain formats during operation. Those files in specific formats may be called data files. For example, our Linux will log the logged data in the file / var / log / wtmp when the user logs in, the file is a data file, he can read it through the last command! But when using cat, it will read garbled ~ because he belongs to a special format file. Almost?
Directory (directory):
That's the directory. The first attribute is [d], for example, [drwxrwxrwx].
Link file (link):
It is a shortcut similar to the one under Windows! The first attribute is [l] (lowercase English L), for example [lrwxrwxrwx];
Device and device files (device):
Some files related to system peripherals and storage are usually concentrated under the / dev directory! There are usually two types:
Block device files: These are some interface devices that store data to provide random access to the system, for example, hard disks and floppy disks! You can read and write in different blocks of the hard disk at random, this kind of device is a group device! You can check / dev / sda by yourself and you will find that the first attribute is [b]!
Character (character) device file: that is, some serial port interface devices, such as keyboard, mouse, etc.! The characteristic of these devices is "one-time reading", and the output cannot be truncated. For example, you can't make the mouse "jump" to another screen, but "slide" to another place! The first attribute is [c].
Data interface files (sockets):
Since it is called a data interface file, of course, this type of file is usually used for data on the network. We can start a program to monitor the client's request, and the client can communicate data through this socket. The first attribute is [s], and this file type is most commonly seen in the / var / run directory.
Data transfer file (FIFO, pipe):
FIFO is also a special type of file. Its main purpose is to solve the error problem caused by multiple programs accessing a file at the same time. FIFO is short for first-in-first-out. The first attribute is [p].
CentOS study notes-file permissions concept

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.