Day08-linux Permissions

last learned to organize the basic operation of the Linux documentation, today we learn the permissions under Linux:

1. Permissions for files or directories chmod:

Chmod is mainly used to modify the permissions of files and directories, the main parameters:-R (Cascade modified subordinate directory).

1. How do we check the permissions of this directory or file:

[Email protected] ~]# ls-l

Total Dosage 136

Drwxr-xr-x 2 root root 64 October 15:28 1 #rwx为所属主:r-x belongs to group :r-x for other :

-rw-r--r-- 1 root root 841 October 17:31 1.txt

Drwxr-xr-x 2 root root 6 October 25 17:36 2

-rw-r--r-- 1 root root 0 October 24 15:28 22

As mentioned above: the second to tenth bits of the first part are in three-bit groups: 11th bit (.) is SELinux (it is only added when SELinux is open.)

Owner #文件的拥有者: The person who created the file/directory:

Owning group #文件的所属组: the group where the user who created the file/directory is located:

(Other) #其他外来人员:

1.2 How do we add permissions to directories and files: Generally there are two ways (the result of the operation is the same)

The permissions for the rwx in are represented by numbers as follows:

r===4 # represents a readable permission: view this file: Then the file can be read:

w===2 # indicates writable permissions: You can write to the file: it means that the file can be written:

x===1 # indicates an executable permission : This directory can be opened, which means that the directory is executable:

1,chmod 777 Filename/dir by Digital Way to add: the following:

[[email protected] ~]# chmod 777 1.txt #给文件添加777 (readable writable executable) permissions: [[email protected] ~]# chmod 777 1 #给目录也添加777权限: [    [Email protected] ~]# ls-ldrwxrwxrwx 2 root root 64 October 15:28 1 #此文件对主 (group) Other: readable writable executable:-rwxrwxrwx 1 root root 841 October 17:31 1.txt

2,chmod u=rwx,g=rw,o=rx filename/dir #u表示主, G for group, O for other: a= all:

[[email protected] ~]# chmod u=rwx,g=rw,o=rx 1.txt[[email protected] ~]# chmod u=rwx,g=rw,o=rx 1[[email protected] ~]# ls -ldrwxrw-r-x 2 root root 64 October 15:28 1-rwxrw-r-x 1 root root 841 October 17:31 1.txt

Of course: You can also increase or decrease the permissions by +-= #加号表示增加权限, minus means reduce permission, equals equals permission: chmod u-r 1

[Email protected] ~]# chmod u-r,g+w,o-x 1.txt #分别减去u权限和加上g的权限: [[email protected] ~]# chmod u-r 1[[email protected] ~]# Ls-ld-wxrwwr-x 2 root root 64 October 15:28 1--wxr--r--1 root root 841 October 17:31 1.txt

1.3 chmod also has one parameter:-r: Indicates cascading options: The permissions for all files/directories in this directory are changed:

Chmod-r Filename/dir

[[email protected] ~]# chmod-r 777 1 #权限级联下面文件 [[email protected] ~]# ls-l 1-rwxrwxrwx 1 root root 0 October 24 15:28 1 1 #目录下文件的权限已改变:-rwxrwxrwx 1 root root 0 October 18:08 1.txt #目录下目录的权限已改变:

1.4 Since permissions can be represented by numbers, how are permissions defined: Umask values:

[Email protected] ~]# umask #查看umask的值:

0022

We will find that the permissions for normal files or directories are different: This is because the Umask value is defined: And the Umask value can be modified:

[[email protected] yuan]# ls-la-rw-r--r--1 root root 0 October 18:53 1.txt #文件的权限为644. drwxr-xr-x 2 root root 6 October 18:53 dir #目录的权限为755.

This is because the file does not need to execute permissions: While the directory requires: Enter a directory = = to execute this directory:

So the permissions of the file are calculated:

666-022 644 #文本不需要执行权限

(rw-rw-rw-)-(----w--w-) = (rw-r--r--)

Permissions calculation for the directory:

777-022 755 #目录需要执行权限

(rwxrwxrwx)-(----w--w-) = (rwxrw-rw-)

However, it is easy to get the wrong error in the way of subtracting numbers:

For example, if we set the Umask value to 003, then the file's permission should be 664, minus 603, so this method is not recommended:

2. Change the owner of the file and the owning group: chown

Chown is primarily used to modify the owner and owning group of a file: main parameters:-R

2.1 So how do we see the owner and the group that owns the file/directory:

[Email protected] ~]# ls-l

Total Dosage 136

drw-r--r--2 root root 90 October 25 18:08 1

-rw-r--r--1 root root 841 October 17:31 1.txt

As mentioned above: the third part of the root represents the owner, and the Forth section indicates the owning group:

Creator and owner of the owner (Root) # file:

the group where the owning Group (root) # file belongs:

2.2 How do we change the owner and the owning group to the file/directory:

Chown username:Group Filename/dir

[Email protected] ~]# chown yuanhh 1 #表示修改目录1的所属主为yuanhh. [Email protected] ~]# CHOWN:YUANHH 1 #表示修改目录1的所属组为yuanhh.  [Email protected] ~]# chown yuanhh:yuanhh 1.txt #表示同时修改1. txt's owner and owning group: [[email protected] ~]# ls-ldrw-r--r--2 yuanhh YUANHH 90 October 18:08 1 #查看目录1.-rw-r--r--1 yuanhh yuanhh 841 October 17:31 1.txt #查看文件1. txt.

2.3 At this point, Chown also has a parameter:-r: Indicates a cascading option: The permissions for all files/directories in this directory are changed (mainly for the directory):

Chown-r username:Group 1 #修改1目录的主和组 (also modifies directories and files under it).

[Email protected] ~]# chown-r yuanhh:root 1 #同时修改目录1的所属主和所属组: [[email protected] ~]# ls-l 1-rwxrwxrwx 1 yuanhh Root 0 October 15:28 #其下面的目录也发生变化:-rwxrwxrwx 1 yuanhh root 0 October 18:08 1.txt #其下面的文件也发生变化:

3. CHGRP: This command modifies the owning group of the file (as the group that owns the Chown).

CHGRP Group Filename/dir #应用格式

[Email protected] ~]# chgrp yuanhh 2.txt #修改其所属组为yuanhh: [[email protected] ~]# ls-l 2.txt-rw-------1 root yuanhh 4 904 October 17:48 2.txt #已修改:

3.1 At the same time, CHAGR also has cascading parameters, you can directly modify the directory below the file or directory:

Chgrp-r Group 1 #修改目录1, in a cascading way:

[Email protected] ~]# chgrp-r yuanhh 1 #修改目录1, in a cascade way: [[email protected] ~]# ls-l 1-rwxrwxrwx 1 yuanhh yuanhh 0 10 Month 15:28 #-rwxrwxrwx 1 yuanhh yuanhh 0 October 18:08 1.txt #

4, Hidden permissions lsattr/chattr: The parameters are as follows;

-I: When this option is added, the file or directory cannot be deleted, modified, written, etc. (not even the boss root)

-A: After adding this option: can only append, cannot be deleted, modified, and non-root user cannot operate (only increase not minus)

-S: When this option is added: Data is synchronously written to disk: #不常用

-C: Automatic decompression: Automatic decompression when reading files: #不常用

-A: When added, the atime of the file cannot be modified: #不常用

- D : View only the current directory itself: #相当于ls的-D option:

-A: View hidden files: #用法: lsattr-a

- R : View files or directories in the current directory:

4.1 Hidden permissions can protect the security of the file, once set, the file even the root user can not be modified:

Usage 1: chattr +i filename/dir #给文件或目录增加i权限:

[[email protected] ~]# chattr +i 1.txt #给1. txt add i permissions: [[email protected] ~]# rm-fr 1.txt #无法删除文件: RM: Cannot delete " 1.txt ": disallowed operation [[email protected] ~]# echo 1 > 1.txt #无法追加文件内容:-bash:1.txt: Insufficient permissions [[email protected] ~]# chmod 77 7 1.txtchmod: Change permissions for "1.txt": Operation not allowed #无法修改文件权限:

Usage 2: chattr +a filename/dir #给文件或目录增加a权限:

[Email protected] ~]# chattr +a 1.txt #给1. txt add a permission [[email protected] ~]# rm-fr 1.txt #无法删除文件: RM: Unable to delete "1.txt": Operation not allowed [[email protected] ~]# chmod 777 1.txt #无法修改文件权限. chmod: Change permissions for "1.txt": Actions not allowed [[email protected] ~]# echo 1111 >> 1.txt #可以追加文件内容 [[email protected] ~]# TAIL-N1 1.txt1111

4.2 How do we cancel the file permissions:

chattr-a filename/dir #给文件或目录取消a权限:

chattr-i filename/dir #给文件或目录取消i权限:

also supports lsattr-r(also cascading options): Use the following:

lsattr-r +i dir #主要只针对于目录:

View command lsattr: Parameter:-d (Directory itself)-A (hidden file)-R (cascading file or directory)

[[email protected] ~]# lsattr-d 1 #只查看目录1的权限:----i-----------1[[email protected] ~]# lsattr-r 1 #查看目录下面的文 Pieces option:----I---------------i-----------1/yuan

Hidden files:

[Email protected] ~]# lsattr-a/root/#查看隐藏文件:----------------/root/.bash_logout----------------/ROOT/.BASH_PR Ofile

Today we are studying here.

This article is from the "_de blog" blog, be sure to keep this source http://yuanhaohao.blog.51cto.com/7714752/1976123

Day08-linux Permissions