Detailed introduction to CentOS file permission concepts

Source: Internet
Author: User
Tags chmod numeric readable centos file permissions

When "Permission deny" appears on your screen, don't worry. "Permission setting is definitely incorrect! (The following is an excerpt from Chapter 6 of laruence's Linux private House dish. Linux file permission and directory configuration. 2. Linux file permission concept)

Linux file attributes

After you log on to Linux as a root user, go to "ls-al" and check the following tips:


The code is as follows: Copy code
[Root @ localhost ~] # Ls-al
Total 64
Dr-xr-x ---. 2 root 4096 Dec 18.
Dr-xr-x. 22 root 4096 Nov 14 ..
-Rw -------. 1 root 1098 Nov 3 anaconda-ks.cfg
-Rw -------. 1 root 12288 Dec 18. Anaconda-ks.cfg.swp
-Rw -------. 1 root 1517 Dec 18 10:36. bash_history
-Rw-r --. 1 root 18 May 20 2009. bash_logout
-Rw-r --. 1 root 176 May 20 2009. bash_profile
-Rw-r --. 1 root 176 Sep 23 2004. bashrc
-Rw-r --. 1 root 100 Sep 23 2004. cshrc
-Rw-r --. 1 root 8726 Nov 3 :57 install. log
-Rw-r --. 1 root 3190 Nov 3 :56 install. log. syslog
-Rw-r --. 1 root 129 Dec 4 2004. tcshrc
[1] [2] [3] [4] [5] [6] [7]
[Permission] [connection] [owner] [group] [file size] [modification date] [file]


The first column indicates the file type and permission (permission ):



The first character indicates that the file is "directory, file, or link file 』:

If it is [d], it is a directory, for example, the row named "." in the table above;

If it is [-], it is a file, for example, the line named "install. log" in the above table;

If it is [l], the link file is used );

If it is [B], it is the interface device (random access device) that can be stored in the device file );

If it is [c], it indicates the serial port device in the device file, such as the keyboard and mouse (one-time reading device)

The following characters are a group of three parameters, all of which are a combination of the three parameters of "rwx. [R] indicates read, [w] indicates write, and [x] indicates execute ). Note that the positions of these three permissions will not change. If you do not have the permissions, the minus sign [-] will appear.

The first group is "permission of the file owner". Take the file "install. log" as an example. The owner of the file can read and write but cannot execute the file;

The second group is "same group permissions 』;

The third group is "other permissions not for this group 』.

The second column indicates how many files are connected to this node (I-node ):

The third column indicates the "owner account" of the file (or directory 』

The fourth column indicates the group to which the file belongs.

The fifth column shows the size of the file. The default unit is bytes;

Column 6 shows the file's file creation date or the latest modification date:

The seventh column is the file name.

This field is the file name. It is special that if there is one more "." before the file name, it indicates that the file is "hidden 』.

How to Change file attributes and permissions

Commands commonly used to modify permissions of groups, owners, and various identities are as follows:

Chgrp: change the group to which the file belongs

Chown: change the file owner

Chmod: changes the file permissions, SUID, SGID, SBIT, and other features

Change the group, chgrp

It's really easy to change the group of a file. Just change it with chgrp, thanks! This command is the abbreviation of change group! This is easy to remember! ^_^. However, remember that the group name to be changed must exist in the/etc/group file; otherwise, an error is displayed!


[Root @ www ~] # Chgrp [-R] dirname/filename...

Options and parameters:

-R: perform recursive changes, that is, all files and directories under the sub-directory.

Are updated to this group. It is often used to change all files in a directory.


[Root @ www ~] # Chgrp users install. log <= change the file Group

[Root @ www ~] # Ls-l

-Rw-r -- 1 root users 68495 Jun 25 install. log

[Root @ www ~] # Chgrp testing install. log

Chgrp: invalid group name 'testing' <= error message ??? Is it bad ?? /P>

Found? The file group is changed to users, but an error occurs when the file group is changed to testing ~ Note!


Change the file owner, chown

How can I change the owner of a file? Very easy! Since the change group is a change group, the change owner is the change owner ?? BINGO! That is the purpose of the chown command. Note that the user name must be a logged user name in the/etc/passwd file.


[Root @ www ~] # Chown [-R] account name file or directory

[Root @ www ~] # Chown [-R] account name: group name file or directory

Options and parameters:

-R: perform recursive changes, that is, all files under the Directory are changed.

Example: change the owner of install. log to the account "bin:

[Root @ www ~] # Chown bin install. log

[Root @ www ~] # Ls-l

-Rw-r -- 1 bin users 68495 Jun 25 install. log

Example: change the owner and group of install. log to root:

[Root @ www ~] # Chown root: root install. log

[Root @ www ~] # Ls-l

-Rw-r -- 1 root 68495 Jun 25 08:53 install. log


Change permission, chmod

The chmod command is used to change the file permission. However, there are two methods to set the permission: numbers or symbols. Let's talk about it:

Change file permissions for numeric types

There are nine basic permissions for Linux files: owner, group, and others. Each of the three identities has its own read, write, and execute permissions. First, review the data mentioned above: the permission character of the file is "-rwxrwxrwx". The nine permissions are in a group of three or three! Here, we can use numbers to represent each permission. The score of each permission is as follows:

R: 4

W: 2

X: 1

The three permissions (r/w/x) of each identity (owner/group/others) must be Accumulated. For example, when the permission is: [-rwxrwx ---] The score is:

Owner = rwx = 4 + 2 + 1 = 7

Group = rwx = 4 + 2 + 1 = 7

Others = --- = 0 + 0 + 0 = 0

So when we change the permission settings, the permission number for this file is 770! The command chmod syntax for permission change is as follows:

[Root @ www ~] # Chmod [-R] xyz file or directory

Options and parameters:

Xyz: The permission attribute of the numeric type just mentioned. It is the sum of the values of the rwx attribute.

-R: perform recursive changes, that is, all files under the directory will be changed together.

What if I want to change the permission to "-rwxr-xr? Then the permission score is [4 + 2 + 1] [4 + 0 + 1] [4 + 0 + 0] = 754 ?? Therefore, you need to issue "chmod 754 filename 』. In addition, the most common problem in actual system operation is that after we edit a shell text batch file using vi, the permission is usually-rw-r -- that is, 664. If you want to change the file to an executable file and do not allow others to modify the file, therefore, you need to grant permissions such as-rwxr-xr-x. In this case, you must grant the following permissions: "chmod 755 test. sh command ??

In addition, if you do not want to see some files, set the file permission to "-rwxr -----" for example. Then, issue "chmod 740 filename!

Change file permissions by symbol type

There is another way to change permissions! From the previous introduction, we can find that the nine permissions are (1) user (2) group (3) others! Then we can use u, g, o to represent the permissions of three identities! In addition, a represents all, that is, all identities! Then the read and write permissions can be written as r, w, x! That is to say, you can use the following method:




A + (join)


= (Set) r



File or directory

Let's implement it! If we want to "set" The permission for a file to become "-rwxr-xr-x", it is basically:

User (u): Has the readable, writable, and executable permissions;

Group and others (g/o): have the permission to read and execute.


[Root @ www ~] # Chmod u = rwx, go = rx. bashrc

# Note! The u = rwx, go = rx are connected together, and there is no space in the middle!

[Root @ www ~] # Ls-al. bashrc

-Rwxr-xr-x 1 root 395 Jul 4 :45. bashrc

What if the permission is "-rwxr-xr? You can use "chmod u = rwx, g = rx, o = r filename" to set it. In addition, if I don't know the attributes of the original file, and I just want to add the permission that everyone in the. bashrc file can write, then I can use:

[Root @ www ~] # Ls-al. bashrc

-Rwxr-xr-x 1 root 395 Jul 4 :45. bashrc

[Root @ www ~] # Chmod a + w. bashrc

[Root @ www ~] # Ls-al. bashrc

-Rwxrwxrwx 1 root 395 Jul 4 :45. bashrc

What if you want to remove the permission without changing other existing permissions? For example, to remove the executable permissions of all users:

[Root @ www ~] # Chmod a-x. bashrc

[Root @ www ~] # Ls-al. bashrc

-Rw-1 root 395 Jul 4 :45. bashrc

Do you know the difference between +,-, and =? Yes! + In the "and-" status, the permission is "not changed" as long as it is a project that has not been specified. For example, in the preceding example, because only-remove x is used, the other two remain unchanged! If you perform more operations, you will know how to change the permissions ?? This is useful in some situations ~ For example, you want to teach a friend how to grant the execution permission to a program, but you do not know the original permission of the file. At this time, you can use "chmod a + x filename 』, this gives the program the execution permission. Is it convenient?

Directory and file permissions:

Now we know three identities (owner, group, and others) of files in Linux. We know that each identity has three permissions (rwx) and can use chown, chgrp, chmod can modify these permissions and attributes. Of course, it is okay to use ls-l to observe the file. So what are the differences between these file permissions for general files and directory files? A big difference!

Importance of permissions on files

Files actually contain data, including common text files, database content files, binary executable files (binary program), and so on. Therefore, permission is of the following significance for a file:

R (read): read the actual content of the file, such as the text content of the text file;

W (write): You can edit, add, or modify the content of the file (but not delete the file );

X (execute): The file has the permission to be executed by the system.

The readable (r) indicates reading the file content is easy to understand, so what about executable (x? You must be careful here! This is because the "extension" is used to determine whether a file has the ability to execute at the end of Windows. For example :. exe ,. bat ,. com and so on, but in Linux, whether our file can be executed is determined by whether it has the "x" permission! There is no absolute relationship with the file name!

What about the last w permission? When you have w permissions on a file, you can write, edit, add, or modify the file content, but you do not have the permission to delete the file! For the file rwx, it is mainly for the "file content". It has nothing to do with the existence of the file name! Because the file records actual data!

Importance of permissions on directories

Files are used to store actual data. What are the main contents used to store? The main contents of the directory are in the file name list. The file name is strongly related to the directory! So what is the meaning of the r, w, and x for the directory?

R (read contents in directory ):

Indicates that you have the permission to read the list of directory structures. Therefore, when you have the permission to read (r) a directory, you can query the file name data in the directory. So you can use the ls command to display the content list of this directory!

W (modify contents of directory ):

This writable permission is amazing for the directory! Because it indicates that you have the permission to change the directory structure list, that is, the following permissions:

Create a new file and directory;

Delete an existing file and directory (regardless of the permission of the file !)

Rename an existing file or directory;

Move the files and directories in the directory.

In short, the w permission of the directory is related to the change in the file name under the Directory!

X (access directory ):

Success! What is the purpose of directory execution permission? The directory is just a record file name. It cannot be used for execution? That's right! The directory cannot be executed. Directory x indicates whether the user can enter the directory to become a working directory! The so-called working directory is your current directory! For example, when you log on to Linux, your home directory is your current working directory. The command for changing directories is "cd" (change directory )??

File type:

As we mentioned earlier, we used "ls-l" to observe the 10 characters in the first column. The first character is the file type. In addition to common general files (-) and directory files (d), what types of file types are there?

Regular file ):

The first character is [-], for example, [-rwxrwxrwx], in terms of the properties displayed by ls-al. In addition, according to the content of the file, it can be divided:

Text files (ASCII): This is the most common file type in Linux ?? It is called a plain text file because the content is the data that we humans can directly read, such as numbers and letters. Almost all files that can be used as a set belong to this file type. For example, you can issue the "cat ~ /. Bashrc "to view the content of the file.

Binary: the executable file (scripts, text-type batch processing file is not counted) in Linux ~ For example, the issued command cat is a binary file.

Data files: some programs read files in specific formats during operation. Files in specific formats can be called data files ). For example, when a user logs on to Linux, the login data is recorded in the/var/log/wtmp file, which is a data file, he can read it through the last command! But when cat is used, garbled characters are read ~ Because it belongs to a special format file .? Hu?

Directory ):

Is the directory ??? Zookeeper crashes [d], for example, [drwxrwxrwx].

Link ):

It is similar to the shortcut in Windows! The first attribute is [l] (lowercase English L), for example, [lrwxrwxrwx];

Device and device files ):

Files related to the system perimeter and storage are usually stored under the/dev directory! There are two types:

Block device: it refers to some interface devices that store data to provide random access to the system. For example, hard disks and floppy disks are the same! You can randomly read and write data in different blocks of the hard disk. Is this device a group of devices ?? You can check/dev/sda and find that the first attribute is [B!

Character (character) device File: it is an interface device for some serial ports, such as the keyboard and mouse! These devices feature "one-time reading" and cannot be truncated. For example, you cannot let the Mouse "jump" to another screen, but "slide" to another place! The first attribute is [c].

Data Interface File (sockets ):

Since it is called a data interface file, take it for granted that this type of file is usually used for data acceptance on the network. We can start a program to listen to the requirements of the client, and the client can communicate data through this socket. The first attribute is [s], which is most often seen in the/var/run directory.

Data transmission File (FIFO, pipe ):

FIFO is also a special file type. It aims to solve the problem of simultaneous access to a file by multiple programs. FIFO is the abbreviation of first-in-first-out. The first attribute is [p].

Relationship between permissions and commands:

We know that permissions are very important for user accounts, because they can restrict users from reading, creating, deleting, and modifying files or directories! What commands can be run under what permissions?

1. What are the basic permissions for allowing users to access a directory to become a "working directory:

Commands that can be used: commands such as cd to change the working directory;

Permission required for a directory: The user must have at least x permissions for this directory.

Additional requirement: if the user wants to use ls to check the file name in this directory, the user also needs the r permission for this directory.

2. What is the basic permission of a user to read a file in a directory?

Available commands: for example, cat, more, less, etc. mentioned in this Chapter

Permissions required for a directory: The user must have at least x permissions for the directory;

Permissions required for files: Users must have at least r permissions on files!

3. Why can users modify the basic permissions of a file?

Available commands: nano or the vi editor to be introduced in the future;

Directory permissions: The user must have at least x permissions in the directory where the file is located;

File permissions: Users must have at least r and w permissions on the file.

4. What is the basic permission for a user to create a file?

Permissions required for a directory: The user must have permissions w and x in this directory, focusing on w!

5. What are the basic permissions for a user to access a directory and run a command under the Directory?

Directory permissions: The user must have at least x permissions in the directory;

File permissions: Users must have at least x permissions on the file.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.