File permissions and owner group management

Source: Internet
Author: User

Write in front:

     Blog Writing in mind 5w 1 H law: w hat,w hy,w here,h ow.

The main content of this article:

Basic permissions for files and directories;

Files and directories belong to the main group set up;

Umask Meanings and Settings

This article covers the list of commands:





Process Security Context:

The process is usually initiated by the user, runs the program file, and the process runs as a user, so the user right to run the process is the permission of the process.

When the process accesses the file, the system can determine the permissions of the process according to the user identity of the running process:

Determines whether the initiator of the process is a file owner----> is----> accessed in the primary identity, the application is the master permission; no ---↓ ↓

Determines whether the initiator of the process is a member of the file group---> is---> is accessed as a group, applies group permissions; no--- ↓ ↓

To be accessed as "other", apply "other" permissions.

(The Linux system has some special permissions: Factl, suid, sgid, sticky, the files that set these permissions do not apply to the above statement)

View file permissions with the Ls-l command to see:

[Email protected]localhost ~]# ls-ltotal 4-RW-------. 1 root root 2639 Mar 4 02:58 anaconda-ks.cfgdrwxr-xr-x. 2 root root 8 18:49 shelldrwxr-xr-x. 2 root root 8 02:33 test

(1) File System file permission is the main (owner,u), belong to group (GROUP,G), Other (other,o) three kinds of identity to set;

(2) Each identity contains the rwx three kinds of permissions (readable, writable, executable);

(3) The document itself is a group of owners and genera, and the upper and the primary groups are root respectively;

In Linux, the rwx permissions for files and directories are not the same:


R: Can obtain the data of the file;

That is, you can use less, more, cat and other commands to view the contents of the file.

W: can modify the data of the file;

That is, you can use the VI and other editors to modify the data of the file.

Note: The deletion of files, MV permissions to see whether the parent directory has WX permissions, regardless of the permissions of the file itself, and CP this directory file to this directory involves the new file in the directory and read the file two-step operation, so requires the parent directory of WX permissions, as well as the file's R permissions.

X: The file can be run as a process;

That is, if the file is supported, it can be run as a program.


R: Only the Content list can be viewed;

That is, you can use the LS command to view a list of files in the directory. However, you cannot use the Ls-l command to view the details of a list of files in a directory or to CD into a directory.

W: can modify the files in this directory;

That is, you can create and delete files under the directory ( provided that you have X permissions ). Note CP, MV commands also belong to the new and deleted files in the directory operation. The CP directory requires only RX permissions for files to other directories.

x: You can view the detailed content list;

If you want to use the Ls-l command to view the file list details, you will need the R permission if you have X permission to CD into the directory.

RWX Permissions Combination mechanism:

In fact, RWX's permissions are stored as binary in Linux, and we can use octal to represent any combination of RWX permissions:

RWX permissions Binary representation Octal representation
--- 000 0
--x 001 1
-w- 010 2
-wx 011 3
r-- 100 4
R-x 101 5
rw- 110 6
Rwx 111 7

Thus, the Ugo permission of the above directory can be expressed as: 755

Rights Management Commands:

Genus principal Group information (ownership) Modification: ( Only Administrators have permission )

Modified owner: Chown

modified Genus Group: Chgrp

   File Permissions (PermissION): (only the owner has permission


Command details:


Change file owner and group

chown [OPTION] ... [OWNER] [: [GROUP]] FILE ...

chown [OPTION] ...--reference=rfile FILE ...

-R,--recursive: Recursive modification

Command instance:

#修改hello文件的属主为fred用户, belong to Fred Group. You can also ":" with "." Replace .

Chown fred:fred Hello


Chown-r: Fred Dir

#将hello的属主属组信息修改为 the genus Group of the. bashrc file



Change Group ownership

chgrp [OPTION] ... GROUP FILE ...

chgrp [OPTION] ...--reference=rfile FILE ...

usage is very similar to Chown, refer to Chown instance.


Change File mode bits

chmod [OPTION] ... Mode[,mode] ... FILE ...

chmod [OPTION] ... Octal-mode FILE ...

chmod [OPTION] ...--reference=rfile FILE ...

-R,--recursive: Recursive modification

(1)chmod [OPTION] ... Mode[,mode] ... FILE ...

You can use Ugoa to represent the owner, group, other, and all users to modify permissions on a file or directory. You can use +-= to Add, remove, and assign permissions, respectively.



[Email protected] mageedu]$ ls-l file1-r-xrw-r--. 1 mageedu mageedu 0 Mar 8 21:45 file1[[email protected] mageedu]$ chmod u=rw file1[[email protected] mageedu]$ ls-l file 1-rw-rw-r--. 1 mageedu mageedu 0 Mar 8 21:45 file1


[Email protected] mageedu]$ ls-l file1-rw-rw-r--. 1 mageedu mageedu 0 Mar 8 21:45 file1[[email protected] mageedu]$ chmod g-r file1[[email protected] mageedu]$ ls-l file1 -rw--w-r--. 1 mageedu mageedu 0 Mar 8 21:45 file1

#为dir1目录及其目录内文件目录的 "Other" users to increase the W privilege:

[Email protected] mageedu]$ ls-ld dir1/drwxrwxr-x. 2 mageedu mageedu 8 21:50 dir1/[[email protected] mageedu]$ ls-l dir1/total 0-rw-rw-r--. 1 mageedu mageedu 0 Mar 8 21:50 file2[[email protected] mageedu]$ chmod-r o+w dir1/[[email protected] mageedu]$ ls-ld D Ir1/drwxrwxrwx. 2 mageedu mageedu 8 21:50 dir1/[[email protected] mageedu]$ ls-l dir1/total 0-rw-rw-rw-. 1 mageedu mageedu 0 Mar 8 21:50 file2


[Email protected] mageedu]$ ls-l file1-rw--w-r--. 1 mageedu mageedu 0 Mar 8 21:45 file1[[email protected] mageedu]$ chmod ug-w file1 [[email protected] mageedu]$ ls-l fil E1-r-----R--. 1 mageedu mageedu 0 Mar 8 21:45 file1

(2)chmod [OPTION] ... Octal-mode FILE ...

      OKUseEight-digit way to set permissions for a primary group and other users at once。



[Email protected] mageedu]$ ls-l file1-r-----R--. 1 mageedu mageedu 0 Mar 8 21:45 file1[[email protected] mageedu]$ chmod 664 file1 [[email protected] mageedu]$ ls-l file 1-rw-rw-r--. 1 mageedu mageedu 0 Mar 8 21:45 file1

(3)chmod [OPTION] ...--reference=rfile FILE ...

The other permissions that modify the owner group of file are the same as the Rfile file, similar to the Chown command.


Display or set file Mode mask

Umask [-S] [mode]

Umask determines the user's rights to create a new file, such as the default ordinary user umask is 0002, the first is a special permission mask, do not understand can be ignored first, the latter three are the main, belong to the group, the other user rights mask. You can use the 3-bit octal directly when you set the mask.

When Linux creates a new file, the file permissions are subtracted from the initial permissions minus the mask , and the initial permissions for the directory and the file are different:

The initial permission of the file does not have X permission, so the initial permission is: 666

Directory initial permissions: 777

Note: If the initial permissions of the file minus the results obtained by umask, UG or O has execute permission, then the corresponding permission is added 1. In any case, the newly created file will not have X permissions.

Example :

[Email protected] test]$ umask 013[[email protected] test]$ touch File4[[email protected] test]$ ls-l file4-rw-rw-r--. 1 Fred Fred 0 Mar 8 22:20 file4

In the example above, 666-013=653---> RW-R-X-WX Group and other users have X permissions, so they all add 1 and the permissions become rw-rw-r--

This article is from the "Freddream" blog, make sure to keep this source

File permissions and owner group management

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.