Linux System file permission system detailed

Source: Internet
Author: User
Tags chmod create directory parent directory file permissions

command to change permission properties chmod

chmod is a command to change the permissions of a file or directory, but only the owner and Superuser root of the file has such permissions, there are two ways to change the permissions of a file or directory through chmod, one is to set permissions by means of a permission letter and an operator expression , The other is to use a numeric method to set permissions.

chmod [Numeric combination] File name
R Read 4
W Write 2
X Execute 1
- 0
Example: Create a ett.txt file and view the permissions of the file.

  

The permission of this file is the number of the 4+2+0=6, the number represented by the group is 4+0+0=4, the other user group represents the 4+0+0=4, so the number combination is 644.

Example one, use the number method of the chmod command to set permissions, as follows: (secondary number method most commonly used)

  

Example two, create a. sh file with touch, test the owner's permissions, the permissions of the group and other user groups are not tested in one by one ...

  

Permission letters and operator expressions
Identity U (user) G (Group) O (Others) A (All) + - =
Meaning User Group Other All Users Add or Subtract permissions Reduce permissions Reassign permissions

  

 

  

Summary: For directory and file permissions comparison description
File Directory
R (read) Read permission Represents a permission to read the contents of a read file Indicates permission to browse the directory (note: Different permissions to enter the directory)
W (write) Write permission Represents the right to modify the contents of a file (note: Deleting and moving files is not related to the file itself, see the parent directory) Indicates that there is a new, delete, move directory within the file permissions (need to have X permission mates, or no R has x ls-l view file will show the filename, but the file attributes are a bunch????? )
X (Execute) (Execute permission) Indicates that you have Execute file permission (normal user also needs r permission, root user can execute without r, the file itself can be executed) Represents a permission to enter a directory

Now that we can change the permissions, have we ever thought about the default permissions for the files or directories we created? umaskDefault permissions can be assigned, file default security permission is 644, directory is 755 (Linux)

  

Under Linux We look at the way there are two, one can directly input umask, you can see the number shape of the permission to set the score, one is to add-s (symbolic) parameter, you can use the symbolic type to display the permissions, as follows:

The Umask setting is simple, just add the number of permissions you want to take out after the umask command:

  

There are default Umask settings in Etc/profile and ETC/BASHRC under Linux, so let's take a look at:

1 if [SUID-GT] && ["' id-gn '" = "' id =un '"];then2     umask 0023else4< /c7>     umask 0225 fi

This is part of the content in the Etc/profile, you can see the different UID set different umask, in fact, in ETC/BASHRC file also has the basic same part of the code, we can set the umask in these two files, then what is the difference between the two? If it is changed in the Etc/profile, it will only change when the user is logged back in, and if it is changed in ETC/BASHRC, the switch directory will change, because profile is called when the user is logged in. Generally not permanent change umask, only temporary change, no big use of command (personal view)

How does a Linux system calculate file or directory permissions?
Default Maximum Permissions Umask value User permissions to create files
File When creating an even number of files Umask 666[-rw-rw-rw-] 022 (full even) [-----w--w-] 644 [-rw-r--r--] (description: Even plus subtraction default maximum permissions-umask value = User rights to create files)

Create file Umask to an odd number of times

(Umask some or all of them are odd)

666[-rw-rw-rw-] 123 (partial bit is odd) [--X--W--WX] 644 (thought that the value of the Umask 123 is an odd number, so on the basis of the calculation 543 plus 101, that is, the odd corresponding file digit permission bit 1 can be added respectively)
Directory Umask is the same as the odd even number 777[-RWXRWXRWX] 022[-----w--w-] 755[-rwxr-xr-x] (Description: Default maximum permissions-umask value = User permissions to create directory)

You can see the above in the calculation of the creation of the default permissions of the file and directory, I think so: 666-022=644;777-022=755., so that the number is exactly the user-created directory or file permissions, (note: If it is a file umask is odd, Need to do subtraction, the odd number of corresponding files on the digital permissions plus 1, the directory is not required, Bo Master Pro-beta acceptance! For more calculation methods, refer to the calculation formula for Linux default permissions

How to set UID, GID, Stick_bit

SUID: Put the x position of U, the original position has execute permission, it is set to S, not for S.

chmod u+s XXX # set setuid permissions

chmod 4551 File//permissions: R-sr-x-x

SGID: Placed in the x position of G, the original position has execute permission, is set to S, not for S.

chmod g+s XXX # set Setgid permissions

chmod 2551 File//permissions: R-xr-s--x

STICKY: Sticky bit, placed in the X position o, the original location has execute permission, is set to T, otherwise t.

chmod o+t XXX # set stick bit permissions for directory

chmod 1551 File//permissions: R-xr-x--t

Note: suid modifies the execution command, not the target file to be processed, and is only valid for binary files or programs, and the binary command or program needs to have executable permissions.

Loading ....

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.