Linux File Permission explanation

Source: Internet
Author: User

For linux File Permission explanation, we enter a directory. Executing ls-l will display the details of all the files under the directory (here, the word "Archives" stands for files and folders.: a total of seven columns of information, including [permission], [number of links], [owner], [group], [size], [last modification time], [name]. this article only describes [permissions], [owners], and [groups] in detail. because Linux is a multi-user multi-task system, many people may use this host at the same time. In order to consider the privacy of each person and the work environment that everyone prefers, therefore, the role concept is very important. there are three concepts. 1) archive owner (user): the creator of the archive. 2) group: the group to which the archive belongs. 3) others: users other than users and groups. let's take a look at the [permission] column, which has a total of 10 digits and can be divided into four sections. the 1st bits represent the file type, '-' indicates that this is a regular file, and 'D' indicates that This is a folder. (There are other uncommon ones, such as 'l', 'C', 'B', 'P', and 's', which are not explained here .) 2 ~ 4. The three digits indicate the read/write/execute permissions of the user. 5 ~ 7 these three represent the read/write/execute permissions of the group. 8 ~ 10 These Three Represent the read/write/execute permissions of others. if it is readable/written/executed, it is represented by the letter r/w/x. If it is not readable/written/executed, it is represented. read/write/execute is interpreted as follows (excerpt from Baidu Library): For Files: (the following test of file permissions is completed when the upper-level directory permission is 777: indicates that the content of the copied file can be read and written: indicates that the content of the file can be modified and executed: indicates that the file can be operated only by other parsing programs: only the read permission can read and copy the file. The file content cannot be rewritten. the permission to delete and move the file is determined by the permission of the upper-level directory, if the upper-level directory has the permission to delete and move, you can delete and move it. Only writable: if you have only writable permission but no read and execution permission, you cannot read or modify the content of the file or execute the file, and cannot copy the file, the permission to delete and move the file is determined by the permission of the upper-level directory. Only executable: The file content cannot be read or rewritten only when the executable permission is available, and the file cannot be copied. It does not seem to be executed as a script, the permission to delete and move the file is determined by the permission of the upper-level directory. Therefore, you must have the write permission on the file, both readable and writable, And the execution permission on the file. You must have both readable and executable permissions. For a directory: (the following test of directory permissions is completed when the involved file permissions are 777.) readable: lists the attributes of files and subdirectories in the directory itself and in the directory, view Only properties (ls) writable: You can add and delete files and directories to the directory. Execute: You can enter this directory, you can read the file content under the directory or rewrite the file content (when the File Permission permits) only readable: The read permission of the directory only allows us to read the directory, to obtain a list of all file names in the directory, you cannot add or delete files or directories, or read or modify the content of files in the directory. Only writable: If you only have the write permission, you cannot add or delete files or subdirectories to the directory, including copying and moving. To modify the file content in a directory, not only the write permission of the directory, but also the execution permission of the directory. Only executable: you do not have the read and write permissions on the directory, but only the execution permission. You can also read and rewrite the contents of the files in the directory (as long as you confirm that the file exists in this path ); do you not need the write permission for the directory? Of course not. If you do not have the write permission, you cannot add or delete files or subdirectories to or from the directory, including copying and Moving Files and subdirectories. It can be seen that these three permissions are often used together. for example, for a directory, only the r permission may have no effect. Generally, r and x must be provided at the same time (without x, r cannot enter the directory, and r is almost useless). For files, it is often useless if there is only w but no r. It still cannot be written and the original content of the file cannot be read. How can we add, delete, and modify the content. the user, group, and others mentioned above are not specific definitions. Combined with the r/w/x permissions, an actual model is built, which seems easier to understand. if the problem persists, you may want to correct it. assume that four people, A, B, C, and D, share A four-bedroom, one-bedroom house outside the university, which can be considered as A general upper-level directory, name it home. the rooms of the four persons are respectively A, B, C, D. the shared space such as the living room, bathroom, and kitchen is E. (1) four people have ownership of their room. They are the owner of the room and usually have all permissions. Therefore, for room (directory), its properties may be like this --> dr Wx ------ user (A) group (A, each user is attached to at least one group, its main group) (2) the four are brothers of the 602 dormitory of the University, then we create A new group named dorm602 and add A, B, C, and D to this group. Then, the permissions for E in this public area may be like this --> drwxrwx --- user (root) group (dorm602 ). in this way, the four persons A, B, C, and D of dorm602 have read, write, and execute permissions on E. (3) The relationship between A and B, C, and D is very good. You can also come in to my bedroom. It's so good that you can use anything, directory A permission may be set to --> drwxrwx --- user (A) group (dorm602 ). (4) A is really A good talker. He does not need A private space at all, except B, C, D. Other outsiders (for example, B's classmates come on A day) you can also visit his house, Yes, but you don't want others to touch his things. the permission of directory A can be set like this --> drwxrwxr-x user (A) group (dorm602 ). we can see that the others permission is r-x, that is to say, you can enter my house (x), and you can view anything in my room (r) at will ), but you cannot touch them (w ). similarly, we also use this example to look at the problem that directory rx should be provided at the same time and file rw should be provided at the same time. (5) Now A is talking to B, C, and D. You can see that our relationship is so good, but you can't go into my house. then the permission is set as --> drwxrw ---- user (A) group (dorm602 ). as a result, it seems to be generous. In fact, there is no ridicule left. I don't have to grant the x permission. What if rw is used... well, since I am not allowed to enter it, I will check it at the door, so B tries to execute ls-l A/in the home directory. If there is A directory aaa in the house of, there is a file bb B, then you will probably get the result: d ?????????????? Aaa -?????????????? Bbb is reasonable, isn't it? Even if you have the r permission and cannot go into the house, you will probably be able to see what is in the room and the specific situation of things. (6) What if so --> drwx -- x --- user (A) group (dorm602 ). that is equivalent to saying that you can enter our house, but you have to hide your eyes. OK, the House can enter, but you don't know anything in it. It's impossible for you to move something in the house. so cd A actually enters directory A, but if you ls it, sorry, the system prompts that you have no permission. (7) Sometimes we create a new file in a directory and prompt that we do not have the permission. What is the problem. this is like A thing of B that wants to be put in A's room. To achieve this, the permission of directory A can be like this --> drwx-wx --- user (A) group (dorm602 ). now A file ccc of B can be placed in Room A. Note that the r of the group permission of directory A is not required, Wx is indispensable. (8) We can see that most of the above examples are using directories, because we should better accept the concept of read and write permissions for files. let's talk about the rw problem mentioned above. for files, only w permissions are often useless and cannot be written. r usually needs to carry. for example, if A has A file computer in the room, A sets the File Permission to --> d-wx ------ user (A) group (). if one day A finds that the CPU performance of his computer is too poor and wants to change A new CPU for his computer, of course, he has the right to perform this operation (w), but no r, so A can only close his eyes and assemble the new CPU into the computer. Obviously, this w operation won't succeed. Without the r permission, he may not be able to open the lid of the computer, mei chaofeng's eye-closed fight is so powerful that it can only exist in martial arts novels, right? ^. of course, for masturbation, A can still boot and play with the computer due to the permission of x, although it is relatively slow. here is an example. Er, group, and others should have some specific impressions! I have an understanding of these read and write permissions, user and group, and the purpose of this article is achieved. Finally, I attached the command to set permissions. chgrp: Change the group to which the archive belongs. command Format: chgrp groupname filename. of course, the group name must exist. II. chown: changed the archive owner. command Format: chown username filename. similarly, the user name also needs to exist. in fact, chown contains the chgrp function, which is very flexible: chown username filename // only sets user chown username: groupname filename // user & group and sets chown at the same time: groupname filename // set only group. ':' available '. '. 'The character may be confusing, so ':' is recommended. chmod: There are two ways to change the r/w/x permission: numbers and symbols. the weights of r, w, and x are 4, 2, and 1 respectively, so we can use three numbers to represent the permission table, for example, rwx ------ is 700, rwx --- r -- 704,-wx -- xrwx is 317. in this way, two methods can be used for chmod. This command is flexible and can be used as an example. number: it is easy to write, but the disadvantage is that it is not intuitive and it is not convenient to set the number locally. chmod 777 filename letter: This usage is very flexible, where u, g, o, a represent user, group, others, all. chmod u = rwx, go = rx filename chmod u = wx filename chmod g + x filename chmod a + w filename chmod + w filename

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.