Linux folder permissions and Umask

First create a directory to see the permissions:

 - drwxrwxr-x   3 huangxm huangxm  4096  :/ drwxr  - 12288   - -- : /drwxrwxr-x   2 huangxm huangxm  4096  :  test/

Then we change the permissions to 444, that is, all R permissions

 - drwxrwxr-x   3 huangxm huangxm  4096  :/ drwxr  - 12288   - -- : /Dr--r--r--   2 huangxm huangxm  4096  :  test/

Go to the catalogue and try it.

WhoAmI huangxm$ CD Testbash:cd:test: Insufficient rights [email protected]-virtual-m

Do not have permission to enter the directory, it appears that only r permission is not possible, then we add W permission

 - drwxrwxr-x   3 huangxm huangxm  4096  :/ drwxr  - 12288   - -- : /drw-rw-r--   2 huangxm huangxm  4096  :  test/

Then CD into the catalogue and try it.

$ CD testbash:cd:test: Insufficient Permissions

It's still not working. Let's just add the X-permission.

 - drwxrwxr-x   3 huangxm huangxm  4096  :/ drwxr  - 12288   - -- : /Dr-xr-xr--   2 huangxm huangxm  4096  :  test/

Then CD into the directory:

pwd/home/huangxm/Test catalog/test

It appears that only the Read permission is no way to enter the directory, only the RW permission is not allowed to enter the directory, so be sure to have X permissions are available.

So in general, the folder in the system is 755 permissions, allowing all users to access the folder.

Then we create a new file in the test directory a.txt, and change the test directory permissions to 766, so that all users have RW permissions.

$ ll Total dosage -DRWXRWXR-X3HUANGXM HUANGXM4096February -  -: *./drwxr-xr-x -HUANGXM HUANGXM12288February -  -: *.. /DRWXRW-rw-2HUANGXM HUANGXM4096February -  -: -test/$ ll Total dosage8DRWXRW-rw-2HUANGXM HUANGXM4096February -  -: -./DRWXRWXR-X3HUANGXM HUANGXM4096February -  -: *.. /-rw-r--r--1Root root0February -  -: -A.txt

You can see the test folder all users have W permissions, the A.txt file except root is only R permission, now we try to modify the other users

' ReadOnly ' (please add! Enforcement)

Forced to save, found that the save was successful. Open the file and see

Cat A.TXTIJFEIHIFHFEFEFEFEFEF

The content has been saved. Obviously the file is not write permission, but can be forced to write, and can delete files, so folder to W permission is quite dangerous thing.

To summarize:

Permissions	Operation
R	Cd
Rx	CD ls
Wx	CD Touch RM (Self,other) VI (self,other)
Wxt	CD Touch rm (self) VI (self)

Take a look at the idea:

1. Create directory test with root user, give others WX permissions, and create a,b,c three files

mkdir test# chmod o=touch Test/{a,b,c}

Look, A,b,c belongs to root.

1 root    root       0  :  a1 root    Root       0  :  b1 root    root        0   - c:xx

2. Switch to normal user status, try to delete a

RM -F A

To root user next ll see, ordinary user wx does not have LS permission

# ll Total dosage8drwxr-x-wx2Root root4096February -  -: on./DRWXRWXR-X3HUANGXM HUANGXM4096February -  -: About.. /-rw-r--r--1Root root0February -  -:xxb-rw-r--r--1Root root0February -  -:xxC

A has been deleted.

3. The general user vi B, modified after the forced saving, is also possible.

4. To the root user, add a o=t permission to the test directory

chmod o+ls -4drwxr24096   : Test

To the normal user, try to delete the B

RM -F Brm: Unable to delete "b": Operation not allowed

You cannot delete someone else's file after you have added the T permission. Try VI again.

" b " E212: Unable to open and write to file press Enter or other command to continue

Even add! Forced saving is also not.

Then how to add the number form T permissions, such as the TMP directory, which is a temporary directory, everyone needs to put things in, so it is 777 permissions, but think about it, if the root of the things, the other users can also be modified, it is unreasonable. Therefore, the TMP directory needs to have a T permission, not allow other users to modify, using the digital form is:

#chmod1777 /tmp

Umask

Each user creates files and folders with a default permission for the files and folders, and the default permissions are determined based on the umask values of each user. We use root and normal users to create files and folders to see the permissions:

Drwxr-xr-x2Root root4096February -  One: theRootDir-rw-r--r--1Root root0February -  One: theROOTFILEDRWXRWXR-X2HUANGXM HUANGXM4096February -  One: theUserdir-rw-rw-r--1HUANGXM HUANGXM0February -  One: theUsertouch

You can see that the root user created folder permissions is 755, the file permissions created is 644, the normal user created folder permissions is 775, the file permissions created is 664

View the umask values for root and normal users separately

# umask 0022 $ umask 0002

The root umask is 022, and the average user is 002.

Folder Permissions 777–022 = 755, file permissions 666–022 = 644

We can understand that folder permissions are 777–umask file permissions is 666–umask

But not really is subtraction, is actually a mask, try to set the Umask value to 777 (under the current user Umask 777 can be set), then the file permissions are 000, not 1

Linux folder permissions and Umask