Linux Permissions Settings

Source: Internet
Author: User

I. File and directory Permissions

In a Linux system, users can have access to each file or directory, which determines who can access and how to access those files and directories.

1. Introduction to file Permissions

In a Linux system, each user has read, write, and execute permissions on the file or directory. The 1th set of permissions Controls access to their own file permissions, that is, owner permissions. The 2nd set of permissions controls the permissions of the user group to access the files of one of the users. The 3rd set of permissions controls the permissions of all other users to access a user's files. These 3 sets of permissions give users the ability to read, write, and execute different types (that is, owners, user groups, and other users).

2. General Permissions

Use the "ls-l" command to display the file details, including permissions, as follows:

[Email protected] ~]# ls-l/root

Total 96

-RW-------. 1 root root 2623 June 2 Anaconda-ks.cfg

Drwxr-xr-x. 2 root root 4096 June 3 Desktop

Drwxr-xr-x. 2 root root 4096 June 2 Documents

Drwxr-xr-x. 2 root root 4096 June 2 Downloads

-rw-r--r--. 1 root root 40730 June 2 Install.log

-rw-r--r--. 1 root root 9272 June 2 Install.log.syslog

The first character is a exactly shown to differentiate the file type, and table 9-2 lists the commonly used file types in the Linux system.

Each of the 2nd to 10th characters is a group of 3, the left 3 characters represent owner permissions, the middle 3 characters represent the permissions of the user in the same group as the owner, and 3 characters to the right are the permissions of the other user. These 9 characters represent the following meanings.

(1). R (Read): For a file, the user has permission to read the contents of the file, and for the directory, the user has permission to browse the directory.

(2). W (write): For the file, the user has new, modified file content permissions, for the directory, the user has the ability to delete, move files within the directory.

(3). X (Execute): For the file, the user has permission to execute, and for the directory, the user has permission to enter the directory.

(4).-: Indicates that the item does not have permission.

The following examples illustrate:

-RWX------//File owner has read, write, and execute permissions on the file

The-rwxr--r--//file owner has read, write, and execute permissions, and other users have Read permissions.

The-rw-rw-r-x//file owner and the same group of users have read and write permissions to the file, while other users have read and Execute permissions only.

The Drwx-x--x//directory owner has read and write access to the directory, and other users can access the directory but cannot read any data.

DRWX------//Except that the directory owner has all the permissions, the other user does not have any permissions on the directory.

Each user has their own home directory, usually centrally placed in the/home directory with the default permissions of "RWX------", and the following command to view the home directory permissions.

[Email protected] ~]# ls-l/Home

Total 20

DRWX------4 502 502 4096 Jan 7 05:29 Lisi

DRWX------4 Wang Wang 4096 Jan 06:33 Wang

DRWX------4 NewUser newuser 4096 Jan 7 05:53 www

DRWX------. 4 Yang Yang 4096 June 2 Yang

DRWX------4 Zhang Zhang 4096 06:56 Zhang

[Email protected] ~]#

3. Special Permissions

In addition to the general permissions, there are so-called special permissions, users without special needs, do not need to enable these permissions, to avoid security vulnerabilities.

Special privileges: SUID, SGID, Sticky

Two. Permission settings

Only the system administrator and the owner of the file can change the file or directory permissions, there are generally 3 ways to change file or directory permissions.

1. Text Setting method

Changing permissions with the text setting requires the chmod command, and the chmod command format is as follows:

[Email protected] ~]# chmod--help

Usage:chmod [OPTION] ... Mode[,mode] ... FILE ...

Or:chmod [OPTION] ... Octal-mode FILE ...

Or:chmod [OPTION] ...--reference=rfile FILE ...

Change the mode of each FILE to mode.

-C,--changes like verbose if only if a change is made

--no-preserve-root do not treat '/' specially (the default)

--preserve-root fail to operate recursively on '/'

-F,--silent,--quiet suppress most error messages

-V,--verbose output a diagnostic for every file processed

--reference=rfile use Rfile ' s mode instead of mode values

-R,--recursive change files and directories recursively

--help Display this Help and exit

--version output version information and exit

Each MODE is of the form ' [ugoa]* ([-+=] ([rwxxst]*|[ Ugo]) + '.

The meanings of the parameters in the command are as follows:

U: Represents the owner, that is, the owner of the file or directory.

G: Represents the user group, that is, all users who have the same group ID as the file owner.

O: Indicates another user.

A: Represents all users, and it is the system default value.

The operation symbol has the following meanings:

+: Add a permission.

-: Cancels a permission.

=: gives the given permission and cancels the original permission.

Setting the permissions represented by mode can be any combination of the following letters.

R: Readable.

W: Writable.

X: Executable.

S: The owner of the file where the owner or group ID of the process is placed when the file is executed. "U+s" can set the file's suid permission, "G+s" can set the Sgid permission of the file.

T: Save the program's text to the swap device.

Multiple permission methods can be given in one command line, separated by commas.

Example 1: Add owner Write permission to a file.

[Email protected] ~]# Ls-l a

-r--r--r--1 root root 0 Jan 05:19 a

[Email protected] ~]#

You can see that the a file now has the owner's permission to read.

[Email protected] ~]# Ls-l a

-rw-r--r--1 root root 0 Jan 05:19 a

[Email protected] ~]#

After you change the permissions, the owner writes more permissions to the a file.

Example 2: Cancels the owner's read permission to a file.

[Email protected] ~]# chmod u-r A

[Email protected] ~]# Ls-l a

--w-r--r--1 root root 0 Jan 05:19 a

[Email protected] ~]#

To view file permissions, you can see that the owner permission for file A has not been read.

Example 3: Reassign the same group of users to a file that has write permissions.

[Email protected] ~]# chmod g=w A

[Email protected] ~]# Ls-l a

--w--w-r--1 root root 0 Jan 05:19 a

[Email protected] ~]#

As you can see, the original permissions for the same group of users are not available, and the Write permission is now reassigned.

Example 4: Change the permissions of the a file, add the owner to read, write, and read, write, and execute the same group of users.

[Email protected] ~]# chmod U+RW,G+R,O+WRX A

[Email protected] ~]# Ls-l a

-rw-rw-rwx 1 root root 0 Jan 05:19 a

Example 5: Remove read, write, and execute permissions for all users.

[Email protected] ~]# chmod a-rwx A

[Email protected] ~]# Ls-l a

----------1 root root 0 Jan 05:19 a

Example 6: The special permission to add a file is Sgid.

[Email protected] ~]# Ls-l a

------S---1 root root 0 Jan 05:19 a

2. Digital Setting method

To change file permissions using the digital setting method, you must first understand the meaning of the number representation: 0 means no permissions, 1 means executable, 2 is write, 4 is read, and then it is added. So the format of the numeric attribute should be 3 0~7 of 8 Decimal, in the Order of (U), (g), (O).

(1) R: corresponds to the value 4.

(2) W: corresponds to the value 2.

(3) x: Corresponds to the value 1.

(4)-: corresponds to the value 0.

Here are a few examples:

(1).-RWX------: Represented by a number as 700.

(2).-RWXR---r--: represented by a number as 744.

(3).-rw-rw-r-x: Represented by numbers as 665.

(4). Drwx--x--x: Represented by numbers as 711.

(5). DRWX------: Represented by a number as 700.

Use the digital setting method to change the file permissions, the chmod command format is as follows:

Chmod [N1N2N3] [file or directory name]

The meanings of the options in the command are as follows.

N1: The owner's permissions.

N2: Permissions for the same group of users.

N3: Permissions for other users.

Example 1: Set the A file permission, and the owner has read, write, and execute permissions.

[Email protected] ~]# Ls-l a

-r--r--r--1 root root 0 Jan 05:19 a

[Email protected] ~]# chmod

[Email protected] ~]# Ls-l a

-rwx------1 root root 0 Jan 05:19 a

Example 2: Set a file permission, the owner has read, the same group of users have read, write and execute permissions.

[Email protected] ~]# Ls-l a

-R--RWX---1 root root 0 Jan 05:19 a

Example 3: Set the A file permission for other users to have read, write, and execute permissions.

[Email protected] ~]# chmod 007 A

[Email protected] ~]# Ls-l a

-------rwx 1 root root 0 Jan 05:19 a

If you want to modify the permissions of all the files in a directory at once (including the file permissions in subdirectories), use the parameter "-r" to indicate the start-up recursion process.

Example: Setting the/home/user directory along with his subfolders has a permission of 777.

[Email protected] home]# Mkdir/home/user

[Email protected] home]# TOUCH/HOME/USER/ABC

[Email protected] home]# chmod-r 777/home/user

Indicates that the entire/home/user directory and the permissions for the files and subdirectories in it are set to read, write, and execute

[Email protected] home]# ls-l/home|grep user

DRWXRWXRWX 2 root root 4096 Jan 06:14 user

[Email protected] user]# ls-l

Total 0

-rwxrwxrwx 1 root root 0 Jan 06:14 ABC

Three. Change ownership of files and directories

The creators of files and directories have ownership by default, and they have any permissions on the file and directory and can do anything.

1.chown command

Use the Chown command to change the owner and user groups of files and directories.

Command syntax:

chown [-r][User. Group] [File | directory]

The parameters in the command have the following meanings.

-R: Changes the ownership of all files and directories under subordinate subdirectories.

Example 1: Change the owner of file a to NewUser.

[Email protected] ~]# Ls-l a

-r--r--r--1 root root 0 Jan 05:19 a

[Email protected] ~]# Chown:newuser a

[Email protected] ~]# Ls-l a

-r--r--r--1 root newuser 0 Jan 05:19 A

[Email protected] ~]#

Example 2: Change the owner and user group of file a to root.

[Email protected] ~]# Chown root.root A

[Email protected] ~]# Ls-l a

-r--r--r--1 root root 0 Jan 05:19 a

Example 3: Change the user group of file A to NewUser.

[Email protected] ~]# chown. NewUser A

[Email protected] ~]# Ls-l a

-r--r--r--1 root newuser 0 Jan 05:19 A

[Email protected] ~]#

Example 4: Change the directory/root/b along with the owner and user group of its subordinate file/root/b/cc to NewUser.

[Email protected] ~]# ls-l/root |grep b

Drwxr-xr-x 2 root root 4096 Jan 05:52 b

[Email protected] ~]# ls-l/ROOT/B/CCC

-rw-r--r--1 root root 0 Jan 05:52/ROOT/B/CCC

View directory/root/b and file/ROOT/B/CCC owners and user groups, currently root

[Email protected] ~]# chown-r newuser.newuser/root/b

[Email protected] ~]# ls-l/root |grep b

Drwxr-xr-x 2 newuser newuser 4096 Jan 05:52 b

[Email protected] ~]# ls-l/ROOT/B/CCC

-rw-r--r--1 newuser newuser 0 Jan 05:52/ROOT/B/CCC

[Email protected] ~]#

View the directory/root/b and file/ROOT/B/CCC owners and user groups, currently newuser.

2.CHGRP command

Use the CHGRP command to change the group to which the file or directory belongs.

Command syntax:

CHGRP [Options] [user groups] [files] [directory]

Description: The user group can be either a user group ID or a group name for the user group in the/etc/group file. A wildcard character is supported for file names. If the user is not the owner or superuser of the file, you cannot change the group of the file.

The meaning of the options in the command is as follows.

-R: Recursively changes the group that belongs to the specified directory and all subdirectories and files under it.

Linux Permissions Settings

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.