Linux System file permission system detailed

Source: Internet
Author: User
Tags parent directory readable

Getting started: Get a simple look at Linux file permissions

On Linux systems, the ls-l command can view file permissions, such as

[Email protected] test]$ Ls-l a
-rw-rw-r--. 1 zhaohuizhen zhaohuizhen 121 Oct 20:26 A

File a permission is in the first column, the first bit--a normal file that represents file a. The following 9 is the file permissions, rw-rw-r--, the first three files belong to the master permission, the middle three is a group of permissions, the last three to represent other user rights.

R Read permission W Write permission x Execute permission-no permissions.


1) Change permission Properties command chmod

Chmod can be used to change the permissions of a file or directory, but only the owner and Superuser root of the file have this permission. There are two ways to change the permissions of a file or directory by chmod: One is to set permissions by means of a permission letter and an operator expression, and the other is to set permissions by using a numeric method.

A digital permission method

chmod [Numeric combination] File name

-R to change the properties of all files in a directory

4 Read 2 Write 1 Execute 0 no permissions

B-character file notation

U Genus G Group O other users

+ Add-subtract = set

R Read W write X Execute

2) Change the file ownership relationship command Chown

When we want to change the genus of a file, the user we use must be a group of files and a member of the target group, or Superuser. Only super users can change the owner of the file.

Chown Syntax:

chown [Options] [owner][:[Group]] File #: can be replaced by.

Use CHGRP to change the file group

Summary test: Linux plain file read and write execution permission description

Readable r: Indicates a permission to read the contents of a file

Writable W: Indicates permission to modify file contents

(Special note: Delete files, modify file name, new file permissions are controlled by the parent directory permissions, and the file itself permissions Independent)

Executable x: Represents the right to execute the file (the file itself can be executed, the normal user must also have R permissions, root privileges can also be executed, of course, the file itself needs to be able to execute. )

Summary test: Description of Read and write execution permissions for Linux directories

Readable r: Represents the right to browse directories under files and directories, LS dir. (Can not enter the directory, that is, cd dir, if there is no X permission, the list is also problematic, ls-l dir List property will have a question mark, prompt does not have permission.) )

Writable W: Indicates a permission to add, delete, or modify a file name within a directory (requires X permission mates)

Executable x: Indicates a permission to enter the directory, such as CD dir.

Linux file and Directory permissions comparison description:

R (read, reading permission):

For a file, it represents the right to read the contents of a file.

For a directory, it represents the permission to browse the directory (note that it is different from the permission to enter the directory), and the X permission mates.

X (Execute, execute permission):

For a file, it represents the Execute file permission. For executable script files, the normal user also needs R permission mate, the root user does not need r permission, and for executables, no r permission mate is required.

For a directory, the permission to enter the directory is indicated.

-(No permissions)

If the corresponding bit is "-", it means that there is no permission.

Special attention:

When a file or directory is deleted or moved, it is related only to the previous level of directory permissions for the file and to the file itself. For a file, writing a file modifies the file rather than deleting it, so the write file is related to the file's own properties.

Command for default permission assignment umask

Work, the general default permissions, the directory is 755, the file is 644. This is a relatively secure permission. Work as far as possible to let our files and directories reach the above default permissions.

In Linux systems, the default permissions for files are determined by umask. When you create a file, the default maximum permissions is 666, the maximum permission to create the text directory is 777, and the corresponding permissions are masked based on the umask value. You can view the default permission values for umask under different directories in the/etc/login.defs file. Home directory, default permissions Umask 077.

To change the default permissions for files and directories:

Umask 022 022

Set User ID bits: in s notation.

1) The user corresponding to the first three x-bit if there is, use small s to denote suid. When there is no X on the X-position, SUID is the uppercase S.

2) Set the user ID bit is to allow ordinary users to run as root or other user's rights only root or other users can run programs or commands, or program commands corresponding to files that do not have permission to operate, and so on.

For example, if you want a boy user to delete a file that was not authorized to delete.

A sudo

b suid (suid modifies the executed command, not the file to be processed)

3) only valid for binary command programs and cannot be used on similar script files like Shell. Shell scripts only invoke binary command programs, so specific permissions also need to look at the binary command itself.

4) Binary command program needs to have executable permissions X

5) suid permissions are only valid during program execution.

6) Any user who executes the command can obtain permission to do so during the execution of the command program.

7) Suid is a double-edged sword, is a more dangerous function, a certain threat to the system security.

Linux System file permission system detailed

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.