Permissions control under Linux

Finally still want to get server, this is years ago with Fedora when finishing, also posted out, by the way also review.

Let's look at the file properties first.
Enter in the shell environment: ls-l can view the current directory file. Such as:
Drwxr-xr-x. Root root 4096 Apr 5 18:26 usr
respectively, the corresponding is:
File attribute Connection number file owner group file Size file modified time file name
Here r is readable, W writable, x executable, where file attributes are divided into four segments,----------10 positions
For example:
D rwx R-x R-x
The first character specifies the file type. In the usual sense, a directory is also a file. If the first character is a horizontal line, it represents a non-directory file. If it is D, the representation is a directory.
The second paragraph is the property of the owner of the file,
The third paragraph is the attribute of the group to which the file belongs.
The fourth paragraph is for the properties of other users,
As the above folder "USR" access rights, indicating that the folder "USR" is a directory file, the owner of the folder "USR" has read and write executable permissions, and the folder "USR" belongs to the owner of the same group of users only reading and executable permissions, and other users have read and execute permissions.

After determining the access rights of a file, users can use the chmod command provided by the Linux system to reset different access rights. You can also use the Chown command to change the owner of a file or directory. Use the CHGRP command to change the user group for a file or directory.

chmod command
function: The chmod command is very important for changing the access rights of a file or directory. Users use it to control access to files or directories.
Syntax: This command has two uses. One is a text-setting method that contains letters and operator expressions, and the other is a digital setting method that contains numbers.
1. Text Setting method
chmod [who] [+ |-| =] [mode] file name?
Parameters:
Action object who is either or a combination of the following letters:
U means "user", which is the owner of the file or directory.
G means "same group user", that is, all users who have the same group ID as the file owner.
O means "other (others) users".
A means "all users". It is the system default value.
The operation symbols can be:
+ Add a permission.
-Cancels a permission.
= gives the given permission and cancels all other permissions, if any.

Setting the permissions represented by mode can be any combination of the following letters:
R is readable.
W writable.
X executable.
x append the x attribute only if the destination file is executable to some users, or if the target file is a directory.
S is the owner of the file in which the owner or group ID of the process is placed when the file is executed. The way "U+s" sets the user ID bit of the file, "G+s" sets the group ID bit.
T save the program's text to the swap device.
You have the same permissions as the owner of the file.
G has the same permissions as a user with the same group as the file owner.
o have the same permissions as other users.
File name: A list of files separated by spaces to change permissions, and wildcard characters are supported.
Multiple permission methods can be given in one command line, separated by commas. Example: chmod g+r,o+r Example
Enables the same group and other users to have read access to the file example.

CHGRP command
Function: Change the group to which the file or directory belongs.
Syntax: CHGRP [options] group filename?
This command changes the user group to which the specified file belongs. Where group can be the user group ID or the group name of the user group in the/etc/group file. The file name is separated by a space to change the list of files belonging to the group, support wildcard characters. If the user is not the owner or superuser of the file, you cannot change the group of the file.
Parameters:
-R recursively changes the genus of the specified directory and all subdirectories and files under it.
Example 1:$ chgrp-r Book/opt/local/book
Change the genus of all files under/opt/local/book/and its subdirectories as book.

Chown command
Function: Change a file or directory's owner and owner group. This command is also very common. For example, the root user copies a file of his own to the user Xu, in order for the user Xu to access the file, the root user should be the owner of the file to Xu, otherwise, the user Xu cannot access the file.
Syntax: chown [options] User or group file
Description: Chown changes the owner of the specified file to the specified user or group. The user can be either a user name or a user ID. A group can be either a group name or a group ID. The file is a space-separated list of files to change permissions, and wildcard characters are supported.
Parameters:
-R recursively changes the owner of the specified directory and all subdirectories and files under it.
-V shows the work done by the Chown command.
Example 1: Change the owner of the file test.c to ice.
$ chown Ice test.c
Example 2: Change the owner of the directory/testdir and all of its files and subdirectories to ice, and change the group to users.
$ chown-r Ice.users/testdir

Linux file permissions are one of the most secure Linux can have such security performance, a friend may know that many of the methods of attacking windows through the vulnerability to create user permissions to achieve the purpose of controlling the computer, under Linux, the root account has the maximum permissions, Can do anything, other users can only have all the permissions of their own files and the permissions of the files granted by the group member, and a description of the file permissions begins below.
Read Permissions R. In short, the right to open the file to view content, in the Web server, if the file does not have permission to open, the Web server is considered that the file does not exist, send 404 File not found error, denoted by the number 4.
Write permission W. If a file does not have permission to write, then the file cannot be changed, if the folder does not have write permission, the folder cannot create a new file, represented by the number 2.
Execute permissions x. Program Files to execute, you must have execute permissions, or you cannot execute them. Opening a folder is also performed, so the folder cannot be opened if it does not have execute permissions. Represented by the number 1.

Who has this permission readable =4 writable = 2 executable = 1 actual permissions, add vertically
File owner 0000
Users in group 0000
Public users 0000

Public users are owners and users other than users in the group, such as when accessing the Web, Linux may use a public user to read the file, it might be understood as a visitor can operate the user.
Here are some examples (again, folders and files are not the same):
File All users can write: 666 (All categories 3 users can read and write)
Who has this permission readable =4 writable = 2 executable = 1 actual permissions, add vertically
File owner 4206
Users in Group 4206
Public users 4206

Next, suppose we set the folder to 0666 what happens, the result is obvious, because the folder does not have Execute permissions, cannot be opened, so set to 0666 can not be accessed.
The folder can only be owned by the file owner, the user in the group, the public user can read and execute (755). The General Web root folder is set so that it is safe. Again: The folder does not have execute permissions and the user cannot open it. A normal server with a 500 error if the root directory permission is also 0777
Who has this permission readable =4 writable = 2 executable = 1 actual permissions, add vertically
File owner 4217
Users in Group 5015
Public Users 4015

If you need to create a file under a folder, set the permissions of the file to all: writable and executable 777
Who has this permission readable =4 writable = 2 executable = 1 actual permissions, add vertically
File owner 4217
Users in Group 4217
Public users 4217

For security reasons, normal Web files should be set to: Owner readable writable, group user readable, public user readable 644
Who has this permission readable =4 writable = 2 executable = 1 actual permissions, add vertically
File owner 4206
Users in Group 4004
Public Users 4004

Other permissions, please think for yourselves.
So please do not want to do not want to set the permissions of the file to 777 good ...

Commands for general configuration permissions: Chmod-r 777/xx/xx/xx

Reference from: LINUXIDC

Permissions control under Linux