How to set file permissions in Linux

Source: Internet
Author: User
In fact, Windows systems are similar to Linux systems. the properties of files and directories in Windows systems are read-only and hidden, while those in Linux are the same. In Linux, each file has a specific attribute. It mainly includes two aspects: file type and file permission. There are five different types: common files, directory files, and links.

In fact, Windows systems are similar to Linux systems. the properties of files and directories in Windows systems are read-only and hidden, while those in Linux are the same.


In Linux, each file has a specific attribute. It mainly includes two aspects: file type and file permission. There are five different types: common files, directory files, link files, device files, and MPs queue files.


The object permission refers to the access permission to the object, including reading, writing, deleting, and executing the object. Linux is a multi-user operating system that allows multiple users to log on and work simultaneously. Therefore, Linux associates a file or directory with a user or group. The Access Control List (ACL: Access Control List) provides better Access Control for computers. it is used to restrict Access to files, resources, or sockets by all users, including root users. The following is a simple setup method.


Step 1 check the system core


First, check whether the core of your Linux system supports the ACL function. Because Linux does not support ACL at the core of each version, the simplest way is to check whether the core of the system currently supports:


[Root @ mail/] # cat/boot/config-kernel-version | grep-I ext3

CONFIG_EXT3_FS = m

CONFIG_EXT3_IDEX = y

CONFIG_EXT3_FS_XATTR_SHARING = y

CONFIG_EXT3_FS_XATTR_USER = y

CONFIG_EXT3_FS_XATTR_TRUSTED = y

CONFIG_EXT3_FS_ACL = y


If you can see the above items, it indicates that the files have been compiled to the core, and the ext3 file system supports the ACL function. these functions can be found in the compilation core options. If not, go to the official website of the ACL to install the Kernel (Http://acl.bestbits.at/).


Step 2 Mount a partition


You can mount a partition and enable the ACL in the following ways:


# Mount-t ext3-o acl/dev/sda1/fs1


You can also directly write it in the/etc/fstab file, so that you can support the ACL function after the boot:


# Vi/etc/fstab


Step 3. set ACL permissions


ACL is often set for individual users. The following are several different examples:


For example, to create three users: test1, test2, and test3, you can log on to the system as the root user and run the following command to create three usernames and passwords:

[Root @ mail root] # adduser test1

[Root @ mail root] # adduser test2

[Root @ mail root] # adduser test3

[Root @ mail root] # passwd test1

[Root @ mail root] # passwd test2

[Root @ mail root] # passwd test3


Then mount an ext3 file to the/fs1 Directory:

[Root @ mail root] # mount-t ext3-o acl/dev/sda1/fs1


Then, set the read and write permissions for the files created in test1 to test2:

[Root @ mail root] # chmod-R 777/fs1


To allow all users to add permissions for files to directories:


Log on to the system with test1 and run the following command:

[Test1 @ mail test1] # cd/fs1

[Test1 @ mail fs1] # echo "Create by test1"> test1.txt

[Test1 @ mail fs1] # chmod go-r test1.txt

[Test1 @ mail fs1] # ll test1.txt

-Rw ------- 1 test1 test1 17 Jul 14 22:11 test1.txt


The following operations allow test1to have the permission to read and write test1.txt (except for root). log on to the system with test2 and run the following command:

[Test2 @ mail test2] # cd/fs1

[Test2 @ mail fs1] # cat test1.txt

Cat: test1.txt Permission denied


Log on to the system with test1 and run the following command:

[Test1 @ mail fs1] # setfacl-m u: test2: rw test1.txt


In this way, test2 is permitted to read and write the object. Let's take a look at the changes in its file attributes:

[Test1 @ mail fs1] # ll

-Rw-r -- + 1 test1 test1 10 Feb 16 13:52 test1.txt


A "+" is added to the end of the file, indicating that the file uses the ACL attribute settings. then, run the getfacl command to view the ACL file attribute settings:

[Test1 @ mail fs1] # getfacl test1.txt

# File: test1.txt

# Owner: test1

# Group: test1

User: rw-

User: test2: rw-

Group: rw-

Mask: rw-

Other: r --


We can see that test2 has the permission to read and write this file.


Log on to the system using test2 and run the following command to check what happened?

[Test2 @ mail test2] # cd/fs1

[Test2 @ mail fs1] # cat test1.txt

Create by test1


Test2can read the test1.txt file.

[Test2 @ mail fs1] # echo "Modify by test2"> test1.txt

[Test2 @ mail fs1] # cat test1.txt

Create by test1

Modify by test2


Now test2can also modify the test1.txt file.


Log on to the system with test3:

[Test3 @ mail test3] # cd/fs1

[Test3 @ mail fs1] # cat test1.txt

Cat: test1.txt Permission denied


In addition to test110000test2, other users have the permission to read and write test1.txt (except root ).


Although a bit dizzy, the command is actually one or two, mainly to give you a clear understanding of the various situations, so that you will find in the use of Linux, compared to the vulnerable Windows permission protection, linux is really good!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.