Linux file permissions and directory management

Source: Internet
Author: User
Tags create directory

Three types of identities for Linux file systems
    • File owner
    • Same group of users
      Users of the same user group can access the files of the user group;
      Each account can be joined to multiple user groups.
      Files in the same user group can also have different permissions, and they can not be viewed by this group of users.
    • The others
      People other than the file owner and the same group of users are others.
      PS:/etc/passwd Record all users ' accounts
      /etc/shadow record passwords for all users
      /etc/group Record all group names
File properties

Ls-al displays all file names and related properties (including hidden files that begin with.)

Total theDrwxr-XR- x+  -Chaibozhou Staff952  4  at  ,: , .Drwxr-XR- x   5Root Admin the  4  -  +: - ..- R--------   1Chaibozhou Staff9  3  +  A:xx .Cfusertextencoding-RW- R--R--@1Chaibozhou Staff10244  4  at  One: - .Ds_storedrwx------   5Chaibozhou Staff the  4  at  -: - .Trash-RW-------   1Chaibozhou Staff3205  4  at  -:Panax Notoginseng .Bash_historydrwxr-XR- x   6Chaibozhou Staff204  4  4  the:Wuyi .Config
    1. First column: File type and Permissions
      D: Catalog file
      -: Normal file
      L: Link File
      B: The device file used to store the data
      C: Device files for transferring data: mouse, keyboard

      The next three characters are set, which represent the permissions of the file owner, the permissions of the same group of users, and the permissions of the other users, and the order of R, W, and X is fixed.

    2. Second column: How many file names are connected to this node

    3. Third column: The owner account of this file/directory
    4. Column Fourth: The user group to which this file belongs
    5. The fifth column: The size of this file, the unit is B
    6. Column Sixth: the date the file was created or modified
      If you want a realistic full date time, you can add parameters to ls: ls-l–full-time
      PS: In linux commands, if the parameter starts with a--the following argument is shorthand, and if--begins with, the following argument is complete. The full-time here is a complete parameter.
      PS: If the original installation of Linux in Chinese, display the full date should be displayed in Chinese, but Chinese can not be displayed in the command window, there will be garbled, at this time can only set a bit, let the date display in English: Lang=en_us
    7. Seventh column: File name
The importance of Linux permissions
    1. The ability to protect system files
      Usually the system files are read, write, and execute only by the root administrator.
    2. The ability to provide data sharing for team development
      The same development team can be set up as a group of users to share files.
Commands to change file properties and permissions
    1. CHGRP: Changing the user group to which the file belongs
      CHGRP [-R] New user group directory or file: Change the user group of the file under this path to "new user group"
      PS: This new user group must be/etc/group under some, otherwise it will error.
      PS: If the last parameter is a directory, it means that only the user group of the files in this directory is changed to this.
      Ps:-r indicates that if the last parameter is a directory, the file under the current directory, along with all the files in the subdirectory, is changed to this.
    2. Chown: Change File Master
      Chown [-r] User name file or directory: Change the file owner of all files in this directory to this user name.
      PS: This user name must be/etc/passwd.
      This command can both modify the file master and modify the user group: Chown [-r] User name: User group name directory/file
      Chown [-r] User name. user group name directory/file
      PS: Because the user name can be a decimal point, when there is a user name with a decimal point, the system will be a miscarriage of error, so we generally use: To connect the user name and user group name.
      You can also modify only the user group name: chown [-r]. User group name directory/file

When do I need to change the file owner and user group?
When we copy a file to someone else, it is assumed that this file can only be read by the main file, since the copy will copy the permissions of the file and all the attributes, then the other person will be unable to access the copy after the file, so after the copy is complete, the first person should modify the properties and permissions of the file.

cp  原目录/原文件  新目录/新文件
    1. chmod: Changing the permissions of a file
      There are two ways to change the permissions of a file: To modify permissions with numbers, to modify permissions with symbols.
      A) Modification of permissions with numbers
      As we have already known, the permissions are composed of 9 letters, and each of the three is a group, respectively: The file owner's permissions, the same group of users, and other people's permissions. In this way, r=4, w=2, x=1, add up to three values for each group, forming a three-digit number. For example:
      File Master: rwx = 4+2+1=7;
      Same group of users: rwx=4+2+1=7;
      others:---=0+0+0=0;
      So the command is as follows:

      chmod [-R] 770 文件/目录

      b) Modification of permissions with symbols
chmod  u/g/o/a  +/-/=  r/w/x  文件/目录
例子:文件主能够读、写、执行;同组用户和其他用户能够读、执行。
chmod  u=rwx,go=rx  文件名
假设原先不知道文件的属性,现在只想让所有的人能够执行这个文件,则:
chmod  a+x  文件/目录
假设原先不知道文件的属性,现在只想让同组用户和其他用户无法写,则:
chmod  go-w  文件/目录
Meaning of directory and file permissions

A file has rwx, which simply means that the user can read, write, and execute the contents of the file, read the contents of the file, write to the file, and execute the file. However, you do not have permission to delete this file.

A directory has rwx:
R: Indicates a permission to read the directory structure, that is, I can use the LS command to view the structure of the directory, but I cannot go through the CD into this directory.
W: Indicates a permission to change the directory structure, that is, the ability to create/delete/rename/move files/directories.
X: Indicates that a user is able to enter this directory through a CD.
PS: Whether a directory has X permission is very important, if there is no X permission, indicates that cannot enter into this directory, that is, cannot execute all the programs under this directory. Example: There is a directory file as follows

drwxr--r--  3  root  root  4096  日期  .ssh

The same group of users and other users of this directory file can only view the directory structure through LS, cannot CD into this directory, and cannot execute all the programs in it.

In the station, some of the resources in the server to the outside world access, but if a directory only open the R permission, then only the LS this directory structure, but can not enter into this directory to access the data inside. To open the data in the directory to others, at least open R and X permissions, but w permissions cannot be easily opened. For example:

Suppose there is an account user1, her home folder is:/home/user1,user1 to this directory file has rwx permissions, in this folder has a data file, the permissions are as follows:-rwx--1 root root ..., then:
User1 for this file belongs to other users, does not have any permissions, but for this folder, with RWX, the ability to view the directory structure of the folder through LS, the ability to access the folder through the CD, you can create, delete, rename, move files under this folder.

Use the root account to create a directory/dir under/temp, which has a permission of 744, and then create the file test under/dir.
Analysis: For dir This directory, the file master rwx, the same group of users and other users can only r; that is, the file master can this directory structure, can be CD to this directory, to be able to create, delete, rename, move files in this directory, and the same group of users and other users can only LS this directory structure.
PS: Create directory: mkdir directory name
PS: Create an empty file: Touch file name

#用root身份进行以下操作cddir744dirdir600dir/test #对于这个文件,文件主4+2:读和写,同组用户和其他用户啥也不能干
#切换身份的命令:su - 用户名cd-l#现在身份是chai,对于这个目录来说,是其他用户,那么只有r权限,也就是只能ls这个目录的结构,无法cd到这个目录中去cd#直接报错:permission denied
exit #退出到刚才的身份chown chai /temp/dir #将dir这个目录的文件主改为chai,此时chai具有rwx权限cd /temp/dir #此时chai可以cd到dir中,可以在dir中创建、删除、重命名、移动文件rm test #删除test文件
Linux file types

Ordinary file-
1. Plain text files
Cat/chai can be used to view chai this ordinary file.
2. binary files
Executable files in Linux (scripts and text batch files are not counted).
The cat just now is a binary file.
3. Data Format Files
A file with a specific format, such as a configuration file, that will be read when the program is run.
For example: When the user logs on to Linux, the log will be recorded in the/var/log/wtmp file, which is a data format file.
PS: Data format file to use last to read, if the cat read will appear garbled.

Catalog File D

Connection File L
is a shortcut under Windows.

Device files
1. Block Device file B
The device files used to store the data, such as: Hard disk, floppy disk.
2. Character device file C
Device files for data transfer, such as: keyboard, mouse.
3. Socket S
This device file is in/var/run.
4. Pipe P
Used to troubleshoot errors caused by multiple programs accessing a file at the same time.

Linux Extensions

Linux does not have an extension, and a Linux file can be executed, depending on whether the file has an X in its properties.
However, to enhance the readability of the file, we have added "extension" to the file.
*.sh represents a script or batch file.
*z, *.tar, *.tar.gz, *.zip, *.tgz They are all compressed files.
PS: the permission to download files from the Internet is possible to change, so when we download the file can not run to see if its permissions have x.

Linux Restrictions on files

Linxu default to the Ext2/ext3 file system, the length of the file name is limited to:
The maximum length of a single file name or directory name is 255 characters;
The full file or directory name has a maximum length of 4,096 characters.
Avoid some special characters when naming files.

Linux Directory configuration Standard

Since the development of Linux distribution a lot of vendors, so to the development of these vendors to standardize the file system, so there is a file system configuration specification: Filesystem Hierarchy STANDARD=FHS.

FHS four types of catalog specifications:

    1. List of available shares
      Indicates that this directory can be shared with other hosts on the network for mounting.
    2. Directories that cannot be shared
      A device file or socket file that can only be run on its own machine is not shared with other hosts because it is related only to its own machine.
    3. Unchanging Directory
      No matter what kind of distributions, these directories are fixed, and the file data inside the directory does not change basically. In general, these directories store function libraries, system configuration files, and so on.
    4. Variable Directory
      The data for the files in these directories will always change, such as log files.

The root directory is the most important directory of the whole system, all other hungry directories are derived from the root directory, and the root directory is also related to power-on, restore, system repair and other operations.

FHS Recommendation: The root directory should be small enough, and the application should not be placed in the same partition as the root directory.

FHS It is recommended that you have these directories in the root directory:
-/bin: Commands in the bin directory can be used by all accounts, the General command is: Cat, chmod, chown, date, MV, mkdir, CP, bash
-/boot: Open the file for the opportunity
-/dev: Any device is stored in this directory as a file
-/etc: The system's main configuration files are placed in this directory. The file attributes in this directory are available to the general user, but only root can be modified, FHS recommend: Do not place executable files in this directory.
-/home: The Default User Master folder for the system.
~ Represents the home folder of the currently logged in user
~chai represents the home folder of the specified user
-/lib: The library function that is used when the boot is stored and the/bin,/sbin directory commands.
-/media: Place a removable device file. such as: Floppy disk, CD-ROM.
-/MNT: If you want to temporarily mount some additional devices, place them in this folder.
-/OPT: directory where third-party software is placed
-/root: System Administrator's home folder
-/sbin: Required for the boot process, including commands needed to power on, repair, and restore the system
-/srv: is the service abbreviation for storing some data required by the Network service.
-/tmp: Where the general user executes the program to temporarily store data. Anyone can access it, so you need to clean it up regularly. FHS recommends that the directory be emptied when the distributions is powered on.

Other important directories:
-/lost+found: A directory that is generated by using the Ext2/ext3 file system. When a file system error occurs, some missing fragments are placed in this directory.
-/proc: is a virtual file system, that is, its data are stored in memory, do not occupy hard disk space.
-/sys: Also a virtual file system that records kernel-related information.

When booting, only the root directory is mounted, and the other directories are in the same partition that was mounted after the system boot was completed. Therefore, the directory associated with the boot process must be placed in the same partition as the root directory. Directories that must be placed in the same partition as the root directory are:

    • /etc: Configuration file
    • /bin: Important Execution files
    • /dev: Required device files
    • /lib: The library functions required to execute the file and the modules required by the kernel
    • /sbin: Important System Execution files

/usr Directory
=unix software Resource is the directory where operating system key resources are placed.
FHS Recommendation: All software developers should place data in subdirectories of this directory, rather than creating separate directories on their own.
This directory is equivalent to C:\Program Files under Windows.

/var directory
/usr the larger capacity files that are required to place the Setup program, while/var is stored in the program execution process, which gradually takes up the hard drive directory. Such as: cache, log and so on.

Each directory can not only mount the local file system, but also use the file system on the network. You can use the network File System Server =NFS server to mount the specified directory of the Web mountain.

Linux file permissions and directory management

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.