Linux File permissions issues

Source: Internet
Author: User

Each file or directory in Linux contains three general permissions and some special permissions, and there are three types of users who can access the file: The file owner, the user with the same group as the owner, and other users.

To view the file Permissions command:

Ls-l View all file permissions under the current folder

Ls-l file name View permissions

View the results as follows:

-rw-r--r--1 root root file name

Explanation of running Result:

The first character is typically used to differentiate between files and directories:

d: Represents a directory, in fact, in EXT2FS
-: Indicates that this is an ordinary file.
L:  means this is a symbolic link file, which in fact points to another file.
B c : block devices and other peripherals, respectively, are special types of files.
S p These files relate to the system's data structures and pipelines, which are often rarely seen.

2 ~ 10 in a character 3 3 3 9 characters, which represent the following meanings:

R (read, reading ): For the file, has the right to read the contents of the file, for the directory, with browse directory
W (write, writes ): For the file, has the new, modifies the file content the permission, for the directory, has the deletion, moves the file inside the directory the permission.
X (Execute, execute ): For the file, it has permission to execute the file, and for the directory, the user has permission to enter the directory.
-: Indicates that the item does not have permission.

Each user has his or her own directory, usually centrally placed in the/home directory, the default permissions for these exclusive directories are rwx------: indicates that the directory owner itself has all permissions, Other users cannot enter the directory.

The directory created by the mkdir command is executed with the default permissions of rwxr-xr-x, and the user can modify the permissions of the directory as needed.

Special permissions:

SorS(Suid,set UID): Executable files with this permission can be privileged to arbitrarily access all the system resources that the owner of the file can use. Please note that you haveSUIDpermissions of the file, hackers often take advantage of this permission toSUIDwith theRootThe owner of the account, silently in the system to open the back door for future access and use.
SorS(SGID,Set GID): Set above the file, with the effectSUIDThe same, but instead of replacing the file owner with a user group, the file can access any system resources that the entire user group can use.
TorT(Sticky):/ tmpand the/var/tmpdirectory for all users to temporarily access files, that is, each user has the full access to the directory, to browse, delete and move files.
BecauseSUID,SGID,Stickyoccupyxposition, so there is a case for the representation. Join simultaneously to open Execute permissions andSUID,SGID,Sticky, the permission indicates that the character is lowercase:
-rwsr-sr-t 1 root root
If execute permission is turned off, the character is capitalized:
-rwsr-sr-t 1 root root

chmod Command Modify Permissions:

There are two ways to use this command. One is a text-setting method that contains letters and operator expressions, and the other is a digital setting method that contains numbers.

1. Text Setting method
chmod [who] [+ | - | =] [mode] File name
The meanings of the options in the command are:
Action object who is either or a combination of the following letters:
U means "user", which is the owner of the file or directory.
G means "same group user", that is, all users who have the same group ID as the file owner.
O means "other (others) users".
A means "all users". It is the system default value.
The operation symbols can be:
+ Add a permission.
-Cancels a permission.
= gives the given permission and cancels all other permissions, if any.
Setting the permissions represented by mode can be any combination of the following letters:
R is readable.
W writable.
X executable.
x append the x attribute only if the destination file is executable to some users, or if the target file is a directory.
S is the owner of the file in which the owner or group ID of the process is placed when the file is executed. The way "U+s" sets the user ID bit of the file, "G+s" sets the group ID bit.
T save the program's text to the swap device.
You have the same permissions as the owner of the file.
G has the same permissions as a user with the same group as the file owner.
o have the same permissions as other users.
File name: A list of files separated by spaces to change permissions, and wildcard characters are supported.
Multiple permission methods can be given in one command line, separated by commas. Example: chmod g+r,o+r Example
Enables the same group and other users to have read access to the file example.

2. Digital Setting method

chmod [mode] file name

Where mode is given a value of three digits, the format of the numeric attribute should be 3 octal numbers from 0 to 7, in the Order of (U) (g) (O).

R: corresponding value 4
W: corresponding value 2
X: Corresponding value 1
-: Corresponding value 0

Example: rwx r-x r--for user u, whose permissions are 4+2+1=7; user g, permission is 4+0+1=5; user o, permission is 4+0+0=4.

Explain:

we will rwx as a binary number, if there is 1 said that there was no 0 said, then rwx r-x R- it can be represented as:
111 101 100, then convert it to a decimal number for every three bits, which is 754

Linux File permissions issues

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.