Linux folder permissions and Umask

First create a directory to see the permissions:

$ ll Total dosage 20drwxrwxr-x   3 huangxm huangxm  4096  February 16:35./drwxr-xr-x, Huangxm huangxm 12288  February 16 16:35 .. /drwxrwxr-x   2 huangxm huangxm  4096  February 16:35 test/

Then we change the permissions to 444, that is, all R permissions

$ ll Total dosage 20drwxrwxr-x   3 huangxm huangxm  4096  February 16:35./drwxr-xr-x, Huangxm huangxm 12288  February 16 16:3 5.. /dr--r--r--   2 huangxm huangxm  4096  February 16:35 test/

Go to the catalogue and try it.

$ whoamihuangxm$ CD testbash:cd:test: Insufficient permissions [email protected]

Do not have permission to enter the directory, it appears that only r permission is not possible, then we add W permission

$ ll Total dosage 20drwxrwxr-x   3 huangxm huangxm  4096  February 16:35./drwxr-xr-x, Huangxm huangxm 12288  February 16 16:35 .. /drw-rw-r--   2 huangxm huangxm  4096  February 16:35 test/

Then CD into the catalogue and try it.

$ CD testbash:cd:test: Insufficient Permissions

It's still not working. Let's just add the X-permission.

$ ll Total dosage 20drwxrwxr-x   3 huangxm huangxm  4096  February 16:35./drwxr-xr-x, Huangxm huangxm 12288  February 16 16:3 5.. /dr-xr-xr--   2 huangxm huangxm  4096  February 16:35 test/

Then CD into the directory:

$ cd test$ pwd/home/huangxm/Test catalog/test

It appears that only the Read permission is no way to enter the directory, only the RW permission is not allowed to enter the directory, so be sure to have X permissions are available.

So in general, the folder in the system is 755 permissions, allowing all users to access the folder.

Then we create a new file in the test directory a.txt, and change the test directory permissions to 766, so that all users have RW permissions.

$ ll Total dosage 20drwxrwxr-x   3 huangxm huangxm  4096  February 16:35./drwxr-xr-x, Huangxm huangxm 12288  February 16 16:35 ..  /drwxrw-rw-   2 huangxm huangxm  4096  February 16:53 test/$ ll total dosage 8drwxrw-rw-2 huangxm huangxm 4096  February 16 16:53 ./drwxrwxr-x 3 Huangxm huangxm 4096  February 16 16:35.. /-rw-r--r--1 root    root       0  February 16:53 a.txt

You can see the test folder all users have W permissions, the A.txt file except root is only R permission, now we try to modify the other users

DFDFDFFFFFFFFFFFE45: The option ' ReadOnly ' has been set (please add! Enforcement)

Forced to save, found that the save was successful. Open the file and see

$ cat A.TXTIJFEIHIFHFEFEFEFEFEF

The content has been saved. Obviously the file is not write permission, but can be forced to write, and can delete files, so folder to W permission is quite dangerous thing.

To summarize:

Permissions	Operation
R	Cd
Rx	CD ls
Wx	CD Touch RM (Self,other) VI (self,other)
Wxt	CD Touch rm (self) VI (self)

Take a look at the idea:

1. Create directory test with root user, give others WX permissions, and create a,b,c three files

# mkdir test#chmod o=wx test# Touch Test/{a,b,c}

Look, A,b,c belongs to root.

-rw-r--r--1 root    root       0  February 18:00 a-rw-r--r--1 root    root       0  February 18:00 b-rw-r--r--1 root    Root       0  February 18:00 C

2. Switch to normal user status, try to delete a

$ RM-F A

To root user next ll see, ordinary user wx does not have LS permission

# ll Total dosage 8drwxr-x-wx 2 root    root    4096  February 18:01./drwxrwxr-x 3 huangxm huangxm 4096  February 16 17:56.. /-rw-r--r--1 root    root       0  February 18:00 b-rw-r--r--1 root    root       0  February 18:00 C

A has been deleted.

3. The general user vi B, modified after the forced saving, is also possible.

4. To the root user, add a o=t permission to the test directory

# chmod o+t test# ls-l total dosage 4drwxr-x-wt 2 root root 4096  February 18:02 test

To the normal user, try to delete the B

$ rm-f BRM: Cannot delete ' B ': Operation not allowed

You cannot delete someone else's file after you have added the T permission. Try VI again.

"B" E212: Cannot open and write to file press Enter or other command to continue

Even add! Forced saving is also not.

Then how to add the number form T permissions, such as the TMP directory, which is a temporary directory, everyone needs to put things in, so it is 777 permissions, but think about it, if the root of the things, the other users can also be modified, it is unreasonable. Therefore, the TMP directory needs to have a T permission, not allow other users to modify, using the digital form is:

#chmod 1777/tmp

Umask

Each user creates files and folders with a default permission for the files and folders, and the default permissions are determined based on the umask values of each user. We use root and normal users to create files and folders to see the permissions:

Drwxr-xr-x 2 root    root    4096  February 11:15 rootdir-rw-r--r--1 root    root       0  February 17 11:15 Rootfiledrwxrwxr-x 2 huangxm huangxm 4096  February 11:15 userdir-rw-rw-r--1 huangxm huangxm    0  February 11:15 userto Uch

You can see that the root user created folder permissions is 755, the file permissions created is 644, the normal user created folder permissions is 775, the file permissions created is 664

View the umask values for root and normal users separately

# umask0022$ umask0002

The root umask is 022, and the average user is 002.

Folder Permissions 777–022 = 755, file permissions 666–022 = 644

We can understand that folder permissions are 777–umask file permissions is 666–umask

But not really is subtraction, is actually a mask, try to set the Umask value to 777 (under the current user Umask 777 can be set), then the file permissions are 000, not 1

Linux folder permissions and Umask