From http://blog.csdn.net/linuxgroup
In Linux, I always encounter a headache because I don't have the permission to modify files. As a newbie, I like "chmod 777-r file directory". As a result, the system crashes.
"
<! -- @ Page {margin: 2 cm} p {margin-bottom: 0.21} -->
ChmodCommand
Purpose
Change the file mode.
Syntax
Use a symbol to change the file type
Chmod [-R] [-H] [-F] [[U] [G] [O] | [A] {-| + | = }[R] [W] [X] [X] [S] [T]} {File... | directory ...}
Use numbers to change the file type
Chmod [-R] [-H] [-F] Permissioncode {file... | directory ...}
Description
ChmodCommand to modify the mode bit and the extended access control table of the specified file or directory (ACL). It can be defined by symbols or numbers (in full mode ).
When you encounter a symbolic link and you do not specify-HFlag,ChmodCommand to change the method of linking to a file or directory, rather than the link itself. If you specify-HFlag, thenChmodCommand to prevent this method from being changed.
If you specify-HLogo and-RFlag,ChmodThe command recursively drops the specified directory in descending order, and does not change the file or directory to which the link points when a symbolic link is encountered.
Flag
-F |
Disable all error reports (except invalid permissions and usage statements ). |
-H |
It is prohibited to change the way the symbolic link points to a file or directory. Note: The mode bit cannot be set on the symbolic link.ChgrpAndChownCommand-HThe behavior of the flag is slightly different. |
-R |
Recursive descending directory only, as in the patternFile... | directory....-RTo change the path of each directory matching the specified mode and all files. See examples6. When a symbolic link points to a directory, you can change the file path of the directory without traversing the directory. |
Symbol Mode
To specify the flag format, you must specify three flag sets.
Note: Do not use spaces to separate the labels.
The First Flag sets the target user or denied the specified permission, as described below:
U |
File owner. |
G |
Inherent groups and extensions of file groupsACL. |
O |
All other entries. |
A |
Users, groups, and all other entries.AThe flag is specified togetherUgoThe logo has the same effect. If these labels are not specified, the default value isASign, and apply the file creation mask (Umask). |
The second flag set specifies whether to remove, apply, or set the permission:
- |
Remove the specified permission. |
+ |
The permission specified by the application. |
= |
Clear the selected permission field and set it to the specified permission. If you do not specify=Subsequent permission,ChmodCommand to remove all permissions from the selected field. |
The third Flag Set specifies the permission to be removed, applied, or set:
r |
read permission. |
W |
write permission. |
x |
permission for File Execution and permission for Directory Search. |
x |
if at least one user, group, or other execution bit is set for the current (unmodified) mode bit, the execution file is permitted. If the file parameter is specified and no execution bit is set in the current mode bit, the x flag is ignored. permission to search for directories. |
S |
If the U flag is specified or hidden, set the user identity permission for execution. If the G flag is specified or hidden, set the group identity permission during execution. |
T |
for a directory, only the file owner can link or cancel the link to the file in the specified directory. For files, it sets the Save-text attribute. |
Number or full Mode
ChmodThe command also allows you to use the octal notation for this method. A number is a summary of one or more of the following values:
4000 |
Set the user ID for execution. |
2000 |
Set the group ID for execution. |
1000 |
Set link permissions for directories or File SettingsSave-TextAttribute. |
0400 |
Allow the owner to read. |
0200 |
Allow the owner to write data. |
0100 |
Allow the owner to perform or search. |
0040 |
Allow Group read. |
0020 |
Allow group writing. |
0010 |
Allow group execution or search. |
0004 |
Allow others to read. |
0002 |
Allow others to write data. |
0001 |
Allow others to perform or search. |
Note:
1.Disable any extension in numeric ModeACL. See 《AIX 5l v5.2System User Guide 『Access Control ListTo obtain more information.
2.Changing access permissions with symbols also affects ExtensionACL. Same as all groups of FilesACLThe Group Entries in deny any permissions removed from the method. Refer 『Access control tableTo obtain more information.
3.You can specify multiple symbols separated by commas. Perform operations from left to right.
4.When you remove the group identity permission for execution from the directory, you must use symbols to specify this method or4Octal characters with zero line spacing (for example0755).
Security
Access control:ProgramIt should be installed as a normal user program in "trusted computing base.
Only the file owner orRootYou can change the file mode.
Exit status
This command returns the following export value:
0 |
The command has been successfully executed and all request changes have been executed. |
> 0 |
An error occurred. |
Example
1.Add the permission type to several files:
Chmod g + W chap1 chap2
This adds the write permission of the group members to the file.Chap1 AndChap2 .
2.You need to make several permission changes immediately:
Chmod go-W + x mydir
This rejects the Creation or Deletion of group members and others.Mydir (Go-W).Mydir Or in the path name (Go + x. This is equivalent to the command sequence:
Chmod g-W mydir
Chmod o-w mydir
Chmod g + x mydir
Chmod o + x mydir
3.To allow only the ownerShellThe procedure is used as a command:
Chmod u = rwx, go = cmd
This authorization file (U = rwx) The owner's permission to read, write, and execute. It also rejects groups and others in any way (Go =) AccessCMD .
IfCMD ShellCommand File Permission, you can run it by entering the following command:
CMD
Note: Depends onPath ShellVariable, you may need to specifyCMD File Path.
4.To use the set identity (Set-ID) Method:
Chmod ug + S cmd
In executionCMD Valid user IDs and group IDs are setCMD File owner. Only change and runCMD The valid identifier of the sub-process Association of the command.ShellThe valid session ID is retained.
This feature allows you to access restricted files. Assume thatCMD The program enables "set user identity ( Set-user-ID ) Method "and named DBMS . Actually, the user DBMS Not a single person, but may be associated with the database management system. User Betty Does not have access to any DBMS Data File Permission. However, she has CMD Command permission. When she does this, her valid user ID is temporarily changed DBMS , So CMD Programs can access users DBMS Data files.
In this way, the userBetty AvailableCMD Command to access the data file, but she is not using the standardShellCommands may be destroyed in other places.
5.To useChmodCommand Format:
Chmod 644 plain text
This sets the read and write permissions of the owner and sets the read-only mode for the group and other users. This also removes all extensions that may be associated with files.ACL.
6.Recursively descending directories and changing the file and directory permissions that give the tree structure:
./Dir1/dir2/file1
./Dir1/dir2/file2
./Dir1/file1
Enter the command sequence:
Chmod-r 777 f *
This will change./Dir1/file1.
However, for the following tree structure:
./Dir1/fdir2/file1
./Dir1/fdir2/file2
./Dir1/file3
Command sequence:
Chmod-r 777 f *
The following permissions will be changed:
./Dir1/fdir2
./Dir1/fdir2/file1
./Dir1/fdir2/file2
./Dir1/file3
File
/Usr/bin/chmod |
IncludeChmodCommand. |
"