Linux Ugo Permissions

The ugo permission of files in the Linux system is the basic way for Linux to manage permissions. This article will introduce the basic concepts of ugo permissions.
Note: The demo environment of this article is ubuntu 16.04.

Owner and group of the file
The ugo permissions of Linux files divide visitors to the files into three categories: file owner, group, and others. The so-called ugo refers to the first letter combination of the three words user (also called owner), group and other.

The owner of the file
The owner of a file is generally the user who created the file, and has full permissions on the file. On a Linux host that allows multiple users to access it, a file can be distinguished as belonging to a user by the owner of the file. Of course, a user has no right to view or modify other users' files.

The group the file belongs to
If several users are cooperating to develop the same project, it would be too inconvenient if each user can only view and modify the files he created, and there is no cooperation. Therefore, a mechanism is needed to allow a user to view and modify other users' files. At this time, the concept of groups is used. We can create a group, and then add all users who need to cooperate in this group. When setting file access permissions, users in this group are allowed to read and modify the file.

other people
What if I want to share a file with all users in the system? The group method is obviously inappropriate, because all users in the system need to be added to a group. And what should I do if a new user is added to the system? Will he be added to this group every time a new user is added? This problem can be solved by other people's concepts. When setting file access permissions, other users are allowed to read and modify the file.

Permission information in file attributes
Use the ll command to view the attribute information of the file:


The first group specifies the file type and ugo permission information.
The second group is the reference count of the file.
The third group is the owner of the file.
The fourth group is the group to which the file belongs.
We will ignore other information temporarily.

file type
The first character of the first group describes the type of the file. Common types are as follows:

d means directory
-Represents normal files
l means link file
b represents the block device file
c represents the character device file
s means socket file
Ugo permission information of the file
The first group of information has 10 characters, except for the first character representing the file type, the other 9 characters represent the ugo permission information of the file:


These 9 characters are a group of three, which are all combinations of rwx or -. Among them, r stands for read, w stands for write, and x stands for execute. The position of these three permissions will not change. If there is no corresponding permission, it will be replaced with-(minus sign).
As shown, the first group is the authority of the file owner, the second group is the authority of the group to which the file belongs, and the third group is the authority of others. Its specific meaning is: the owner of the file has the permission to read and write the file, the users of the group to which the file belongs have the permission to read and write the file, and others only have the permission to read the file.

Let us explain in detail the permissions for read and write execution.

r (read): You can read the actual content of the file, such as reading the text in a text file.
w (write): You can edit, add, delete the content of the file (but not delete the file).
x (execute): The file has the permission to be executed by the system.
It can be seen that, for files, rwx mainly focuses on the content of files.

For directories, what is stored in a directory is mainly a list of file names in the directory, which is somewhat different from ordinary files:
r (read contents in directory)
It means that you have the permission to read the file names in the directory, which means you can query the list of files in the directory through the ls command.
For example, we use user nick to create a directory testdir and create two files in this directory. At this time, the permissions of testdir are:


Others have r permissions, so you can view the files in this directory through the ls command, here we view through the tester user:


Then we modify the permissions of the directory:


Now that other people don’t have the r permission on this directory, let the user tester execute the ls command to try:


Now other people have no permission to view the file names in the directory.

w (modify contents of directory)
Having the w permission means that you can perform the following operations in this directory:

Create new files and directories
Delete existing files and directories (regardless of the permissions of the file!)
Rename an existing file or directory
Move the location of files and directories in the directory.
x (access directory)
Although the directory cannot be executed, it has the permission to execute it. The x permission of the directory indicates whether the user can enter the target and become the current working directory. Note that if the user does not have x permission on the directory, he cannot view the contents of the files in the directory (note the difference with r permission). For example, we remove the x permission on the testdir directory:


At this time, although other people have the permission to read the testfile1 file, when we use the tester user to read its contents:


Prompt that there is no permission, the reason is that we removed the x permission of the testdir directory. Therefore, if you want to allow the directory to be browsed by others, you must at least give r and x permissions.

The owner of the file
The third group of information shows the owner of the file. The owner of the file shown in the picture is nick. The owner of a file is generally the user who created the file, and has full permissions on the file.

The group the file belongs to
The fourth group of information shows the group to which the file belongs. When we create a user through the adduser command, we generally create a group with the same name, and the user belongs to the group with the same name (for example, the user nick on the author's machine belongs to the nick group). When we create files and directories, the group they belong to by default is the group of the owner.

Save files of users and groups
User and group information are recorded in the /etc/passwd and /etc/group files respectively. You can view its content directly by reading a text file:


The contents of these two files are accessible to anyone. For example, the contents of the /etc/passwd file are as follows:


The figure only shows some user information, and each row represents a user. The structure of the /etc/group file is similar to the structure of the /etc/passwd file.

Basic operation
When creating a new file, the default permissions will be generated for the file based on the identity of the creator and some other settings. For example, the file testfile that we see in all aspects:


Next, we introduce how to modify the information related to file permissions through the following commands:

chown: change file owner
chgrp: change the group to which the file belongs
chmod: change file permissions
Change file owner
The owner of the file can be changed through the chown command:

$ sudo chown tester testfile

Change the group the file belongs to
The group to which a file belongs can be changed through the chgrp command:


Change file permissions
The file permissions can be changed through the chmod command. For the rwx permissions of a file, there are two ways of representing it, numerical representation and character representation.
The way of expressing permissions in numbers is as follows:
r: 4
w: 2
x: 1
If it is rwx, the permission is 4 + 2 + 1 = 7, r-x is 4 + 1 = 5, and --- is 0. So rw-rw-r-- can be represented by 664. If we want to modify the file permissions to rwxrwxrwx, we can use the following command:

$ chmod 777 testfile

The way of expressing permissions in characters is as follows:
Use the characters u, g, and o to represent the file owner (user), the group to which the file belongs, and other people (other). This is the origin of the ugo permission. But there is another a that can represent all identities (all). The specific syntax for changing permissions is as follows:
chmod [u g o a] [+-=] [rwx] file/directory
For example, we can set the permission of testfile back to rw-rw-r-- through the following command:

$ chmod ug=rw,o=r testfile

If you want to remove the w permission of the group and add x permission to others, you can execute the following command:

$ chmod g-w,o+x testfile

We can also set permissions for all identities through a, such as rwx:

$ chmod a=rwx testfile

to sum up
Ugo permissions are the basis for learning and using Linux systems. This article only introduces the most basic concepts and operations. I hope it can help you understand Linux permissions and its simple operations.

reference:
File permissions and directory configuration of Niaoge Linux
Linux file permissions [basic permissions ugo]
chown man page
chgrp man page
chmod man page

Alibaba Cloud Hot Products
Elastic Compute Service (ECS)	Dedicated Host (DDH)	ApsaraDB RDS for MySQL (RDS)	ApsaraDB for PolarDB(PolarDB)	AnalyticDB for PostgreSQL (ADB for PG)
AnalyticDB for MySQL(ADB for MySQL)	Data Transmission Service (DTS)	Server Load Balancer (SLB)	Global Accelerator (GA)	Cloud Enterprise Network (CEN)
Object Storage Service (OSS)	Content Delivery Network (CDN)	Short Message Service (SMS)	Container Service for Kubernetes (ACK)	Data Lake Analytics (DLA)
ApsaraDB for Redis (Redis)	ApsaraDB for MongoDB (MongoDB)	NAT Gateway	VPN Gateway	Cloud Firewall
Anti-DDoS	Web Application Firewall (WAF)	Log Service	DataWorks	MaxCompute
Elastic MapReduce (EMR)	Elasticsearch