How to change file attributes and permissions
We now know the importance of file permissions to the security of a system and the relevance of file permissions to users and groups. How can we modify the attributes and permissions of a file? Again! How many file permissions can we modify? In fact, a file has many attributes and permissions! We will first introduce several commands that are commonly used to modify permissions of groups, owners, and various identities, as shown below:
- Chgrp: Change the group to which the file belongs
- Chown: Change the file owner
- Chmod: changes the file permissions, SUID, SGID, sbit, and other features
Change Group: chgrp
It's really easy to change the group of a file. Just change it with chgrp, thanks! This command is the abbreviation of change group! This is easy to remember! ^_^. However, remember that the group name to be changed must be in/Etc/groupThe file exists. Otherwise, an error is displayed!
Assume that you are logged on to the Linux system as the root user, so there is an install. log file in your home directory. How can you change the group of the file? Suppose you already know that there is a group named users in/etc/group, but the group name testing does not exist in/etc/group, in this case, what happens when the group is changed to users and testing?
[Root @ WWW ~] # Chgrp [-R] Dirname /Filename... options and parameters: - R: Perform recursive changes, that is, update all files and directories under the sub-directory to the group. It is often used to change all files in a directory. Example: [root @ WWW ~] # Chgrp Users Install . Log [root @ WWW ~] # Ls - L -RW-r -- 1 Root users 68495 Jun 25 08 : 53 Install . Log [root @ WWW ~] # Chgrp Testing Install . Log Chgrp : Invalid Group name 'testing ' <= Error message ~ The group name cannot be found ~
Found? The file group is changed to users, but an error occurs when the file group is changed to testing ~ Note! When an error message occurs, you must check the content of the error message! When he translates English into Chinese, he will know where the problem is.
Change the file owner: chown
How can I change the owner of a file? Very easy! Since the change group is a change group, the change owner is the change owner! Bingo! That is the purpose of the CHOWN command. Note that the user must be an account that already exists in the system, that is/Etc/passwdOnly recorded user names in this file can be changed.
Chown has many functions. He can also directly modify the group name by the way! In addition,If you want to change the file owner at the same time for all directories or files under the connected directory, add-r directly.! Let's take a look at the syntax and examples:
[Root @ WWW ~] # Chown [- R] account name file or directory [root @ WWW ~] # Chown [- R] Account name: group name file or directory options and parameters: - R: Perform recursive changes. For example, change the owner of Install. log to bin account: [root @ WWW ~] # Chown Bin Install . Log [root @ WWW ~] # Ls - L -RW-r -- 1 Bin users 68495 Jun 25 08 : 53 Install . Log example: Change the owner and group of Install. log to root: [root @ WWW ~] # Chown Root: Root Install . Log [root @ WWW ~] # Ls - L -RW-r -- 1 Root68495 Jun 25 08 : 53 Install . Log
I know how to change the group and owner of a file. When should I use chown or chgrp? Maybe you think it's strange? Yes, sometimes it is necessary to change the owner of a file. The most common example is to use the simplest CP command to explain when copying a file to someone other than you:
[Root @ WWW ~] #CPSource File target file
Suppose you want to copy the. bashrc file to the. bashrc_test file today and give it to the bin user. You can do this.
[Root @ WWW ~] #CP. Bashrc. bashrc_test [root @ WWW~] #Ls-Al. bashrc *-RW-r --1Root395Jul4 11:45. Bashrc-RW-r --1Root395Jul13 11:31. Bashrc_test <= the attributes of the new file remain unchanged.
Because the copy action (CP) will copy the attributes and permissions of the performer, so! What should I do ?. Bashrc_test is owned by the root user. As a result, even if you give the file to the bin user, it still cannot be modified (you can see the attributes/permissions ), therefore, you must modify the owner and group of the file!
Change permission: chmod
The chmod command is used to change the File Permission. However, there are two methods to set the permission: numbers or symbols. Let's talk about it:
Change file permissions for numeric types
There are nine basic permissions for Linux Files: Owner, group, and others. Each of the three identities has its own read, write, and execute permissions. First, review the data mentioned above:
The File Permission character is :『-Rwxrwxrwx", These nine permissions are set by three or three! Here, we can use numbers to represent each permission. The score of each permission is as follows:
R:4W:2X:1
The three permissions (R/W/X) of each identity (owner/group/others) must be accumulated. For example, when the permission is: [-rwxrwx ---] The score is:
Owner = rwx = 4 + 2 + 1 = 7
Group = rwx = 4 + 2 + 1 = 7
Others = --- = 0 + 0 + 0 = 0
So when we change the permission settings, the permission number for this file is 770! The command chmod syntax for permission change is as follows:
[Root @ WWW ~] #Chmod[-R] xyz file or directory option and parameter: XYZ: The permission attribute of the numeric type just mentioned, which is the sum of the values of the rwx attribute.-R: Perform recursive changes, that is, all files under the directory will be changed together.
For example, if you want to enable all the permissions of the. bashrc file, grant the following permissions:
[root @ WWW ~] # ls - Al. bashrc -RW-r -- 1 root Root 395 Jul 4 11 : 45 . bashrc [root @ WWW ~] # chmod 777 . bashrc [root @ WWW ~] # ls - Al. bashrc -rwxrwxrwx 1 root Root 395 Jul 4 11 : 45 . bashrc
What if I want to change the permission to "-rwxr-XR? Then the permission score is [4 + 2 + 1] [4 + 0 + 1] [4 + 0 + 0] = 754 hello! Therefore, you need to issue "chmod 754 FILENAME 』. In addition, the most common problem in the actual system operation is that after we edit a shell text batch file using vim, the permission is usually-RW-r -- that is, 664. If you want to change the file to an executable file and do not allow others to modify the file, therefore, you need to grant permissions such as-rwxr-XR-X. In this case, you must grant the following permissions: "chmod 755 test. sh command! In addition, if you do not want to see some files, set the File Permission to "-rwxr -----" for example. Then, issue "chmod 740 FILENAME!
Change file permissions by symbol type
There is another way to change permissions! From the previous introduction, we can find that the nine permissions are (1) user (2) group (3) others! Then we can use U, G, O to represent the permissions of three identities! In addition, a represents all, that is, all identities! Then the read and write permissions can be written as R, W, X! That is to say, you can use the following method:
U +RChmodG-WFile or directory o=X
Let's implement it! If we want to "set" the permission for a file to become "-rwxr-XR-X", it is basically:
User (u): Has the readable, writable, and executable permissions;
Group and others (G/O): have the permission to read and execute.
So:
[Root @ WWW ~] #ChmodU = rwx, go = Rx. bashrc
# Note! The U = rwx, go = RX are connected together, and there is no space in the middle!
[Root @ WWW ~] #Ls-Al. bashrc-Rwxr-XR-x1Root395Jul4 11:45. Bashrc
What if the permission is "-rwxr-XR? You can use "chmod u = rwx, G = RX, O = r FILENAME" to set it. In addition, if I don't know the attributes of the original file, and I just want to add the permission that everyone in the. bashrc file can write, then I can use:
[Root @ WWW ~] #Ls-Al. bashrc-Rwxr-XR-x1Root395Jul4 11:45. Bashrc [root @ WWW~] #ChmodA +W. Bashrc [root @ WWW~] #Ls-Al. bashrc-Rwxrwxrwx1Root395Jul4 11:45. Bashrc
What if you want to remove the permission without changing other existing permissions? For example, to remove the executable permissions of all users:
[Root @ WWW ~] #ChmodA-X. bashrc [root @ WWW~] #Ls-Al. bashrc-RW-1Root395Jul4 11:45. Bashrc
Do you know the difference between +,-, and =? Yes! + In the "and-" status, the permission is "not changed" as long as it is a project that has not been specified. For example, in the preceding example, because only-remove X is used, the other two remain unchanged! If you perform more operations, you will know how to change the permissions! This is useful in some situations ~ For example, you want to teach a friend howProgramYou can have the execution permission, but you do not know the original permission of the file. Now, you can use "chmod A + x FILENAME" to grant the execution permission to the program. Is it convenient?