Permission issues in linux

 

In linux, each file and directory has access permission to determine who can access and operate files and directories. File or directory access permissions are divided into read-only, write-only and executable.

 

When a file is created, the file owner automatically has the read, write, and executable permissions for the file to facilitate reading and modifying the file. You can also set the access permission to all combinations as needed.

 

There are three different types of users that can access files or directories: file owners, users in the same group, and other users. The owner is generally the creator of the file. The owner can allow users in the same group to access files and grant the file access permission to other users in the system. In this case, every user in the system can access the files or directories owned by this user.

 

Each file or directory has three groups of access permissions. Each group is represented by three digits, which are the read, write, and execution permissions of the file owner; the read, write, and execution permissions of users in the same group as the owner. The read, write, and execution permissions of other users in the system. When you use the ls-l command to display detailed information about a file or directory, the leftmost column is the file access permission.

 

Chmod command

 

The chmod command is very important for modifying the access permissions of files or directories. The user uses the user to control access to files or directories. This command has two usage methods: one is the text setting method that contains letters and operator expressions, and the other is the number setting method that contains numbers.

 

1. text setting method

Chmod [who] [+ |-| =] [mode] File Name?

 

The meaning of each option in the command is:

 

The operator who is one of the following letters or their combination:

 

U indicates "user", that is, the owner of a file or directory.

 

G indicates "group users", that is, all users with the same group ID as the file owner.

 

O indicates "Other (others) Users ".

 

A Indicates "all (all) Users ". It is the default value of the system.

 

　　　

 

The operation symbol can be:

 

+ Add a permission.

 

-Cancel a permission.

 

= Grant the given permission and cancel all other permissions (if any ).

 

Set the permissions indicated by mode to any combination of the following letters:

 

R readable.

 

W writable.

 

X executable.

 

X adds the x attribute only when the target file is executable to some users or the target file is a directory.

 

S sets the owner or group ID of the process to the file owner during file execution. In the format of "u + s" to set the user ID of the file, and "g + s" to set the group ID.

 

T save the program text to the switch device.

 

U and file owner have the same permissions.

 

Users in the same group of g and file owner have the same permissions.

 

O has the same permissions as other users.

 

File Name: list of files separated by spaces to change permissions. Wildcards are supported.

 

Multiple permission methods can be provided in a command line, separated by commas. Example: chmod g + r, o + r example

 

Grant the same group and other users the permission to read the file example.

 

2. Number setting method

First, we must understand the meaning of the property represented by numbers: 0 indicates no permission, 1 indicates executable permission, 2 indicates writable permission, 4 indicates readable permission, and then add it. Therefore, the format of the numeric attribute should be three Octal numbers from 0 to 7. The order is (u) (g) (o ).

 

For example, if you want the owner of a file to have the "read/write" permission, you need to set 4 (readable) + 2 (writable) to 6 (read/write ).

 

The number setting method is generally in the following format:

 

Chmod [mode] File Name?

 

 

 

 

 

(1) text setting method:

Example 1: $ chmod a + x sort

 

That is, set the property of the file sort:

 

File owner (u) adds execution permission

 

And file owner in the same group of users (g) to increase the execution permission

 

Other users (o) add execution Permissions

 

Example 2: $ chmod ug + w, o-x text

 

That is, set the text attribute of the file:

 

Add write permission to file owner (u)

 

Add write permission for users in the same group as the file owner (g)

 

Other users (o) delete execution Permissions

 

Example 3: $ chmod u + s a. out

 

Assume that after chmod is executed, the. out permission is (can use ls? L a. out command ):

 

? Rws-x 1 inin users 7192 Nov 4 a. out

 

In addition, this execution file uses a text file shiyan1.c, whose file access permission is "? Rw --- ", that is, only the owner of the file has read and write permissions.

 

When other users execute. when the program is out, his identity is changed to inin (because the s option is used in the chmod command) for the moment ), so he can read the shiyan1.c file (although this file is set to be not owned by others). This is the function of s.

 

Therefore, in the entire system, especially the root itself, it is best not to set too many files of this type (unless necessary) to ensure system security, avoid system intrusion due to bugs in some programs.

 

Example 4: $ chmod? X mm.txt

 

$ Chmod? X mm.txt

 

$ Chmod ugo? X mm.txt

 

The preceding three commands Delete the execution permission of the mm.txt file and set the object to all users.

 

(2) number setting method:

Example 1: $ chmod 644 mm.txt

 

$ Ls? L

 

Set the attributes of the file mm.txt:

 

-Rw-r-r-1 inin users 1155 Nov 5 mm.txt

 

File owner (u) inin has read and write permissions

 

Users in the same group as the file owner (g) have read permission

 

Others (o) have read permission

 

Example 2: $ chmod 750 wch.txt

 

$ Ls? L

 

-Rwxr-x-1 inin users 44137 Nov 12 wchtxt

 

That is, set the properties of the wchtxt file:

 

File owner (u) inin readable/writable/executable

 

Readable/executable permission of the same group (g) as the file owner

 

Others (o) do not have all Permissions

 

From suxiaxuhuanhuan's column