Run the command chmod to modify CentOS file permissions.
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞
In Linux, each file and directory has access permission to determine who can access and operate files and directories. File or directory access permissions are divided into read-only, write-only and executable. Taking a file as an example, the read-only permission indicates that only the content of the file can be read, and any changes to the file are prohibited. The executable permission indicates that the file can be executed as a program. When a file is created, the file owner automatically has the read, write, and executable permissions for the file to facilitate reading and modifying the file. Users can also grant access permission to each file and directory in Linux as needed, and use it to determine who can access and operate files and directories.
File or directory access permissions are divided into read-only, write-only and executable. Taking a file as an example, the read-only permission indicates that only the content of the file can be read, and any changes to the file are prohibited. The executable permission indicates that the file can be executed as a program. When a file is created, the file owner automatically has the read, write, and executable permissions for the file to facilitate reading and modifying the file. You can also set the access permission to any combination as needed.
There are three different types of users who can access files or directories: File owners, users in the same group and other users. The owner is generally the creator of the file. The owner can allow users in the same group to access files and grant the file access permission to other users in the system. In this case, every user in the system can access the files or directories owned by this user.
Each file or directory has three groups of access permissions. each group is represented by three digits, which are the read, write, and execution permissions of the file owner; the read, write, and execution permissions of users in the same group as the owner; the read, write, and execution permissions of other users in the system. When you use the ls-l command to display detailed information about a file or directory, the leftmost column lists the file access permissions. For example:
$ Ls-l sobsrc. tgz
-Rw-r -- 1 root 483997 Ju1 l5 17: 3l sobsrc. tgz
A horizontal line indicates an empty permit. R indicates read-only, w indicates write, and x indicates executable. Note that there are 10 locations in total. The first character specifies the file type. In general, a directory is also a file. If the first character is a horizontal line, it indicates a non-directory file. If it is d, it indicates a directory.
Common File main group users other users
Is the file sobsrc. the access permission of tgz, indicating sobsrc. tgz is a common file; sobsrc. the owner of tgz has the read and write permissions. users in the same group of tgz only have the read permission. other users only have the read permission.
After determining the access permission for a file, you can use the chmod command provided by Linux to reset different access permissions. You can also use the chown command to change the owner of a file or directory. Use the chgrp command to change the user group of a file or directory.
The following describes these commands.
The chmod command is very important for changing the access permissions of files or directories. You can use it to control access to files or directories.
This command can be used in two ways. One is the text setting method that contains letters and operator expressions, and the other is the number setting method that contains numbers.
1. text setting method
Chmod [who] [+ |-| =] [mode] file name limit
The meaning of each option in the command is:
The operator who is one of the following letters or their combination:
U indicates "user", that is, the owner of a file or directory.
G indicates "group users", that is, all users with the same group ID as the file owner.
O indicates "other (others) users ".
A indicates "all (all) users ". It is the default value of the system.
The operation symbol can be:
+ Add a permission.
-Cancel a permission.
= Grant the given permission and cancel all other permissions (if any ).
Set the permissions indicated by mode to any combination of the following letters:
X adds the x attribute only when the target file is executable to some users or the target file is a directory.
S sets the owner or group ID of the process to the file owner during File execution. In the format of "u + s" to set the user ID of the file, and "g + s" to set the group ID.
T save the program text to the swap device.
U has the same permissions as the file owner.
G. users in the same group have the same permissions as file owners.
O has the same permissions as other users.
File name: List of files separated by spaces to change permissions. wildcards are supported.
Multiple permission methods can be provided in a command line, separated by commas. Example: chmod g + r, o + r example
Grant the same group and other users the permission to read the file example.
2. number setting method
First, we must understand the meaning of the property represented by numbers: 0 indicates no permission, 1 indicates executable permission, 2 indicates writable permission, 4 indicates readable permission, and then add it. Therefore, the format of the numeric attribute should be three octal numbers from 0 to 7. The order is (u) (g) (o ).
For example, if you want the owner of a file to have the "read/write" permission, you need to set 4 (readable) + 2 (writable) to 6 (read/write ).
The number setting method is generally in the following format:
Chmod [mode] file name success
(1) text setting method:
Example 1: $ chmod a + x sort
That is, set the property of the file sort:
File owner (u) adds execution permission
Add execution permission for users in the same group as the file owner (g)
Other users (o) add execution permissions
Example 2: $ chmod ug + w, o-x text
That is, set the text attribute of the file:
Add write permission to file owner (u)
Add write permission for users in the same group as the file owner (g)
Other users (o) delete execution permissions
Example 3: $ chmod u + s a. out
Assume that the permission for a. out after chmod is executed is (you can use the ls-l a. out command to view the permission ):
-Rws -- x 1 inin users 7192 Nov 4 14:22 a. out
In addition, this execution file uses a text file shiyan1.c with the "-rw -------" access permission, that is, only the owner of the file has the read and write permissions.
When other users execute. when the program is out, his identity is changed to inin (because the s option is used in the chmod command) for the moment ), therefore, he can read the shiyan1.c File (although this file is set to be inaccessible to others), which is the function of s.
Therefore, in the entire system, especially the root itself, it is best not to set too many files of this type (unless necessary) to ensure system security, avoid system intrusion due to bugs in some programs.
Example 4: $ chmod a-x mm.txt
$ Chmod-x mm.txt
$ Chmod ugo-x mm.txt
The preceding three commands delete the execution permission of the mm.txt file, and set the object to all users.
(2) number setting method:
Example 1: $ chmod 644 mm.txt
Set the attributes of the file mm.txt:
-Rw-r -- 1 inin users 1155 Nov 5 mm.txt
File owner (u) inin has read and write permissions
Users in the same group as the file owner (g) have read permission
Others (o) have read permission
Example 2: $ chmod 750 wch.txt
-Rwxr-x --- 1 inin users 44137 Nov 12 9:22 wchtxt
That is, set the properties of the wchtxt file:
File owner (u) inin readable/writable/executable
Readable/executable permission of persons in the same group as the file owner
Others (o) do not have any permissions
Function: change the group to which a file or directory belongs.
Syntax: chgrp [option] group filename limit
This command changes the user group to which the specified file belongs. The group can be either the user group ID or the group name of the user group in the/etc/group file. A file name is a list of files separated by spaces to change the group. wildcards are supported. If the user is not the owner or super user of the file, the file group cannot be changed.
The options of this command are as follows:
-R recursively changes the group of all subdirectories and files in a specified directory.
Example 1: $ chgrp-R book/opt/local/book
Change the owner group of all files in/opt/local/book/and its subdirectories to book.
Function: modify the owner and group of a file or directory. This command is also very common. For example, if the root user copies a file to xu, the root user should set the owner of the file to xu to allow xu to access the file. otherwise, user xu cannot access this file.
Syntax: chown [option] user or group file
Note: chown will change the owner of a specified file to a specified user or group. Users can be user names or user IDs. A group can be a group name or group ID. Files are separated by spaces to change the permission list. wildcards are supported.
The options of this command are as follows:
-R recursively changes the owner of all subdirectories and files under a specified directory.
-V: displays the work done by the chown command.
Example 1: Change the owner of the shiyan. c file to wang.
$ Chown wang shiyan. c
Example 2: Change the owner of the directory/his and all files and subdirectories to wang and the group to users.
$ Chown-R wang. users/hisThat which didn't kill me makes me stronger
This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or
reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or
complaint, to email@example.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
and provide relevant evidence. A staff member will contact you within 5 working days.