Set permissions for directories and files under Linux

Source: Internet
Author: User
Tags readable

The chmod command can change permissions for all subdirectories, there are 2 ways
Change permissions for a file: chmod mode File|dir
To change permissions for all subdirectories: chmod mode dir-r Note that a-R parameter is appended
The parameter is the permission pattern mode = 777 or 752, 666,,
The three digits of mode, respectively, that represent the permissions that Owner,group,others has.
1 = x Do 2 = w Write 4 = R Read, for example owner has all permissions, 1+2+4=7,
Another example is the group has read and Execute permissions 1+4 = 5

Change the owner of the directory/his and all the files and subdirectories under it to Wang and change the group to users.
$ chown–r Wang.users/his

Uploaded a Wordpress, the online decompression found that the file did not write permission, so used chmod 777
FileName
But only changed the file, the file is still not write permission, online check,
Modify Linux File Permissions command: chmod
Usage: chmod XXX filename

XXX (owner \ Group user \ Other users)

x=4 permission to read
x=2 permission to write
Permissions performed by X=1

Common commands for modifying permissions:

sudo chmod 600xxx (only the owner has read and write permissions)
sudo chmod 644xxx (owner has read and write permissions, group user only Read permissions)
sudo chmod 700xxx (only the owner has read and write and Execute permissions)

sudo chmod 666xxx (everyone has access to read and write)

sudo chmod 777xxx (everyone has access to read and write and execute)

For example:
-rw-r–r–

Normal file file main group user other users
is the file sobsrc.tgz access, indicating that sobsrc.tgz is an ordinary file; sobsrc.tgz
The owner has read and write permission, and the user of the same group as the sobsrc.tgz is only reading, and the other user only has Read permission.
After determining the access rights for a file, the user can use the chmod command provided by the Linux system to reset the
Different access rights are determined. You can also use the Chown command to change the owner of a file or directory. Using CHGRP

command to change the user group for a file or directory.
These commands are described separately below.
chmod command

The chmod command is very important for changing the access rights of a file or directory. Users use it to control files or

Access rights for the record.
There are two ways to use this command. One is a text-setting method that contains letters and operator expressions, and the other is a number
The digital setting method.
1. Text Setting method
chmod [who] [+ | –| =] [mode] filename?

The meanings of the options in the command are:
Action object who is either or a combination of the following letters:
U means "user", which is the owner of the file or directory.
G means "same group user", that is, all users who have the same group ID as the file owner.
O means "other (others) users".
A means "all users". It is the system default value.

The

    action symbol can be:  
    + Add a permission.  
   -Cancels a permission.  
    = gives the given permission and cancels all other permissions, if any.  
    Setting the permissions represented by mode can be any combination of the following letters:  
    R is readable.  
    W writable.  
    x executable.  
    x Append the x attribute only if the destination file is executable to some users, or if the target file is a directory.  
    s The file owner of the process's owner or group ID that was placed on the file when it was executed. The way "U+s" sets the file   The user ID bit of
, "G+s" sets the group ID bit.  
    T Save the program's text to the swap device.  
    u has the same permissions as the owner of the file.  
    g has the same permissions as the user of the same group as the owner of the file.  
    O has the same permissions as other users.

File name: A list of files separated by spaces to change permissions, and wildcard characters are supported.
Multiple permission methods can be given in one command line, separated by commas. Example: chmod g+r,o+r
Example
Enables the same group and other users to have read access to the file example.
2. Digital Setting method
We must first understand the meaning of the attributes represented by numbers: 0 means no permissions, 1 means executable permissions, 2
Represents a writable permission, 4 represents a readable permission, and then it is added. So the format of the numeric attribute should be 3 from 0 to 7
Octal number, whose order is (U) (g) (O).
For example, if you want the owner of a file to have "read/write" Two permissions, you need to put 4 (readable) +2 (writable)
=6 (read/write).

The general form of the digital setting method is:
chmod [mode] file name?

Example:
(1) Text setting method:
Example 1:$ chmod a+x sort
The properties of the set file sort are:
File owner (u) Increased execution permissions

Increase execution rights with the owner of the file in the same group as the user (g)
Additional users (O) Increased execution permissions
Example 2:$ chmod ug+w,o-x text
The property of the set file text is:
File owner (u) Add Write permission
Add write permissions to the same group of users as the file owner (g)
Other users (O) Remove Execute permissions
Example 3:$ chmod u+s a.out
Assume that the permissions for a.out after executing chmod are (can be seen with the Ls–l a.out command):
-rws–x–x 1 inin users 7192 Nov 4 14:22 a.out
And this execution file to use a text file shiyan1.c, its file access permission is "-RW ——-",

That is, the file has read and write access only to its owner.
When other users execute a.out this program, his identity is temporarily changed to Inin due to this program (due to chmod
The S option is used in the command, so he is able to read the shiyan1.c file (although this file is set to
Other people do not have any permissions), this is the function of S.
Therefore, in the whole system, especially the root itself, it is best not to set too much of this type of file (unless required
To ensure the security of the system, to avoid the bug of some programs to allow the system to be compromised.
Example 4:$ chmod a-x mm.txt
$ chmod-x Mm.txt
$ chmod ugo-x Mm.txt
All of the above three commands delete the execution permission of the file Mm.txt, and it sets the object to be all the users.
(2) Digital setting Method:
Example 1:$ chmod 644 Mm.txt
$ ls-l
The properties of the set file Mm.txt are:
-rw-r–r–1 Inin Users 1155 Nov 5 11:22 Mm.txt
File owner (U) inin has read and write permissions
User with file owner (g) has Read access
Other people (O) have read access
Example 2:$ chmod wch.txt
$ ls-l
-rwxr-x-1 inin users 44137 Nov 9:22 wchtxt
That is, set wchtxt the properties of this file are:
File owner (U) inin readable/writable/executable rights
(g) readable/enforceable rights with the main group of files
Other people (O) do not have any permissions
CHGRP command

Function: Change the group to which the file or directory belongs.
Syntax: chgrp [option]group filename?
This command changes the user group to which the specified file belongs. Where group can be a user group ID, or it can be
The group name of the user group in the/etc/group file. File names are separated by spaces to change the list of files belonging to the group, support

A wildcard character. If the user is not the owner or superuser of the file, you cannot change the group of the file.
The options for the command mean:
-R recursively changes the genus of the specified directory and all subdirectories and files under it.

Example 1:$ chgrp–r Book/opt/local/book
Change the genus of all files under/opt/local/book/and its subdirectories as book.
Chown command
Function: Change a file or directory's owner and owner group. This command is also very common. For example, the root user
A copy of a file to the user Xu, in order for the user Xu to access this file, the root user should put this file
The owner is set to Xu, otherwise the user Xu cannot access the file.
Syntax: chown [options] User or group file
Description: Chown changes the owner of the specified file to the specified user or group. The user can be either a user name or a user ID.
A group can be either a group name or a group ID. The file is a space-separated list of files to change permissions, and wildcard characters are supported.

The options for this command have the following meanings:
-R recursively changes the owner of the specified directory and all subdirectories and files under it.
-V shows the work done by the Chown command.
Example 1: Change the owner of the file shiyan.c to Wang.
$ chown Wang Shiyan.c
Example 2: Change the owner of the directory/his and all files and subdirectories under it to Wang, and change the group to users.
$ chown–r Wang.users/his

Web directory and File security permissions settings under Linux
Under Linux, the Web directory and file permissions must consider the security of the system as a whole. In general, for directories,
You need to set R (read) and X (execute) permissions, some directories also need W (write permission), to the file, need R (read
Files require w (write) permissions or X (execute) permissions.
In a Linux system, use the command umask to set the default RWX permissions for creating a file or directory, the system default
The Umask setting is 022, and the calculation of this permission is equivalent to a mask of file and directory permissions, such as the directory created at this time
Permission 755 (rwxr-xr-x), its umask permission is equivalent to a mask of 022 relative 777;
The file permission is 644 (rw-r–r–), and its umask permission is equivalent to a mask of 022 relative 666.
Of course, such permission settings are not secure, different users on the same server (possibly the same or different users
Group)/Virtual host users can spy on each other's source code, the Umask value must be modified to be more stringent, so that in addition to
Root authority, not at random to each other to spy on other people's source code, database data and so on.
The Setup method is to remove the R (Read) permission from the same user group and other user groups by setting the directory permissions to
500 (read + execute) at the same time the file permission is 400 (read), at this time umask should be set to 277, set directory permissions
700 (read + Write + execute) at the same time the file permission is 500 (read + execute), at this time the umask should be set to 177.
For example, for the latter, we can use the command umask 177 to set the default directory under the current dialog, file creation rights
Limit, if you want to permanently set, you need to modify the/root/.bash_profile and all users home recording
. bash_profile file, change umask 022 to Umask 177.

From the above can be seen, if you want to set a more secure directory, file permissions, a few basic principles are:

1. Minimize the number of writable directories under the Web path.
2, file write and Execute permissions can only select one, to avoid simultaneous write and execute permissions.

Set permissions for directories and files under Linux

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.