We already know the importance of file permissions to system security and the relationship between file permissions and users and user groups. How can we modify file permissions? How many file permissions can we modify? In fact, a file has a lot of permissions. Let's first introduce a few simple examples, such as user group, owner, and permissions for various identities.
• Chgrp: Change the user group to which the file belongs.
• Chown: Change the file owner.
• Chmod: changes the attributes and SUID of a file.
Change the user group to which the chgrp belongs.
It is easy to change the user group of a file. Use chgrp directly. This command is short for change group. This makes it easy to remember. However, remember that the name of the user group to be changed must exist in/etc/group. Otherwise, an error is displayed.
Assume that you have logged on to FC4 as the root user, so there is an install. log file in your home directory. How can you change the user group of this file? Suppose you already know that there is a user group named users in/etc/group, but the user group name testing does not exist in/etc/group, what happens when the user group is changed to users and testing? [Root @ linux ~] # Chgrp [-R] dirname/filename...
Parameters:
-R: Perform recursive changes, that is, all the files and directories under the subdirectory.
Are updated to this user group. It is often used to change a directory.
Example:
[Root @ linux ~] # Chgrp users install. log
[Root @ linux ~] # Ls-l
-Rw-r -- 1 root users 68495 Jun 25 install. log
[Root @ linux ~] # Chgrp testing install. log
Chgrp: invalid group name 'testing' <= error message ~ The user group name cannot be found ~
Found? The User Group of the file is changed to users, but an error occurs when the user group is changed to testing. Note: if an error message is displayed, check the content of the error message.
Change the file owner, chown
Then, how can we change the owner of a file? Very simple. Since the change User group is a change group, the change owner is the change owner ). This is the purpose of the chown command. Note that the user name must be logged in the/etc/passwd file.
Chown has many purposes. You can also directly modify the user group name. In addition, if you want to change the owner of all subdirectories or files under the directory, add the-R parameter directly. Let's take a look at the syntax and examples:
[Root @ linux ~] # Chown [-R] account name file or directory
[Root @ linux ~] # Chown [-R] Account name: User Group name file or directory
Parameters:
-R: Perform recursive changes, that is, all the files and directories under the subdirectory.
Are updated to this user group. It is often used to change a directory.
Example:
[Root @ linux ~] # Chown bin install. log
[Root @ linux ~] # Ls-l
-Rw-r -- 1 bin users 68495 Jun 25 install. log
[Root @ linux ~] # Chown root: root install. log
[Root @ linux ~] # Ls-l
-Rw-r -- 1 root 68495 Jun 25 08:53 install. log
We know how to change the user group and owner of a file. When should we use chown or chgrp? Maybe you think it's strange? Yes, sometimes it is necessary to change the owner of the file. The most common example is to use the simplest cp to explain when copying the file to another person:
[Root @ linux ~] # Cp
Suppose you want to copy the. bashrc file to. bashrc_test today and give it to the bin user. You can do this:
[Root @ linux ~] # Cp. bashrc. bashrc_test
[Root @ linux ~] # Ls-al. bashrc *
-Rw-r -- 1 root 395 Jul 4 :45. bashrc
-Rw-r -- 1 root 395 Jul 13 :31. bashrc_test
What should I do ?. Bashrc_test still belongs to the root user. As a result, even if the file is given to the bin user, it still cannot be modified (you can see the attributes). Therefore, you must modify the owner and user group of the file.
Change 9 attributes, chmod
The chmod command is used to change the file attributes. However, there are two ways to set the attributes: numbers or symbols.
• Change file permissions for numeric types
There are nine basic attributes of the Linux File, namely the read/write/excute attributes of the owner/group/others group. First, review the data mentioned above:
-Rwxrwxrwx
These nine attributes are a group of three. You can use numbers to represent each attribute. The attribute comparison table is as follows:
R: 4
W: 2
X: 1
The three attributes (r/w/x) of the same group (owner/group/others) need to be accumulated. For example, if the attribute is [-rwxrwx ---], it is:
Owner = rwx = 4 + 2 + 1 = 7
Group = rwx = 4 + 2 + 1 = 7
Others = --- = 0 + 0 + 0 = 0
Therefore, when the attribute is changed, the number of the attribute is 770. The syntax of the command chmod for changing properties is as follows:
[Root @ linux ~] # Chmod [-R] xyz file or directory
Parameters:
Xyz: The permission attribute of the numeric type just mentioned. It is the sum of the values of the rwx attribute.
-R: Perform recursive changes, that is, update all files and directories under the subdirectory to the user group. It is often used to change a directory.
For example, to open all attributes of the. bashrc file, run the following command:
[Root @ linux ~] # Ls-al. bashrc
-Rw-r -- 1 root 395 Jul 4 :45. bashrc
[Root @ linux ~] # Chmod 777. bashrc
[Root @ linux ~] # Ls-al. bashrc
-Rwxrwxrwx 1 root 395 Jul 4 :45. bashrc
Have you seen it? The property has changed. Because a file has three sets of attributes, we can find that the above 777 is three groups, and because we open all the attributes, so the numbers are added, that is, "r + w + x = 4 + 2 + 1 = 7 ".
If you want to change the attribute to "-rwxr-xr? [4 + 2 + 1] [4 + 0 + 1] [4 + 0 + 0] = 754. Therefore, you need to issue the command chmod 754 filename. The most common problem is that after we edit shell text files using vi, the attribute is usually-rw-, that is, the 666 attribute, if you want to change it to an executable file and do not want others to modify it, you need the 755 Attribute-rwxr-xr-x, so you need to use chmod 755 test. sh.
In addition, some files do not want to be viewed by others, such as-rwxr --. Therefore, use the command chmod 740 filename.
Example 3: Change the attributes of the. bashrc file back to the original-rw-r -.
A:
Chmod 644. bashrc
• Change file permissions by symbol type
There is also a way to change attributes. From the previous introduction, we can find that there are basically nine attributes, namely (1) user (2) group (3) others. We can use u, g, o to represent three sets of attributes. In addition, a indicates all, that is, all three groups. Read/write attributes can be written as r, w, and x. That is, you can use the following method:
Chmod u
G
O
A + (join)
-()
= (SET) r
W
X file or directory
If we want to "set" the attribute of a file to "-rwxr-xr-x", it is basically:
Administrative user (u): Has the readable, writable, and executable permissions.
Consumer group and others (g/o): have read and execution permissions.
So:
[Root @ linux ~] # Chmod u = rwx, go = rx. bashrc
# Note. The u = rwx, go = rx are connected together, and there is no space in the middle.
[Root @ linux ~] # Ls-al. bashrc
-Rwxr-xr-x 1 root 395 Jul 4 :45. bashrc
Note that r = rwx and og = rx are not separated by spaces. So, if it is "-rwxr-xr -"? You can use "chmod u = rwx, g = rx, o = r filename" to set it. In addition, if you do not know the original file attributes, but want to add the permission that can be written by everyone in the. bashrc file, you can use:
[Root @ linux ~] # Ls-al. bashrc
-Rwxr-xr-x 1 root 395 Jul 4 :45. bashrc
[Root @ linux ~] # Chmod a + w. bashrc
[Root @ linux ~] # Ls-al. bashrc
-Rwxrwxrwx 1 root 395 Jul 4 :45. bashrc
What if I want to remove the attribute without changing other attributes? For example, to remove the x attribute of all users:
[Root @ linux ~] # Chmod a-x. bashrc
[Root @ linux ~] # Ls-al. bashrc
-Rw-1 root 395 Jul 4 :45. bashrc
Do you know the differences between +,-, and =? + The property is "not changed" as long as it is a project that has not been specified in the "and-" state ". For example, in the above example, because only-removes x, the other two remain unchanged at that time. Exercise more and you will know how to change attributes. This is useful in some cases. For example, you want to teach a person how to give a program the permission to execute the file without knowing what the original permission is. At this time, use chmod a + x filename, this gives the program the execution permission. Very convenient.
Summary
The chmod command can change the permissions of all subdirectories. The following two methods are available:
Change the permission of a file: chmod mode file | dir
Change the permissions of all subdirectories: chmod mode dir-R. Note that the-R parameter is added.
The parameter is the permission mode = 777 or 752,666 ,,,
Mode, which indicates the permissions of owner, group, and others.
1 = x execute 2 = w write 4 = r read, for example, the owner has all permissions, 1 + 2 + 4 = 7,
For example, a group has read and execution permissions 1 + 4 = 5.
Change the owner of/his and all files and subdirectories to wang and the group to users.
$ Chown-R wang. users/his