Talking about Linux file permissions, that stuff.

• Full file rights
  • Show all rights to a file
  • Change the full rights of a file
• Permissions for files
  • Permissions to change files
    • Change with symbolic notation
    • Change with digital notation
  • Use Umask to specify default file permissions
• References

First we need to know that Linux's standard file permissions and security mechanisms are consistent with UNIX. So to learn this knowledge, we can take a look at Unix books.

Full file rights

In the Linux system. Everything is a document.

As a result, files include both normal and folder folders, and the following will no longer differentiate between files and folders.

When it comes to Linux file permissions (permission), we have to first talk about the full power of the file.

In a Linux system, there are two people in the file: the user All (U) and the group All (g). The entire group of files is independent of the user who owns the file. Other words
Most of the cases. The user group where all the files are located is the entire group of files, but this is not required. All users of a file do not necessarily belong to the entire group of files. There is no certain connection between the two. So suppose you give a group of files a certain permission, and it won't be given to all the users at the same time. Assuming that you want to implement this functionality, the best way to do this is to add all the users to the members of the group.

Show all rights to a file

Use ls -l all users and groups who can display the file:

$ ls- LDrwxr-XR- x 5Sun family4096Mar4  One: -Dir2 DRWXR-XR- x 3Sun family4096Mar4  One: +Dir3-RW- R--R-- 1Sun family711Mar4  One: +Exp-RWXR-XR- x 1Sun family5189Mar5  ,: -Feb

Change the full rights of a file

Suppose you want to change the file to the full right. Able to use chown and chgrp command. Chown (most of the cases.) Can only be used by the root user) can change one or more files of the user all:

    # chown sun hello.c

CHGRP can be used to change the user groups that a file or folder belongs to.

Permissions for files

Linux's permission settings for files are in fact very well understood. has r permission to read the file. View the contents of a file w , have permission to change the contents of a file, have x permissions, and the file is a binary executable file so you can run the file.

But for the folder, it is not so good to understand. Assuming that the user has permission to run () a folder x , he is able to CD to that folder, assuming that you want to list the files under that folder (that is, using ls commands). Then you must have read () permissions to the folder r . Let's say you just need to access the folder. Then you just need to have permission on that folder x . One thing to emphasize is that you use the ls -l command to display specific information about a file under a folder, but you do not have permission to run the folder at this time. Then you will get results such as the following:

    ?--------- ?  
 
    
 
 hello   c   
  
 - - - - - - - - -  ?   
 
 ? ? deb.txt ?--------- ? ? ? ? ? strip.c

You will find that only the name of the file is displayed in the results. All other information is basically?

。 In fact, this is due to the size of the file and other information needs to be inferred from the disk information, so you must have permission to run the folder ( x ), talent to make the -l option really effective.

Another point to note is that deleting a file does not require a write ( w ) permission on the file, only the write () permission on the folder is required w . In this case, however, you are prompted whether you want to overwrite the write protection settings for the file.

Permissions to change files

To change the permissions of a file, you can use the chmod command, and be careful not to confuse chown (the person who changed the file).

In fact, we can differentiate: chown is actually the shorthand for change owner. And chmod is actually "change mode."
(Change (access) mode) shorthand.

Change with symbolic notation

To join (using "+") The Write permissions of all users of the user can:

    $ chmod u+w hello.c

To deprive (using the "-") group of all the Read permission can be this:

    $ chmod g-r hello.c

To set the user to all who have specific permissions to be able to use "=":

    $ chmod u=rw hello.c

PS: It is necessary to note that here U represents the user as a whole. G for all of the group, O on behalf of other users, a on behalf of all users.

Change with digital notation

Before using it, we need to understand the principle of digital notation first. In numeric notation, it is set to 0 or 1, depending on whether each permission is licensed. and converts the resulting three-bit binary number to an octal number.

Combining the three octal numbers is a numeric representation of the file's permissions. The corresponding weight value of R is 4,w corresponding weight is 2,x corresponding weight value is 1.

	User	Group	Other
Permissions	R W X	R-x	R--
Binary	1 1 1	1 0 1	1 0 0
Octal	7	5	4
Numerical notation	754

After reading this form I think you should be broadly clear about the fundamentals of digital notation. Let's take a look at the following specific actions:

    $ 754 hello.c

Digital notation and symbolic notation each have advantages and disadvantages, the former use more concise, run a command can complete the results we want. The disadvantage is that such representations are not intuitive and obscure, while the latter is straightforward. Easy to understand, but not efficient to run, often need to run a few commands to achieve the results we want (assuming you want the results complex).

Use Umask to specify default file permissions

Speaking of digital notation, we have to mention an important command--umask command in Linux file management.

According to Wikipedia. The umask is a string of binary codes that allows the file creation permission to have an initial value. In this analogy, the mask code is equivalent to a final filter, each time the file is created, the corresponding permissions are stripped of the file. Whenever you create a file, the system will voluntarily set the file permissions for you according to the Umask code.

This permission is suppressed when the binary value of a permission is 1. For example, if the Umask code is 0022, here only the latter three bits 022 is what we need. The first bit is for special permission settings, which we do not discuss at this stage.

When you create a folder Exa, the permissions for that folder are calculated in the system: 777-022=755. For a file, the maximum value for this number is 6 each. The system does not agree that you give it permission to run when creating a text file, you must add this permission with the chmod command after creation. The folder agrees to set the run permissions. This is for folders. Each number in the umask can be up to 7.

    $ umask    0022    $ mkdir example    $ ls -ld example/    220140125374096Mar1212:02 example/

References

1. Robert love.linux system programming. 2014,5. People's post and telecommunications publishing house
2. Scott grannerman.linux Order Quick Check Manual, 2009.10. People's post and telecommunications publishing house
3. Aeleen Friscb.unix and Linux system Management, 2006.11. Tsinghua University Press
4. Wikipedia-umask.https://en.wikipedia.org/wiki/umask

5. uid=1919063545 "The role of the >umask command

This work is licensed using the Creative Commons Attribution-NonCommercial-sharing 4.0 International license agreement in the same way.

Talking about Linux file permissions, that stuff.