Linux file permission management: file permission type, file permission influence, set file permission, cancel file permission

Philosophy of life 2020-11-09 13:13:38
linux file permission management file


One . About file permissions

Permissions protect the content of the owner of the file , You can also share content with specific users . Generally, setting permissions for files can achieve three effects :

  • ​ Only allow yourself access to
  • ​ Allow a specified user access to
  • ​ Allow all users access to

Two . View file permissions

1. Use ll You can view the file permissions

[root@node5 ~]# ll -h *.txt
-rw-r--r-- 1 root root 115 Oct 12 10:03 aaa.txt
-rw-r--r-- 1 root root 27K Oct 10 16:27 ceshi.txt
-rw-r--r-- 1 root root 1.2K Apr 3 2020 idea Shortcut key .txt
-rw-r--r-- 1 root root 16 Oct 10 16:35 test2.txt
-rw-r--r-- 1 root root 12 Oct 10 17:30 test.txt
-rw-r--r-- 1 root root 83 Oct 12 09:59 Test garbled files .txt
#-rw-r--r-- This is the description of the file permissions

2. The definition of file permission is shown in the figure below :

image-20201018005029886

image-20201018005115883

3、 ... and .linux The following common file types

1. The types of documents are as follows :

  • ​ p Indicates named pipe file
  • ​ d Represents a catalog file
  • ​ l Represents a symlink file
  • ​ - Represents a common file
  • ​ s Express socket Set of interface documents , For example, we enable mysql when , Will produce a mysql.sock file
  • ​ c Represents a character device file , example : Virtual console or tty0
  • ​ b Represents a block device file example : sda, cdrom

2. Common file types in the system

# Character device file
[root@node5 ~]# ll /dev/tty
crw-rw-rw- 1 root tty 5, 0 Oct 14 02:40 /dev/tty
# Block device file
[root@node5 ~]# ll /dev/sd*
brw-rw---- 1 root disk 8, 0 Oct 14 02:40 /dev/sda
brw-rw---- 1 root disk 8, 1 Oct 14 02:40 /dev/sda1
brw-rw---- 1 root disk 8, 2 Oct 14 02:40 /dev/sda2
brw-rw---- 1 root disk 8, 16 Oct 14 02:40 /dev/sdb
brw-rw---- 1 root disk 8, 17 Oct 14 02:40 /dev/sdb1
brw-rw---- 1 root disk 8, 18 Oct 14 02:40 /dev/sdb2
brw-rw---- 1 root disk 8, 21 Oct 14 02:40 /dev/sdb5
brw-rw---- 1 root disk 8, 22 Oct 14 02:40 /dev/sdb6
# Symbolic link file
[root@node5 ~]# ll /dev/cdrom
lrwxrwxrwx 1 root root 3 Oct 14 02:40 /dev/cdrom -> sr0
# Directory file
[root@node5 ~]# ll -d /
dr-xr-xr-x. 21 root root 4096 Oct 14 02:22 /
# Ordinary documents
[root@node5 ~]# ll /etc/hosts
-rw-r--r--. 1 root root 356 Apr 28 2019 /etc/hosts
# Socket file
[root@node5 ~]# ll /var/lib/gssproxy/default.sock
srw-rw-rw- 1 root root 0 Oct 14 02:40 /var/lib/gssproxy/default.sock

Four .linux Under the common file permissions

1.Linux Under the file permission type generally includes read , Write , perform , The corresponding letter is : r ,w,x.

2. For files :

  • ​ r: read
  • ​ w: Write
  • ​ x: perform

3. For directories :

  • ​ r: read ( Look at what's in the catalog ), ls
  • ​ w: Create a file in the directory , Delete , Move touch mkdir rm mv cp
  • ​ x: Get into cd cat

4. Common file permissions are as follows :

  • ​ rwx------: The file owner has access to the file 、 Write and execute permissions .
  • ​ rwxr-- r--: The file owner has read 、 Permission to write and execute , Users in the user group and other users have the right to read
  • ​ rw-rw-r-x: The file owner and the same group of users have read and write permissions to the file , Other users only have read and execute permissions .
  • ​ drwx--x—x: The directory owner has the right to read, write and enter the directory , Other users have access to the directory , You can't read any data .
  • ​ drwx------: Except that the directory owner has full permissions , Other users have no access to the directory at all .

5. Each user has its own directory , Usually placed in /home below

[root@node5 ~]# ll -h /home
total 4.0K
drwx------ 3 elk elk 120 Oct 14 01:42 elk
drwx------ 6 esnode esnode 4.0K Apr 27 14:27 esnode
drwx------ 2 nginx nginx 62 May 7 2019 nginx
drwx------ 3 www www 73 May 7 2019 www
notes :[rwx------] Represents the permissions owned by the directory owner himself , Other users cannot access ,root With the exception of

6. What user are you logged in as , Then the directory or file you create , Automatically becomes the owner of the file or directory

[root@node5 ~]# su - elk
Last login: Wed Oct 14 01:42:49 CST 2020 on pts/0
[elk@node5 ~]$ pwd
/home/elk
[elk@node5 ~]$ touch b.txt
[elk@node5 ~]$ ll b.txt
-rw-rw-r-- 1 elk elk 0 Oct 14 15:10 b.txt
[elk@node5 ~]$
[elk@node5 ~]$ exit
logout

5、 ... and . The impact of permissions on files and directories

jurisdiction Impact on documents Impact on catalog
r( Read ) Can read the contents of the file You can list the contents of the catalog ( file name ):ls
w( write in ) You can change the contents of the file You can create or delete any file in the directory :touch mkdir rm mv cp
x( perform ) Can be used as a command execution file You can access the contents of the directory ( Depends on the permissions of the files in the directory ):cd cat

6、 ... and . User classification of files

1. User classification of files :U( File owner )-G( User group )-O( Other users )

  • ​ owner : It's the user who created the file , This user has all rights to the files it creates , The owner can allow his user group to access the owner's files .
  • ​ User group : A user group is a logical set of users with the same characteristics , Sometimes we need to have multiple users with the same permissions , For example. 、 Modify the permissions of a file , One way is to authorize multiple users to access files , If there is 10 If it's a user , You need authorization 10 Time , Obviously, this method is not very reasonable ; Another way is to create a group , Let this group have the view 、 Modify the permissions of this file , Then put all the users who need to access the file into this group , Then all users have the same permissions as groups . This is the user group .
  • Other users : The other owner users in the system are other User class

7、 ... and . Change the owner and group of the file

1. The command is used to change the ownership of the file :
chown: Can be used to change files ( Or directory ) The owner of change owner
chgrp: Can be used to change files ( Or directory ) Default group of change group
If you want to operate on the directory , Add parameters -R

​ chown user:group filename such as :chown hr:san a.txt Change the file's owner and group to hr,san
​ chown user: filename such as :chown san: a.txt Automatically inherits all of this user's groups
​ chown user filename such as :chown san a.txt Change the owner of the document to san user
​ chown :group filename such as : chown :miao a.txt Change the genus group of the file to miao This group
​ chgrp hr filename such as : chgrp hr f.txt
​ -R : recursive ( Everything in the directory changes , Otherwise, just modify the directory )

[root@node5 ~]# ll -h *.txt
-rw-r--r-- 1 root root 115 Oct 12 10:03 aaa.txt
-rw-r--r-- 1 root root 115 Oct 14 16:54 bbb.txt
-rw-r--r-- 1 root root 115 Oct 14 16:54 ccc.txt
-rw-r--r-- 1 root root 115 Oct 14 16:55 ddd.txt
[root@node5 ~]# chown esnode aaa.txt
[root@node5 ~]# ll aaa.txt
-rw-r--r-- 1 esnode root 115 Oct 12 10:03 aaa.txt
[root@node5 ~]# chown esnode:esnode bbb.txt
[root@node5 ~]# ll bbb.txt
-rw-r--r-- 1 esnode esnode 115 Oct 14 16:54 bbb.txt
[root@node5 ~]# chown :logstash ccc.txt
[root@node5 ~]# ll ccc.txt
-rw-r--r-- 1 root logstash 115 Oct 14 16:54 ccc.txt
[root@node5 ~]# chown elk: ddd.txt
[root@node5 ~]# ll ddd.txt
-rw-r--r-- 1 elk elk 115 Oct 14 16:55 ddd.txt
[root@node5 ~]# cp ddd.txt eee.txt
[root@node5 ~]# ll eee.txt
-rw-r--r-- 1 root root 115 Oct 14 17:00 eee.txt
[root@node5 ~]# chgrp elk eee.txt
[root@node5 ~]# ll eee.txt
-rw-r--r-- 1 root elk 115 Oct 14 17:00 eee.txt

8、 ... and . One file cancels all permissions , Can the owner write this file ?

[root@node5 ~]# su - elk
Last login: Wed Oct 14 15:10:16 CST 2020 on pts/0
[elk@node5 ~]$ pwd
/home/elk
[elk@node5 ~]$ touch test.txt
[elk@node5 ~]$ echo "hello world ! " >> test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll -h
total 4.0K
-rw-rw-r-- 1 elk elk 15 Oct 14 19:17 test.txt
[elk@node5 ~]$ chmod 000 test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll -h
total 4.0K
---------- 1 elk elk 15 Oct 14 19:17 test.txt
[elk@node5 ~]$
[elk@node5 ~]$ echo 12 >> test.txt
-bash: test.txt: Permission denied
[elk@node5 ~]$ vim test.txt
[elk@node5 ~]$ cat test.txt
cat: test.txt: Permission denied
[elk@node5 ~]$ pwd
/home/elk
[elk@node5 ~]$ ls
test.txt
[elk@node5 ~]$ exit
logout
[root@node5 ~]# cat /home/elk/test.txt
hello world !
[root@node5 ~]# su - elk
Last login: Wed Oct 14 19:14:43 CST 2020 on pts/0
# Force to write
[elk@node5 ~]$ vim test.txt
qwe
qwe
"test.txt" 2L, 8C written
[elk@node5 ~]$
[elk@node5 ~]$ cat test.txt
cat: test.txt: Permission denied
[elk@node5 ~]$
[elk@node5 ~]$ exit
logout
[root@node5 ~]#
[root@node5 ~]# cat /home/elk/test.txt
qwe
qwe

Conclusion : The document owner must be able to write the document , It's like root It can be done to shadow Forced write , because shadow The owner of root.

Nine . Use characters to set permissions

1. Commands for modifying permissions :chmod, effect : Modify file , Directory permissions

2.chmod Command format for :

chmod [ To whom ] [ The operator ] [ What authority is given ] file name
To whom :
u----> user user, Represents the owner of a file or directory
g----> User group group, Represents the user group to which a file or directory belongs
o----> Other users others
a----> All users all
The operator :

+: Add permissions ,- : Reduce the permissions ;= : Give a permission directly
jurisdiction :r w x

Parameters describe
u-w Give the owner of the file the right to read
g+x Add execution rights to user groups
o=r Give other users the right to read
a+x Add the execution rights to all users
[root@node5 ~]# su - elk
[elk@node5 ~]$ touch test.txt
[elk@node5 ~]$ ll
total 0
-rw-rw-r-- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ chmod u-w test.txt
[elk@node5 ~]$ ll
total 0
-r--rw-r-- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ chmod o=w test.txt
[elk@node5 ~]$ ll
total 0
-r--rw--w- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ chmod u+wx test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll
total 0
-rwxrw--w- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ chmod g=- test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll
total 0
-rwx----w- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$
[elk@node5 ~]$ chmod a=r test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll
total 0
-r--r--r-- 1 elk elk 0 Oct 14 19:32 test.txt

Ten . Use octal (0-7) Number setting permissions

1. Octal representation

jurisdiction Binary value Octal value describe
--- 000 0 There are no permissions
--x 001 1 Only executive authority
-w- 010 2 Only write permission
-wx 011 3 Have write and execute permissions
r-- 100 4 Only read permission
r-x 101 5 Have read and execute permissions
rw- 110 6 Have read and write permissions
rwx 111 7 Have full authority

image-20201019143624993

2. Change the syntax of permissions :chmod 755 File or directory

chmod a=rwx b.txt Equivalent to chmod 777 b.txt

[root@node5 ~]# su - elk
Last login: Wed Oct 14 19:30:54 CST 2020 on pts/0
[elk@node5 ~]$ ll
total 0
-r--r--r-- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ chmod 755 test.txt
[elk@node5 ~]$ ll
total 0
-rwxr-xr-x 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$
[elk@node5 ~]$ chmod 700 test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll
total 0
-rwx------ 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ stat -c%a test.txt
700
[elk@node5 ~]$ stat -c%A test.txt
-rwx------

11、 ... and . Complement code umask

1. Why are the permissions of the files we create 644 Well ? How do we get the default permissions for creating files ?

​ answer :umask The command allows you to set the default mode for file creation , For each type of user ( File owner 、 When the user 、 Other users ) There is a corresponding umask The number in the value

word , When we log in to the system, creating a file will have a default permission , So how does this authority come from ? This is it. umask do .umask For setting

The default permissions for users to create files or directories ,umask It's about permissions “ Complement code ”, And we often use chmod The file permission code is set .

2. File default permissions =666 , Directory default permissions =777

3. Why files have less permissions than directories 1? x cd

4. We are usually in /etc/profile、$ [HOME]/.bash_profile or $[HOME]/.profile Set in umask value . permanent , Edit user profile vim

.bash_profile

[elk@node5 ~]$ cat /etc/profile
......
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi
......
[elk@node5 ~]$ id -gn
elk
[elk@node5 ~]$ id -un
elk
notes :UID Greater than 199 And the group name of the user is the same as the user name , that umask The value is 002, Otherwise 022.
notes : -gt stay shell Is greater than ; id -un Show user groups ID ,id -gn Show group name .

5. Set up umask Provisional entry into force

[root@node5 ~]# umask 044
[root@node5 ~]# touch b.txt
[root@node5 ~]# stat -c %a b.txt
622
[root@node5 ~]# ll b.txt
-rw--w--w- 1 root root 0 Jul 7 21:51 b.txt

6.umask The algorithm of permissions

The algorithm of permissions : Generally speaking : Directory default permissions -umask value

666-022=644

777-022=755

It's a good way to remember , But not exactly .

Interaction :umask Mask as 033 After creating a normal file , What is the authority ? 666-033=633 ( rw- -wx -wx) ?

[root@node5 ~]# umask 033
[root@node5 ~]# touch c.txt
[root@node5 ~]# ll c.txt
-rw-r--r-- 1 root root 0 Jul 7 21:54 c.txt
[root@node5 ~]# stat -c %a c.txt
644

Calculation method of authority science :
1、 Will default permissions ( Catalog 777, file 666) and umask Values are converted to 2 Base number
2、 Yes umask Take the opposite
3、 Will default permissions and umask Take the negative value to do and operation
4、 Convert the resulting binary value again 8 Base number , It's authority ,

example 1:umask by 022
6 6 6 umask 0 2 2
110 110 110 000 010 010 # Convert to binary
111 101 101 #umask Take the negative value
Do calculations
110 110 110
111 101 101
result
110 100 100 # Turn into 8 Base number 6 4 4

example 2: umask by 033 The result is : 644
6 6 6 umask 0 3 3
110 110 110 000 011 011 # Convert to binary
111 100 100 # umask Take the negative value
110 110 110 And # Default and permissions umask Take the negative value to do and operation
111 100 100 # umask Take the negative value
110 100 100
6 4 4 # Turn into 8 Base number

版权声明
本文为[Philosophy of life]所创,转载请带上原文链接,感谢

  1. 【计算机网络 12(1),尚学堂马士兵Java视频教程
  2. 【程序猿历程,史上最全的Java面试题集锦在这里
  3. 【程序猿历程(1),Javaweb视频教程百度云
  4. Notes on MySQL 45 lectures (1-7)
  5. [computer network 12 (1), Shang Xuetang Ma soldier java video tutorial
  6. The most complete collection of Java interview questions in history is here
  7. [process of program ape (1), JavaWeb video tutorial, baidu cloud
  8. Notes on MySQL 45 lectures (1-7)
  9. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  10. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  11. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  12. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  13. 【递归,Java传智播客笔记
  14. [recursion, Java intelligence podcast notes
  15. [adhere to painting for 386 days] the beginning of spring of 24 solar terms
  16. K8S系列第八篇(Service、EndPoints以及高可用kubeadm部署)
  17. K8s Series Part 8 (service, endpoints and high availability kubeadm deployment)
  18. 【重识 HTML (3),350道Java面试真题分享
  19. 【重识 HTML (2),Java并发编程必会的多线程你竟然还不会
  20. 【重识 HTML (1),二本Java小菜鸟4面字节跳动被秒成渣渣
  21. [re recognize HTML (3) and share 350 real Java interview questions
  22. [re recognize HTML (2). Multithreading is a must for Java Concurrent Programming. How dare you not
  23. [re recognize HTML (1), two Java rookies' 4-sided bytes beat and become slag in seconds
  24. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  25. RPC 1: how to develop RPC framework from scratch
  26. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  27. RPC 1: how to develop RPC framework from scratch
  28. 一次性捋清楚吧,对乱糟糟的,Spring事务扩展机制
  29. 一文彻底弄懂如何选择抽象类还是接口,连续四年百度Java岗必问面试题
  30. Redis常用命令
  31. 一双拖鞋引发的血案,狂神说Java系列笔记
  32. 一、mysql基础安装
  33. 一位程序员的独白:尽管我一生坎坷,Java框架面试基础
  34. Clear it all at once. For the messy, spring transaction extension mechanism
  35. A thorough understanding of how to choose abstract classes or interfaces, baidu Java post must ask interview questions for four consecutive years
  36. Redis common commands
  37. A pair of slippers triggered the murder, crazy God said java series notes
  38. 1、 MySQL basic installation
  39. Monologue of a programmer: despite my ups and downs in my life, Java framework is the foundation of interview
  40. 【大厂面试】三面三问Spring循环依赖,请一定要把这篇看完(建议收藏)
  41. 一线互联网企业中,springboot入门项目
  42. 一篇文带你入门SSM框架Spring开发,帮你快速拿Offer
  43. 【面试资料】Java全集、微服务、大数据、数据结构与算法、机器学习知识最全总结,283页pdf
  44. 【leetcode刷题】24.数组中重复的数字——Java版
  45. 【leetcode刷题】23.对称二叉树——Java版
  46. 【leetcode刷题】22.二叉树的中序遍历——Java版
  47. 【leetcode刷题】21.三数之和——Java版
  48. 【leetcode刷题】20.最长回文子串——Java版
  49. 【leetcode刷题】19.回文链表——Java版
  50. 【leetcode刷题】18.反转链表——Java版
  51. 【leetcode刷题】17.相交链表——Java&python版
  52. 【leetcode刷题】16.环形链表——Java版
  53. 【leetcode刷题】15.汉明距离——Java版
  54. 【leetcode刷题】14.找到所有数组中消失的数字——Java版
  55. 【leetcode刷题】13.比特位计数——Java版
  56. oracle控制用户权限命令
  57. 三年Java开发,继阿里,鲁班二期Java架构师
  58. Oracle必须要启动的服务
  59. 万字长文!深入剖析HashMap,Java基础笔试题大全带答案
  60. 一问Kafka就心慌?我却凭着这份,图灵学院vip课程百度云