Linux file permission management: file permission type, file permission influence, set file permission, cancel file permission

Catalog

• One . About file permissions
• Two . View file permissions
• 3、 ... and .linux The following common file types
• Four .linux Under the common file permissions
• 5、 ... and . The impact of permissions on files and directories
• 6、 ... and . User classification of files
• 7、 ... and . Change the owner and group of the file
• 8、 ... and . One file cancels all permissions , Can the owner write this file ？
• Nine . Use characters to set permissions
• Ten . Use octal （0-7） Number setting permissions
• 11、 ... and . Complement code umask

One . About file permissions

Permissions protect the content of the owner of the file , You can also share content with specific users . Generally, setting permissions for files can achieve three effects ：

• ​ Only allow yourself access to
• ​ Allow a specified user access to
• ​ Allow all users access to

Two . View file permissions

1. Use ll You can view the file permissions

[root@node5 ~]# ll -h *.txt
-rw-r--r-- 1 root root 115 Oct 12 10:03 aaa.txt
-rw-r--r-- 1 root root 27K Oct 10 16:27 ceshi.txt
-rw-r--r-- 1 root root 1.2K Apr 3 2020 idea Shortcut key .txt
-rw-r--r-- 1 root root 16 Oct 10 16:35 test2.txt
-rw-r--r-- 1 root root 12 Oct 10 17:30 test.txt
-rw-r--r-- 1 root root 83 Oct 12 09:59 Test garbled files .txt
#-rw-r--r-- This is the description of the file permissions

2. The definition of file permission is shown in the figure below ：

3、 ... and .linux The following common file types

1. The types of documents are as follows ：

• ​ p Indicates named pipe file
• ​ d Represents a catalog file
• ​ l Represents a symlink file
• ​ - Represents a common file
• ​ s Express socket Set of interface documents , For example, we enable mysql when , Will produce a mysql.sock file
• ​ c Represents a character device file , example ： Virtual console or tty0
• ​ b Represents a block device file example ： sda, cdrom

2. Common file types in the system

# Character device file
[root@node5 ~]# ll /dev/tty
crw-rw-rw- 1 root tty 5, 0 Oct 14 02:40 /dev/tty
# Block device file
[root@node5 ~]# ll /dev/sd*
brw-rw---- 1 root disk 8, 0 Oct 14 02:40 /dev/sda
brw-rw---- 1 root disk 8, 1 Oct 14 02:40 /dev/sda1
brw-rw---- 1 root disk 8, 2 Oct 14 02:40 /dev/sda2
brw-rw---- 1 root disk 8, 16 Oct 14 02:40 /dev/sdb
brw-rw---- 1 root disk 8, 17 Oct 14 02:40 /dev/sdb1
brw-rw---- 1 root disk 8, 18 Oct 14 02:40 /dev/sdb2
brw-rw---- 1 root disk 8, 21 Oct 14 02:40 /dev/sdb5
brw-rw---- 1 root disk 8, 22 Oct 14 02:40 /dev/sdb6
# Symbolic link file
[root@node5 ~]# ll /dev/cdrom
lrwxrwxrwx 1 root root 3 Oct 14 02:40 /dev/cdrom -> sr0
# Directory file
[root@node5 ~]# ll -d /
dr-xr-xr-x. 21 root root 4096 Oct 14 02:22 /
# Ordinary documents
[root@node5 ~]# ll /etc/hosts
-rw-r--r--. 1 root root 356 Apr 28 2019 /etc/hosts
# Socket file
[root@node5 ~]# ll /var/lib/gssproxy/default.sock
srw-rw-rw- 1 root root 0 Oct 14 02:40 /var/lib/gssproxy/default.sock

Four .linux Under the common file permissions

1.Linux Under the file permission type generally includes read , Write , perform , The corresponding letter is : r ,w,x.

2. For files ：

• ​ r： read
• ​ w： Write
• ​ x： perform

3. For directories ：

• ​ r： read （ Look at what's in the catalog ）, ls
• ​ w： Create a file in the directory , Delete , Move touch mkdir rm mv cp
• ​ x： Get into cd cat

4. Common file permissions are as follows ：

• ​ rwx------： The file owner has access to the file 、 Write and execute permissions .
• ​ rwxr-- r--： The file owner has read 、 Permission to write and execute , Users in the user group and other users have the right to read
• ​ rw-rw-r-x： The file owner and the same group of users have read and write permissions to the file , Other users only have read and execute permissions .
• ​ drwx--x—x： The directory owner has the right to read, write and enter the directory , Other users have access to the directory , You can't read any data .
• ​ drwx------： Except that the directory owner has full permissions , Other users have no access to the directory at all .

5. Each user has its own directory , Usually placed in /home below

[root@node5 ~]# ll -h /home
total 4.0K
drwx------ 3 elk elk 120 Oct 14 01:42 elk
drwx------ 6 esnode esnode 4.0K Apr 27 14:27 esnode
drwx------ 2 nginx nginx 62 May 7 2019 nginx
drwx------ 3 www www 73 May 7 2019 www
notes ：[rwx------] Represents the permissions owned by the directory owner himself , Other users cannot access ,root With the exception of

6. What user are you logged in as , Then the directory or file you create , Automatically becomes the owner of the file or directory

[root@node5 ~]# su - elk
Last login: Wed Oct 14 01:42:49 CST 2020 on pts/0
[elk@node5 ~]$ pwd
/home/elk
[elk@node5 ~]$ touch b.txt
[elk@node5 ~]$ ll b.txt
-rw-rw-r-- 1 elk elk 0 Oct 14 15:10 b.txt
[elk@node5 ~]$
[elk@node5 ~]$ exit
logout

5、 ... and . The impact of permissions on files and directories

jurisdiction	Impact on documents	Impact on catalog
r( Read )	Can read the contents of the file	You can list the contents of the catalog （ file name ）:ls
w( write in )	You can change the contents of the file	You can create or delete any file in the directory :touch mkdir rm mv cp
x( perform )	Can be used as a command execution file	You can access the contents of the directory （ Depends on the permissions of the files in the directory ）:cd cat

6、 ... and . User classification of files

1. User classification of files ：U（ File owner ）-G（ User group ）-O（ Other users ）

• ​ owner ： It's the user who created the file , This user has all rights to the files it creates , The owner can allow his user group to access the owner's files .
• ​ User group ： A user group is a logical set of users with the same characteristics , Sometimes we need to have multiple users with the same permissions , For example. 、 Modify the permissions of a file , One way is to authorize multiple users to access files , If there is 10 If it's a user , You need authorization 10 Time , Obviously, this method is not very reasonable ; Another way is to create a group , Let this group have the view 、 Modify the permissions of this file , Then put all the users who need to access the file into this group , Then all users have the same permissions as groups . This is the user group .
• Other users ： The other owner users in the system are other User class

7、 ... and . Change the owner and group of the file

1. The command is used to change the ownership of the file ：
chown： Can be used to change files ( Or directory ) The owner of change owner
chgrp： Can be used to change files （ Or directory ） Default group of change group
If you want to operate on the directory , Add parameters -R

​ chown user:group filename such as ：chown hr:san a.txt Change the file's owner and group to hr,san
​ chown user: filename such as ：chown san: a.txt Automatically inherits all of this user's groups
​ chown user filename such as ：chown san a.txt Change the owner of the document to san user
​ chown :group filename such as ： chown :miao a.txt Change the genus group of the file to miao This group
​ chgrp hr filename such as ： chgrp hr f.txt
​ -R ： recursive （ Everything in the directory changes , Otherwise, just modify the directory ）

[root@node5 ~]# ll -h *.txt
-rw-r--r-- 1 root root 115 Oct 12 10:03 aaa.txt
-rw-r--r-- 1 root root 115 Oct 14 16:54 bbb.txt
-rw-r--r-- 1 root root 115 Oct 14 16:54 ccc.txt
-rw-r--r-- 1 root root 115 Oct 14 16:55 ddd.txt
[root@node5 ~]# chown esnode aaa.txt
[root@node5 ~]# ll aaa.txt
-rw-r--r-- 1 esnode root 115 Oct 12 10:03 aaa.txt
[root@node5 ~]# chown esnode:esnode bbb.txt
[root@node5 ~]# ll bbb.txt
-rw-r--r-- 1 esnode esnode 115 Oct 14 16:54 bbb.txt
[root@node5 ~]# chown :logstash ccc.txt
[root@node5 ~]# ll ccc.txt
-rw-r--r-- 1 root logstash 115 Oct 14 16:54 ccc.txt
[root@node5 ~]# chown elk: ddd.txt
[root@node5 ~]# ll ddd.txt
-rw-r--r-- 1 elk elk 115 Oct 14 16:55 ddd.txt
[root@node5 ~]# cp ddd.txt eee.txt
[root@node5 ~]# ll eee.txt
-rw-r--r-- 1 root root 115 Oct 14 17:00 eee.txt
[root@node5 ~]# chgrp elk eee.txt
[root@node5 ~]# ll eee.txt
-rw-r--r-- 1 root elk 115 Oct 14 17:00 eee.txt

8、 ... and . One file cancels all permissions , Can the owner write this file ？

[root@node5 ~]# su - elk
Last login: Wed Oct 14 15:10:16 CST 2020 on pts/0
[elk@node5 ~]$ pwd
/home/elk
[elk@node5 ~]$ touch test.txt
[elk@node5 ~]$ echo "hello world ! " >> test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll -h
total 4.0K
-rw-rw-r-- 1 elk elk 15 Oct 14 19:17 test.txt
[elk@node5 ~]$ chmod 000 test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll -h
total 4.0K
---------- 1 elk elk 15 Oct 14 19:17 test.txt
[elk@node5 ~]$
[elk@node5 ~]$ echo 12 >> test.txt
-bash: test.txt: Permission denied
[elk@node5 ~]$ vim test.txt
[elk@node5 ~]$ cat test.txt
cat: test.txt: Permission denied
[elk@node5 ~]$ pwd
/home/elk
[elk@node5 ~]$ ls
test.txt
[elk@node5 ~]$ exit
logout
[root@node5 ~]# cat /home/elk/test.txt
hello world !
[root@node5 ~]# su - elk
Last login: Wed Oct 14 19:14:43 CST 2020 on pts/0
# Force to write
[elk@node5 ~]$ vim test.txt
qwe
qwe
"test.txt" 2L, 8C written
[elk@node5 ~]$
[elk@node5 ~]$ cat test.txt
cat: test.txt: Permission denied
[elk@node5 ~]$
[elk@node5 ~]$ exit
logout
[root@node5 ~]#
[root@node5 ~]# cat /home/elk/test.txt
qwe
qwe

Conclusion ： The document owner must be able to write the document , It's like root It can be done to shadow Forced write , because shadow The owner of root.

Nine . Use characters to set permissions

1. Commands for modifying permissions ：chmod, effect ： Modify file , Directory permissions

2.chmod Command format for ：

chmod [ To whom ] [ The operator ] [ What authority is given ] file name
To whom ：
u----> user user, Represents the owner of a file or directory
g----> User group group, Represents the user group to which a file or directory belongs
o----> Other users others
a----> All users all
The operator :

+： Add permissions ,- ： Reduce the permissions ;= ： Give a permission directly
jurisdiction ：r w x

Parameters	describe
u-w	Give the owner of the file the right to read
g+x	Add execution rights to user groups
o=r	Give other users the right to read
a+x	Add the execution rights to all users

[root@node5 ~]# su - elk
[elk@node5 ~]$ touch test.txt
[elk@node5 ~]$ ll
total 0
-rw-rw-r-- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ chmod u-w test.txt
[elk@node5 ~]$ ll
total 0
-r--rw-r-- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ chmod o=w test.txt
[elk@node5 ~]$ ll
total 0
-r--rw--w- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ chmod u+wx test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll
total 0
-rwxrw--w- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ chmod g=- test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll
total 0
-rwx----w- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$
[elk@node5 ~]$ chmod a=r test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll
total 0
-r--r--r-- 1 elk elk 0 Oct 14 19:32 test.txt

Ten . Use octal （0-7） Number setting permissions

1. Octal representation

jurisdiction	Binary value	Octal value	describe
---	000	0	There are no permissions
--x	001	1	Only executive authority
-w-	010	2	Only write permission
-wx	011	3	Have write and execute permissions
r--	100	4	Only read permission
r-x	101	5	Have read and execute permissions
rw-	110	6	Have read and write permissions
rwx	111	7	Have full authority

2. Change the syntax of permissions ：chmod 755 File or directory

chmod a=rwx b.txt Equivalent to chmod 777 b.txt

[root@node5 ~]# su - elk
Last login: Wed Oct 14 19:30:54 CST 2020 on pts/0
[elk@node5 ~]$ ll
total 0
-r--r--r-- 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ chmod 755 test.txt
[elk@node5 ~]$ ll
total 0
-rwxr-xr-x 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$
[elk@node5 ~]$ chmod 700 test.txt
[elk@node5 ~]$
[elk@node5 ~]$ ll
total 0
-rwx------ 1 elk elk 0 Oct 14 19:32 test.txt
[elk@node5 ~]$ stat -c%a test.txt
700
[elk@node5 ~]$ stat -c%A test.txt
-rwx------

11、 ... and . Complement code umask

1. Why are the permissions of the files we create 644 Well ？ How do we get the default permissions for creating files ？

​ answer ：umask The command allows you to set the default mode for file creation , For each type of user ( File owner 、 When the user 、 Other users ) There is a corresponding umask The number in the value

word , When we log in to the system, creating a file will have a default permission , So how does this authority come from ？ This is it. umask do .umask For setting

The default permissions for users to create files or directories ,umask It's about permissions “ Complement code ”, And we often use chmod The file permission code is set .

2. File default permissions ＝666 , Directory default permissions ＝777

3. Why files have less permissions than directories 1？ x cd

4. We are usually in /etc/profile、$ [HOME]/.bash_profile or $[HOME]/.profile Set in umask value . permanent , Edit user profile vim

.bash_profile

[elk@node5 ~]$ cat /etc/profile
......
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi
......
[elk@node5 ~]$ id -gn
elk
[elk@node5 ~]$ id -un
elk
notes ：UID Greater than 199 And the group name of the user is the same as the user name , that umask The value is 002, Otherwise 022.
notes ： -gt stay shell Is greater than ; id -un Show user groups ID ,id -gn Show group name .

5. Set up umask Provisional entry into force

[root@node5 ~]# umask 044
[root@node5 ~]# touch b.txt
[root@node5 ~]# stat -c %a b.txt
622
[root@node5 ~]# ll b.txt
-rw--w--w- 1 root root 0 Jul 7 21:51 b.txt

6.umask The algorithm of permissions

The algorithm of permissions ： Generally speaking ： Directory default permissions -umask value

666-022=644

777-022=755

It's a good way to remember , But not exactly .

Interaction ：umask Mask as 033 After creating a normal file , What is the authority ？ 666-033=633 ( rw- -wx -wx) ?

[root@node5 ~]# umask 033
[root@node5 ~]# touch c.txt
[root@node5 ~]# ll c.txt
-rw-r--r-- 1 root root 0 Jul 7 21:54 c.txt
[root@node5 ~]# stat -c %a c.txt
644

Calculation method of authority science ：
1、 Will default permissions （ Catalog 777, file 666） and umask Values are converted to 2 Base number
2、 Yes umask Take the opposite
3、 Will default permissions and umask Take the negative value to do and operation
4、 Convert the resulting binary value again 8 Base number , It's authority ,

example 1：umask by 022
6 6 6 umask 0 2 2
110 110 110 000 010 010 # Convert to binary
111 101 101 #umask Take the negative value
Do calculations
110 110 110
111 101 101
result
110 100 100 # Turn into 8 Base number 6 4 4

example 2： umask by 033 The result is ： 644
6 6 6 umask 0 3 3
110 110 110 000 011 011 # Convert to binary
111 100 100 # umask Take the negative value
110 110 110 And # Default and permissions umask Take the negative value to do and operation
111 100 100 # umask Take the negative value
110 100 100
6 4 4 # Turn into 8 Base number