- One . About file permissions
- Two . View file permissions
- 3、 ... and .linux The following common file types
- Four .linux Under the common file permissions
- 5、 ... and . The impact of permissions on files and directories
- 6、 ... and . User classification of files
- 7、 ... and . Change the owner and group of the file
- 8、 ... and . One file cancels all permissions , Can the owner write this file ?
- Nine . Use characters to set permissions
- Ten . Use octal (0-7) Number setting permissions
- 11、 ... and . Complement code umask
One . About file permissions
Permissions protect the content of the owner of the file , You can also share content with specific users . Generally, setting permissions for files can achieve three effects :
- Only allow yourself access to
- Allow a specified user access to
- Allow all users access to
Two . View file permissions
1. Use ll You can view the file permissions
[[email protected] ~]# ll -h *.txt
-rw-r--r-- 1 root root 115 Oct 12 10:03 aaa.txt
-rw-r--r-- 1 root root 27K Oct 10 16:27 ceshi.txt
-rw-r--r-- 1 root root 1.2K Apr 3 2020 idea Shortcut key .txt
-rw-r--r-- 1 root root 16 Oct 10 16:35 test2.txt
-rw-r--r-- 1 root root 12 Oct 10 17:30 test.txt
-rw-r--r-- 1 root root 83 Oct 12 09:59 Test garbled files .txt
#-rw-r--r-- This is the description of the file permissions
2. The definition of file permission is shown in the figure below :
3、 ... and .linux The following common file types
1. The types of documents are as follows :
- p Indicates named pipe file
- d Represents a catalog file
- l Represents a symlink file
- - Represents a common file
- s Express socket Set of interface documents , For example, we enable mysql when , Will produce a mysql.sock file
- c Represents a character device file , example : Virtual console or tty0
- b Represents a block device file example : sda, cdrom
2. Common file types in the system
# Character device file
[[email protected] ~]# ll /dev/tty
crw-rw-rw- 1 root tty 5, 0 Oct 14 02:40 /dev/tty
# Block device file
[[email protected] ~]# ll /dev/sd*
brw-rw---- 1 root disk 8, 0 Oct 14 02:40 /dev/sda
brw-rw---- 1 root disk 8, 1 Oct 14 02:40 /dev/sda1
brw-rw---- 1 root disk 8, 2 Oct 14 02:40 /dev/sda2
brw-rw---- 1 root disk 8, 16 Oct 14 02:40 /dev/sdb
brw-rw---- 1 root disk 8, 17 Oct 14 02:40 /dev/sdb1
brw-rw---- 1 root disk 8, 18 Oct 14 02:40 /dev/sdb2
brw-rw---- 1 root disk 8, 21 Oct 14 02:40 /dev/sdb5
brw-rw---- 1 root disk 8, 22 Oct 14 02:40 /dev/sdb6
# Symbolic link file
[[email protected] ~]# ll /dev/cdrom
lrwxrwxrwx 1 root root 3 Oct 14 02:40 /dev/cdrom -> sr0
# Directory file
[[email protected] ~]# ll -d /
dr-xr-xr-x. 21 root root 4096 Oct 14 02:22 /
# Ordinary documents
[[email protected] ~]# ll /etc/hosts
-rw-r--r--. 1 root root 356 Apr 28 2019 /etc/hosts
# Socket file
[[email protected] ~]# ll /var/lib/gssproxy/default.sock
srw-rw-rw- 1 root root 0 Oct 14 02:40 /var/lib/gssproxy/default.sock
Four .linux Under the common file permissions
1.Linux Under the file permission type generally includes read , Write , perform , The corresponding letter is : r ,w,x.
2. For files :
- r: read
- w: Write
- x: perform
3. For directories :
- r: read ( Look at what's in the catalog ), ls
- w: Create a file in the directory , Delete , Move touch mkdir rm mv cp
- x: Get into cd cat
4. Common file permissions are as follows :
- rwx------: The file owner has access to the file 、 Write and execute permissions .
- rwxr-- r--: The file owner has read 、 Permission to write and execute , Users in the user group and other users have the right to read
- rw-rw-r-x: The file owner and the same group of users have read and write permissions to the file , Other users only have read and execute permissions .
- drwx--x—x: The directory owner has the right to read, write and enter the directory , Other users have access to the directory , You can't read any data .
- drwx------: Except that the directory owner has full permissions , Other users have no access to the directory at all .
5. Each user has its own directory , Usually placed in /home below
[[email protected] ~]# ll -h /home
total 4.0K
drwx------ 3 elk elk 120 Oct 14 01:42 elk
drwx------ 6 esnode esnode 4.0K Apr 27 14:27 esnode
drwx------ 2 nginx nginx 62 May 7 2019 nginx
drwx------ 3 www www 73 May 7 2019 www
notes :[rwx------] Represents the permissions owned by the directory owner himself , Other users cannot access ,root With the exception of
6. What user are you logged in as , Then the directory or file you create , Automatically becomes the owner of the file or directory
[[email protected] ~]# su - elk
Last login: Wed Oct 14 01:42:49 CST 2020 on pts/0
[[email protected] ~]$ pwd
/home/elk
[[email protected] ~]$ touch b.txt
[[email protected] ~]$ ll b.txt
-rw-rw-r-- 1 elk elk 0 Oct 14 15:10 b.txt
[[email protected] ~]$
[[email protected] ~]$ exit
logout
5、 ... and . The impact of permissions on files and directories
| jurisdiction | Impact on documents | Impact on catalog |
|---|---|---|
| r( Read ) | Can read the contents of the file | You can list the contents of the catalog ( file name ):ls |
| w( write in ) | You can change the contents of the file | You can create or delete any file in the directory :touch mkdir rm mv cp |
| x( perform ) | Can be used as a command execution file | You can access the contents of the directory ( Depends on the permissions of the files in the directory ):cd cat |
6、 ... and . User classification of files
1. User classification of files :U( File owner )-G( User group )-O( Other users )
- owner : It's the user who created the file , This user has all rights to the files it creates , The owner can allow his user group to access the owner's files .
- User group : A user group is a logical set of users with the same characteristics , Sometimes we need to have multiple users with the same permissions , For example. 、 Modify the permissions of a file , One way is to authorize multiple users to access files , If there is 10 If it's a user , You need authorization 10 Time , Obviously, this method is not very reasonable ; Another way is to create a group , Let this group have the view 、 Modify the permissions of this file , Then put all the users who need to access the file into this group , Then all users have the same permissions as groups . This is the user group .
- Other users : The other owner users in the system are other User class
7、 ... and . Change the owner and group of the file
1. The command is used to change the ownership of the file :
chown: Can be used to change files ( Or directory ) The owner of change owner
chgrp: Can be used to change files ( Or directory ) Default group of change group
If you want to operate on the directory , Add parameters -R
chown user:group filename such as :chown hr:san a.txt Change the file's owner and group to hr,san
chown user: filename such as :chown san: a.txt Automatically inherits all of this user's groups
chown user filename such as :chown san a.txt Change the owner of the document to san user
chown :group filename such as : chown :miao a.txt Change the genus group of the file to miao This group
chgrp hr filename such as : chgrp hr f.txt
-R : recursive ( Everything in the directory changes , Otherwise, just modify the directory )
[[email protected] ~]# ll -h *.txt
-rw-r--r-- 1 root root 115 Oct 12 10:03 aaa.txt
-rw-r--r-- 1 root root 115 Oct 14 16:54 bbb.txt
-rw-r--r-- 1 root root 115 Oct 14 16:54 ccc.txt
-rw-r--r-- 1 root root 115 Oct 14 16:55 ddd.txt
[[email protected] ~]# chown esnode aaa.txt
[[email protected] ~]# ll aaa.txt
-rw-r--r-- 1 esnode root 115 Oct 12 10:03 aaa.txt
[[email protected] ~]# chown esnode:esnode bbb.txt
[[email protected] ~]# ll bbb.txt
-rw-r--r-- 1 esnode esnode 115 Oct 14 16:54 bbb.txt
[[email protected] ~]# chown :logstash ccc.txt
[[email protected] ~]# ll ccc.txt
-rw-r--r-- 1 root logstash 115 Oct 14 16:54 ccc.txt
[[email protected] ~]# chown elk: ddd.txt
[[email protected] ~]# ll ddd.txt
-rw-r--r-- 1 elk elk 115 Oct 14 16:55 ddd.txt
[[email protected] ~]# cp ddd.txt eee.txt
[[email protected] ~]# ll eee.txt
-rw-r--r-- 1 root root 115 Oct 14 17:00 eee.txt
[[email protected] ~]# chgrp elk eee.txt
[[email protected] ~]# ll eee.txt
-rw-r--r-- 1 root elk 115 Oct 14 17:00 eee.txt
8、 ... and . One file cancels all permissions , Can the owner write this file ?
[[email protected] ~]# su - elk
Last login: Wed Oct 14 15:10:16 CST 2020 on pts/0
[[email protected] ~]$ pwd
/home/elk
[[email protected] ~]$ touch test.txt
[[email protected] ~]$ echo "hello world ! " >> test.txt
[[email protected] ~]$
[[email protected] ~]$ ll -h
total 4.0K
-rw-rw-r-- 1 elk elk 15 Oct 14 19:17 test.txt
[[email protected] ~]$ chmod 000 test.txt
[[email protected] ~]$
[[email protected] ~]$ ll -h
total 4.0K
---------- 1 elk elk 15 Oct 14 19:17 test.txt
[[email protected] ~]$
[[email protected] ~]$ echo 12 >> test.txt
-bash: test.txt: Permission denied
[[email protected] ~]$ vim test.txt
[[email protected] ~]$ cat test.txt
cat: test.txt: Permission denied
[[email protected] ~]$ pwd
/home/elk
[[email protected] ~]$ ls
test.txt
[[email protected] ~]$ exit
logout
[[email protected] ~]# cat /home/elk/test.txt
hello world !
[[email protected] ~]# su - elk
Last login: Wed Oct 14 19:14:43 CST 2020 on pts/0
# Force to write
[[email protected] ~]$ vim test.txt
qwe
qwe
"test.txt" 2L, 8C written
[[email protected] ~]$
[[email protected] ~]$ cat test.txt
cat: test.txt: Permission denied
[[email protected] ~]$
[[email protected] ~]$ exit
logout
[[email protected] ~]#
[[email protected] ~]# cat /home/elk/test.txt
qwe
qwe
Conclusion : The document owner must be able to write the document , It's like root It can be done to shadow Forced write , because shadow The owner of root.
Nine . Use characters to set permissions
1. Commands for modifying permissions :chmod, effect : Modify file , Directory permissions
2.chmod Command format for :
chmod [ To whom ] [ The operator ] [ What authority is given ] file name
To whom :
u----> user user, Represents the owner of a file or directory
g----> User group group, Represents the user group to which a file or directory belongs
o----> Other users others
a----> All users all
The operator :
+: Add permissions ,- : Reduce the permissions ;= : Give a permission directly
jurisdiction :r w x
| Parameters | describe |
|---|---|
| u-w | Give the owner of the file the right to read |
| g+x | Add execution rights to user groups |
| o=r | Give other users the right to read |
| a+x | Add the execution rights to all users |
[[email protected] ~]# su - elk
[[email protected] ~]$ touch test.txt
[[email protected] ~]$ ll
total 0
-rw-rw-r-- 1 elk elk 0 Oct 14 19:32 test.txt
[[email protected] ~]$ chmod u-w test.txt
[[email protected] ~]$ ll
total 0
-r--rw-r-- 1 elk elk 0 Oct 14 19:32 test.txt
[[email protected] ~]$ chmod o=w test.txt
[[email protected] ~]$ ll
total 0
-r--rw--w- 1 elk elk 0 Oct 14 19:32 test.txt
[[email protected] ~]$ chmod u+wx test.txt
[[email protected] ~]$
[[email protected] ~]$ ll
total 0
-rwxrw--w- 1 elk elk 0 Oct 14 19:32 test.txt
[[email protected] ~]$ chmod g=- test.txt
[[email protected] ~]$
[[email protected] ~]$ ll
total 0
-rwx----w- 1 elk elk 0 Oct 14 19:32 test.txt
[[email protected] ~]$
[[email protected] ~]$ chmod a=r test.txt
[[email protected] ~]$
[[email protected] ~]$ ll
total 0
-r--r--r-- 1 elk elk 0 Oct 14 19:32 test.txt
Ten . Use octal (0-7) Number setting permissions
1. Octal representation
| jurisdiction | Binary value | Octal value | describe |
|---|---|---|---|
| --- | 000 | 0 | There are no permissions |
| --x | 001 | 1 | Only executive authority |
| -w- | 010 | 2 | Only write permission |
| -wx | 011 | 3 | Have write and execute permissions |
| r-- | 100 | 4 | Only read permission |
| r-x | 101 | 5 | Have read and execute permissions |
| rw- | 110 | 6 | Have read and write permissions |
| rwx | 111 | 7 | Have full authority |
2. Change the syntax of permissions :chmod 755 File or directory
chmod a=rwx b.txt Equivalent to chmod 777 b.txt
[[email protected] ~]# su - elk
Last login: Wed Oct 14 19:30:54 CST 2020 on pts/0
[[email protected] ~]$ ll
total 0
-r--r--r-- 1 elk elk 0 Oct 14 19:32 test.txt
[[email protected] ~]$ chmod 755 test.txt
[[email protected] ~]$ ll
total 0
-rwxr-xr-x 1 elk elk 0 Oct 14 19:32 test.txt
[[email protected] ~]$
[[email protected] ~]$ chmod 700 test.txt
[[email protected] ~]$
[[email protected] ~]$ ll
total 0
-rwx------ 1 elk elk 0 Oct 14 19:32 test.txt
[[email protected] ~]$ stat -c%a test.txt
700
[[email protected] ~]$ stat -c%A test.txt
-rwx------
11、 ... and . Complement code umask
1. Why are the permissions of the files we create 644 Well ? How do we get the default permissions for creating files ?
answer :umask The command allows you to set the default mode for file creation , For each type of user ( File owner 、 When the user 、 Other users ) There is a corresponding umask The number in the value
word , When we log in to the system, creating a file will have a default permission , So how does this authority come from ? This is it. umask do .umask For setting
The default permissions for users to create files or directories ,umask It's about permissions “ Complement code ”, And we often use chmod The file permission code is set .
2. File default permissions =666 , Directory default permissions =777
3. Why files have less permissions than directories 1? x cd
4. We are usually in /etc/profile、$ [HOME]/.bash_profile or $[HOME]/.profile Set in umask value . permanent , Edit user profile vim
.bash_profile
[[email protected] ~]$ cat /etc/profile
......
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi
......
[[email protected] ~]$ id -gn
elk
[[email protected] ~]$ id -un
elk
notes :UID Greater than 199 And the group name of the user is the same as the user name , that umask The value is 002, Otherwise 022.
notes : -gt stay shell Is greater than ; id -un Show user groups ID ,id -gn Show group name .
5. Set up umask Provisional entry into force
[[email protected] ~]# umask 044
[[email protected] ~]# touch b.txt
[[email protected] ~]# stat -c %a b.txt
622
[[email protected] ~]# ll b.txt
-rw--w--w- 1 root root 0 Jul 7 21:51 b.txt
6.umask The algorithm of permissions
The algorithm of permissions : Generally speaking : Directory default permissions -umask value
666-022=644
777-022=755
It's a good way to remember , But not exactly .
Interaction :umask Mask as 033 After creating a normal file , What is the authority ? 666-033=633 ( rw- -wx -wx) ?
[[email protected] ~]# umask 033
[[email protected] ~]# touch c.txt
[[email protected] ~]# ll c.txt
-rw-r--r-- 1 root root 0 Jul 7 21:54 c.txt
[[email protected] ~]# stat -c %a c.txt
644
Calculation method of authority science :
1、 Will default permissions ( Catalog 777, file 666) and umask Values are converted to 2 Base number
2、 Yes umask Take the opposite
3、 Will default permissions and umask Take the negative value to do and operation
4、 Convert the resulting binary value again 8 Base number , It's authority ,
example 1:umask by 022
6 6 6 umask 0 2 2
110 110 110 000 010 010 # Convert to binary
111 101 101 #umask Take the negative value
Do calculations
110 110 110
111 101 101
result
110 100 100 # Turn into 8 Base number 6 4 4
example 2: umask by 033 The result is : 644
6 6 6 umask 0 3 3
110 110 110 000 011 011 # Convert to binary
111 100 100 # umask Take the negative value
110 110 110 And # Default and permissions umask Take the negative value to do and operation
111 100 100 # umask Take the negative value
110 100 100
6 4 4 # Turn into 8 Base number