We all know Linux It's a multi-user , A multitasking system . It's also one of its best features , in other words , There may be a lot of people working on the system at the same time , So please don't force it to shut down .
meanwhile , To protect everyone's privacy and work environment , For a document （ file , Catalog ）,Linux The system defines three identities , That is, the owner (owner)、 group (group)、 others (others). Each identity corresponds to three types of permissions ： Readable and writable , Executable （Excutable）, Through this design, the privacy of the data owned by each user can be ensured .
Use command ls -al --full-time, Or an abbreviation for this command ll You can view all the properties of a file or directory . as follows ：
You can see from above , Every line has 7 Column , Namely ：
All in all 10 position . The first bit represents the file type ,d Presentation directory ,- Said file ,l Represents a linked file ,d Represents a device that can be accessed randomly （ for example U disc ）,c Represents a one-time read device , for example As a mouse or keyboard and so on .
after 9 The digits correspond in order to the permissions of the three identities , The order of identity is ： owner , Group , other , And the order of authority is ： Can be read , Writable and executable . for example ：-r-xr-x --- Indicates that the current document is a file , The owner is readable and writable , And the users in the same group are readable and writable , Other users don't have any rights .
Indicates the number of links , Indicates how many files are linked to inode number .
The third column
Means the owner
The fourth column
Indicates the group
The fifth column
Represents the size of the document , In bytes
The sixth column
Indicates when the document was last modified . Please note that , This is not when the document was created .
The seventh column
Indicates the document name . With a little (.) The beginning is to hide the document
Change owner (owner)
Be careful ： It must be an account that already exists in this location . in other words ,/ etc / passwd Only the owner of the record in can change it .
chown [-R] [ Account name ] [ File or directory ] chown [-R] [ Account name ]:[ The name of the group ] [ File or directory ]
remarks ： This command can also change the document group by the way , But it is still recommended to use chgrp Command to change the document group .
-R Recursive changes , I.e. all documents in the same directory ( clip ) All have to change .
chown daemon test Change folder test Account No daemon.
chown daemon:root test Change folder test Group is root.
chown root.users test Change the account number of the folder to root, Group is users
chown .root test Change the group to root
remarks ： Although you can add a decimal point between the owner and the group (.), But in order to avoid some friends in the name with a little , So it's still recommended to use colons “:” To separate the owner from the group , To avoid miscalculation .
Change group (group)
remarks ： You can see all the groups from here
chgrp [-options] [ Group name ] [ Document path ]
remarks ： About options, Can pass man chgrp、info chgrp、chgrp --help And other commands can query the detailed usage .
chgrp -R users test command ： change test Folder and all its sub files ( clip ) The group of is users.
Be careful ： Group name is not in location , Will be an error invalid group.
Linux There are only three basic permissions for documents , Namely read/write/execute, Add identity owner/group/others There are nine in all . There are two ways to change permissions , They are symbolic method and numerical method .
Use u,g,o To represent three identities ,a All identities ; Separate use r、w、x Three kinds of authority ; Separate use +、-、= Indicates the operation behavior
chmod | u g o a | +（ Join in ） -（ remove ） =（ Set up ） | r w x | Document path
Set the permissions (=)
Such as ： Change directory test For anyone to read 、 Write 、 perform .
chmod u=rwx,g=rwx,o=rwx test -- or chmod ugo=rwx test -- or chmod a=rwx test
Remove authority (-)
Get rid of the catalog test Executive authority
chmod u-x,g-x,o-x test -- or chmod ugo-x test -- or chmod a-x test
remarks ： Executive authority (x), It's just about the directory. It's about whether other users can go through cd test Become a working directory .
Add permissions (+)
Add Directory test Executive authority
chmod u+x,g+x,o+x test -- or chmod ugo+x test -- or chmod a+x test
remarks ： If we finish writing a shell file test.sh after , adopt chmod a+x test.sh The file execution permission is added .
seeing the name of a thing one thinks of its function , It uses numbers for permissions , also r,w and x Respectively 4、2 and 1. Three kinds of permissions can be accumulated to get an identity permission .
The directory test Set the permissions of to be readable by anyone 、 Write 、 perform . as follows ：
chmod 777 test
Catalog test The permission of is set to read and write by anyone .
chmod 666 test
Give one shell file test.sh Executable rights , The owner can read 、 Write 、 perform , Group accounts and others are readable 、 perform .
chmod 755 test
remarks ： Did you find the number method easier
File and directory permissions differ
Document permissions are very different for files and directories
For the content of the file
- readable The actual contents of the file can be read
- writable Can edit 、 Add or modify the contents of the file
- executable Have the right to be executed by the system
remarks ： Have w Permissions don't mean you can delete files . Deleting files is the scope of directory permission control .
This is because the relevant permissions and attributes of the directory are recorded in the inode in , And the names of all the files in the directory and the corresponding index files （inode） The number is recorded in the block to which the directory belongs , So when we When reading a file , You must read the index node of the directory first , Then read the block information of the directory , Then get the index information of the file to read .
in other words , On which block is the file stored , Finally, you can read the contents of the file （ This content needs to be understood Linux file system , for example Ext2 / Ext3 / Ext4, We'll talk more about ）. please remember , File permissions are only valid for file content .
Use root Identity read Directory test001 The files under the test001-1
Check the physical full path of the directory ：pwd
List related directories and files ：ll -di / /root /root/test001 /root/test001/test001-1
adopt man ls see -i, Full name inode, namely print the index number of each file
- Catalog / Of inode： Find... Through the mount point information inode The number is 2 Of block.
- Catalog / Of block： Found in the previous step block, find root/ The directory inode The number is 131073.
- Catalog root/ Of inode： The read number is 131073 Of inode Find the contents of block.
- Catalog root/ Of block： Found in the previous step block, find root/test001/ The directory inode The number is 527524.
- Catalog root/test001/ Of inode： The read number is 527524 Of inode Find the contents of block.
- Catalog root/test001/ Of block： Found in the previous step block, file found test001-1 The directory inode The number is 527526.
- file test001-1 Of inode： The read number is 527526 Of inode Find the file block.
- file test001-1 Of block： Found in the previous step block, Read file contents .
Because it is root user , So you have the right to read any document . If you use a general account , Then the read content of each step above will also match the permission .
For the file objects in this directory
- readable Have permission to read directory structure list , That is, it can be done through ls Command query directory list
- writable Have permission to change the directory structure list , That is, you can create , transfer , Delete and rename files .
- executable Have access to this directory , You can use cd The command becomes the working directory .
remarks ： It can be concluded from the above , When you open a directory for anyone to browse , At least you need to grant r or x jurisdiction . To read the contents of the directory file , At least you need directory permissions x And file permissions r.
It can be for Linux Each document is assigned three types of identities rwx jurisdiction . chgrp Command to change the file group ,chmod Command to change file permissions ,chown Change file owner ; Then remember to use file permissions to protect data security .