We all know Linux It's a multi-user , A multitasking system . It's also one of its best features , in other words , There may be a lot of people working on the system at the same time , So please don't force it to shut down .

meanwhile , To protect everyone's privacy and work environment , For a document ( file , Catalog ),Linux The system defines three identities , That is, the owner (owner)、 group (group)、 others (others). Each identity corresponds to three types of permissions : Readable and writable , Executable (Excutable), Through this design, the privacy of the data owned by each user can be ensured .

 

document property

Use command ls -al --full-time, Or an abbreviation for this command ll You can view all the properties of a file or directory . as follows :

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

You can see from above , Every line has 7 Column , Namely :

First column

All in all 10 position . The first bit represents the file type ,d Presentation directory ,- Said file ,l Represents a linked file ,d Represents a device that can be accessed randomly ( for example U disc ),c Represents a one-time read device , for example As a mouse or keyboard and so on .

after 9 The digits correspond in order to the permissions of the three identities , The order of identity is : owner , Group , other , And the order of authority is : Can be read , Writable and executable . for example :-r-xr-x --- Indicates that the current document is a file , The owner is readable and writable , And the users in the same group are readable and writable , Other users don't have any rights .

Second column

Indicates the number of links , Indicates how many files are linked to inode number .

The third column

Means the owner

The fourth column

Indicates the group

The fifth column

Represents the size of the document , In bytes

The sixth column

Indicates when the document was last modified . Please note that , This is not when the document was created .

The seventh column

Indicates the document name . With a little (.) The beginning is to hide the document

Change owner (owner)

Location

cat /etc/passwd

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

Be careful : It must be an account that already exists in this location . in other words ,/ etc / passwd Only the owner of the record in can change it .

grammar

chown [-R] [ Account name ] [ File or directory ]
chown [-R] [ Account name ]:[ The name of the group ] [ File or directory ]

remarks : This command can also change the document group by the way , But it is still recommended to use chgrp Command to change the document group .

Options

-R Recursive changes , I.e. all documents in the same directory ( clip ) All have to change .

usage

chown daemon test Change folder test Account No daemon.

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

chown daemon:root test Change folder test Group is root.

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

chown root.users test Change the account number of the folder to root, Group is users

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

chown .root test Change the group to root

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

remarks : Although you can add a decimal point between the owner and the group (.), But in order to avoid some friends in the name with a little , So it's still recommended to use colons “:” To separate the owner from the group , To avoid miscalculation .

Change group (group)

Location

etc/group

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

remarks : You can see all the groups from here

grammar

chgrp [-options] [ Group name ] [ Document path ]

remarks : About options, Can pass man chgrp、info chgrp、chgrp --help And other commands can query the detailed usage .

usage

chgrp -R users test command : change test Folder and all its sub files ( clip ) The group of is users.

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

Be careful : Group name is not in location , Will be an error invalid group.

 

Change authority

Linux There are only three basic permissions for documents , Namely read/write/execute, Add identity owner/group/others There are nine in all . There are two ways to change permissions , They are symbolic method and numerical method .

Semiotics

Use u,g,o To represent three identities ,a All identities ; Separate use r、w、x Three kinds of authority ; Separate use +、-、= Indicates the operation behavior

grammar

chmod | u g o a | +( Join in ) -( remove ) =( Set up ) | r w x |  Document path 

Set the permissions (=)

Such as : Change directory test For anyone to read 、 Write 、 perform .

chmod u=rwx,g=rwx,o=rwx test 
-- or
chmod ugo=rwx test 
-- or
chmod a=rwx test

 

Remove authority (-)

Get rid of the catalog test Executive authority

chmod u-x,g-x,o-x test 
-- or
chmod ugo-x test 
-- or
chmod a-x test

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

remarks : Executive authority (x), It's just about the directory. It's about whether other users can go through cd test Become a working directory .

Add permissions (+)

Add Directory test Executive authority

chmod u+x,g+x,o+x test 
-- or
chmod ugo+x test 
-- or
chmod a+x test

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

remarks : If we finish writing a shell file test.sh after , adopt chmod a+x test.sh The file execution permission is added .

Digital method

seeing the name of a thing one thinks of its function , It uses numbers for permissions , also r,w and x Respectively 4、2 and 1. Three kinds of permissions can be accumulated to get an identity permission .

The directory test Set the permissions of to be readable by anyone 、 Write 、 perform . as follows :

chmod 777 test

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

Catalog test The permission of is set to read and write by anyone .

chmod 666 test

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

Give one shell file test.sh Executable rights , The owner can read 、 Write 、 perform , Group accounts and others are readable 、 perform .

chmod 755 test

remarks : Did you find the number method easier

 

File and directory permissions differ

Document permissions are very different for files and directories

file

For the content of the file

  • readable The actual contents of the file can be read
  • writable Can edit 、 Add or modify the contents of the file
  • executable Have the right to be executed by the system

remarks : Have w Permissions don't mean you can delete files . Deleting files is the scope of directory permission control .

This is because the relevant permissions and attributes of the directory are recorded in the inode in , And the names of all the files in the directory and the corresponding index files (inode) The number is recorded in the block to which the directory belongs , So when we When reading a file , You must read the index node of the directory first , Then read the block information of the directory , Then get the index information of the file to read .

in other words , On which block is the file stored , Finally, you can read the contents of the file ( This content needs to be understood Linux file system , for example Ext2 / Ext3 / Ext4, We'll talk more about ). please remember , File permissions are only valid for file content .

example

Use root Identity read Directory test001 The files under the test001-1

Check the physical full path of the directory :pwd

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

List related directories and files :ll -di / /root /root/test001 /root/test001/test001-1

adopt man ls see -i, Full name inode, namely print the index number of each file

Linux Some key knowledge , It's very comprehensive , It's necessary to collect

 

  • Catalog / Of inode: Find... Through the mount point information inode The number is 2 Of block.
  • Catalog / Of block: Found in the previous step block, find root/ The directory inode The number is 131073.
  • Catalog root/ Of inode: The read number is 131073 Of inode Find the contents of block.
  • Catalog root/ Of block: Found in the previous step block, find root/test001/ The directory inode The number is 527524.
  • Catalog root/test001/ Of inode: The read number is 527524 Of inode Find the contents of block.
  • Catalog root/test001/ Of block: Found in the previous step block, file found test001-1 The directory inode The number is 527526.
  • file test001-1 Of inode: The read number is 527526 Of inode Find the file block.
  • file test001-1 Of block: Found in the previous step block, Read file contents .

Because it is root user , So you have the right to read any document . If you use a general account , Then the read content of each step above will also match the permission .

Catalog

For the file objects in this directory

  • readable Have permission to read directory structure list , That is, it can be done through ls Command query directory list
  • writable Have permission to change the directory structure list , That is, you can create , transfer , Delete and rename files .
  • executable Have access to this directory , You can use cd The command becomes the working directory .

remarks : It can be concluded from the above , When you open a directory for anyone to browse , At least you need to grant r or x jurisdiction . To read the contents of the directory file , At least you need directory permissions x And file permissions r.

summary

It can be for Linux Each document is assigned three types of identities rwx jurisdiction . chgrp Command to change the file group ,chmod Command to change file permissions ,chown Change file owner ; Then remember to use file permissions to protect data security .