How to operate Linux file and folder permissions

Linux file permissions

First, let's check the contents of the files in the current directory.

ls -l View the list of files in the current directory
ls -l xxx.xxx (xxx.xxx is the file name) View the specified file

We can see the file permissions, -rw-rw-r--, a total of 10 digits.

Among them: The first one - represents the type (details are shown in the figure below)

1. The three rw- in the middle represent the owner (user)
2. Then the three rw- represent groups.
3. The last three r's stand for other people.

Then let me explain the following 9 digits:

1. r means the file can be read
2. w means the file can be written (write)
3. x means the file can be executed (if it is a program)

- Indicates that the corresponding permission has not been granted

File and folder operation permissions:

One thing to note is that a directory must have both read and execute permissions to open and view the internal files, and a directory must have write permissions to allow other files to be created in it. This is because the directory file actually stores information such as the list of files in the directory.

Replenish:

Special permissions SUID, SGID, Sticky
There are three file permission attributes in Linux system that are not related to user identity. That is, SUID, SGID and Sticky.
SUID (Set User ID, 4):
This attribute is only valid for files with execution permissions, not for directories. When executing a program with SUID permissions, the owner of the resulting process is the owner of the program file, not the user who started the program (unless the two are the same person). For example, if the owner of a program is root and has the SUID attribute, when a normal user executes the program, it is the same as if root executed the program. (Please note that this property is invalid for Shell script programs.) This property makes it easier to start some special programs (such as lpr). But sometimes it also brings security risks: for example, if a program with SUID attributes runs a shell during execution, the user can use it to obtain the highest permissions of the system. SUID can be represented by s, such as:

$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 47032 Feb 16 2014 /usr/bin/passwd

SGID (Set Group ID, 4):
For executable files, SGID is similar to SUID, and the group of the spawned process is the group to which the program file belongs. For directories, the SGID attribute causes newly created files in the directory to belong to the same group as the directory. SGID can also be represented by s, such as:

$ ls -l /var
drwxrwsr-x 2 root staff 4096 Apr 10 2014 local
drwxrwxr-x 15 root syslog 4096 Apr 4 19:57 log

Sticky, 1:
Only valid for directories. Files or directories under a directory with the sticky attribute can be deleted or renamed by their owner. The sticky attribute is often used to create directories like this: group users can create new files and modify file contents in this directory, but only the file owner can delete or rename their own files. Such as the /tmp folder in the system. In attribute strings, this is usually represented by t.

$ ls -l /
drwxrwxrwt 8 root root 4096 Apr 4 23:57 tmp

Change the operation permissions of files and folders corresponding to users   

If you have a file that you do not want other users to read, write, or execute, you need to modify the file permissions. There are two ways to do this:

Method 1: Binary digital representation

Three sets of permissions for each file:

1. u stands for owner (user)
2. g represents the group to which the owner belongs.
3. o stands for others, but not u and g (other)
4. a represents all people, including u, g and o
5. According to the above figure, rwx can also be replaced by numbers.
6. r------------4
7. w -----------2
8. x ------------1
9. -------------0
   

Once everyone understands the above, it will be easy to understand the following common permissions:

1. -rw------- (600) Only the owner has read and write permissions
2. -rw-r--r-- (644) Only the owner has read and write permissions, the group and others have only read permissions
3. -rwx------ (700) Only the owner has read, write, and execute permissions
4. -rwxr-xr-x (755) Only the owner has read, write, and execute permissions, while the group and others have only read and execute permissions
5. -rwx--x--x (711) Only the owner has read, write, and execute permissions, while the group and others only have execute permissions
6. -rw-rw-rw- (666) Everyone has read and write permissions
7. -rwxrwxrwx (777) everyone has read, write, and execute permissions
   

On actual operation

After checking the permissions of test, the owner has read, write, and execute permissions:

Then I added some content to the file, changed the permissions (700:-rwx------), and tried to read the file under shiyanlou (owner), and it was readable.

Change to another user Peter and try to read it again as shown in the figure below. It shows that the permission is insufficient and the reading cannot be done.

Method 2: Addition and subtraction assignment operations

1. u stands for owner (user)
2. g represents the group to which the owner belongs.
3. o stands for others, but not u and g (other)
   

a represents all people, including u, g and o

+ and - respectively indicate adding and removing corresponding permissions. The + sign is usually not displayed (I still add it when I am just starting to learn)

Type in the terminal:

chmod o+w xxx.xxx
chmod ow xxx.xxx means granting others the permission to write the file xxx.xxx

chmod go-rw xxx.xxx means to delete the read and write permissions of the group and others in xxx.xxx
chmod ug-r xxx.xxx

Modify the owner/group of a file or folder

Use the chown command to change the ownership (owner/group) of a directory or file.

Note: The intermittent content mentioned here will be supplemented after learning the next content (user/group addition, deletion, modification and query)

Not only can the permissions of files and directories be changed, but their ownership and the user group they belong to can also be modified. Similar to setting permissions, users can set them through the graphical interface or execute the chown command to modify them.
Let's first execute ls -l to check the directory:

You can see that the user group to which the test file belongs is root and the owner is root.
Execute the following command to transfer the ownership of the test file in the figure above to user peter:
# chown peter test

To change the group and transfer the test file from the root group to the Peter group, use the following command:
# chown :peter test

Change the user and group together. Change the owner of the folder or file test to shiyanlou, and the group to which it belongs to to shiyanlou, as shown below:

The above is a detailed explanation of the Linux file and folder permission operation methods introduced by the editor. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!