A detailed introduction to Linux file permissions

The excellence of Linux lies in its multi-user, multi-tasking system. Linux generally divides the identities that can access files into three categories: owner, group, and others, and each of the three identities has read, write, and execute permissions.

Three identities of authority

File owner

User-level file permissions, usually the creator of the file, can be modified by chown.

User group

If the user group is compared to a team, the user is its member, and the team members have the same permissions to the file. The user group of a file can be modified through chgrp.

One of the most useful uses of user groups is when developing resources as a team. Two projects, project1 and project2, are developed by two teams. User group permissions 1 and 2 are assigned to the projects respectively, and then the supervisor supports permissions 1 and 2 at the same time, that is, each account can have the support of multiple user groups.

Others

Not the file owner and not belonging to the file's user group, that is, everyone else.

File permissions

Definition and View

Execute the following command on the server to view file-related information:

[root@iz2zedcscvry6t0psspzswz ~]# ls -al
total 44
dr-xr-x---. 5 root root 4096 Sep 9 12:11 .
dr-xr-xr-x. 18 root root 4096 Sep 9 12:39 ..
-rw-r--r--. 1 root root 18 Dec 29 2013 .bash_logout
-rw-r--r--. 1 root root 176 Dec 29 2013 .bash_profile
-rw-r--r--. 1 root root 176 Dec 29 2013 .bashrc
drwx------ 3 root root 4096 Oct 15 2017 .cache
-rw-r--r--. 1 root root 100 Dec 29 2013 .cshrc
drwxr-xr-x 2 root root 4096 Oct 15 2017 .pip
-rw-r--r-- 1 root root 64 Oct 15 2017 .pydistutils.cfg
drwx------ 2 root root 4096 Sep 9 12:11 .ssh
-rw-r--r--. 1 root root 129 Dec 29 2013 .tcshrc

The following example shows the meaning of each column:

File permissions Number of connections File owner User group File size Modified date File name
drwxr-xr-x 2 root root 4096 Oct 15 2017 .pip

In the file permission part, the first letter of drwxr-xr-x represents the file type, and the d here represents directory. d = directory, - = file, l = linkfile.

The following are groups of 3. The first group rwx represents the file owner permissions, the second group rx represents the user group permissions, and the third group rx represents other user permissions.

In the example file, the file owner root has read, write, and execute permissions, users in the root user group have read and execute permissions, and other users have read and execute permissions.

• View the specific date when a file was created or modified: ls -al --full-time
• View detailed usage of ls: man ls or info ls

Modify file permissions

• chgrp (change group): change the user group to which the file belongs
• chown(change owner): change the file owner
• chmod (change mod): modify file permissions

Modify User Group

chgrp [-R] dirname/filename

# Change the user group of install.log to users
chgrp users install.log

Change file owner

chown can also modify the user group to which the file belongs

chown [-R] account name: group name file or directory # Change the user group and owner of install.log to root
chown root:root install.log

Changing file permissions

Weight distribution: r:4 w:2 r:1

# Set the file permissions to -rwxr-xr

chmod 754 filename

# Set an executable file to prevent others from modifying it chmod 755 filename # -rwxr-xr-x

Symbolic type changes file permissions

Identity interpretation: u = user, g = group, o = other, a = all

# Let the file have execution permission, but don't know the original permission chmod a+x filename

The meaning of directory and file permissions

Whether a Linux file is executable is determined by the "x" permission and has no absolute relationship with the file name.

Files are where actual data is stored, and the main content of directories is a list of recorded file names.

File permissions explained

• r: can read file contents
• w: can edit the file contents
• x: The file has permission to be executed by the system

Directory permissions explained

• r: Query the file name data in the directory (you can use ls)
• w: create, delete, rename, escape
• x: Can you enter this directory?

Permissions configuration file

• Account information: /etc/passwd
• Personal password: /etc/shadow
• Group name: /etc/group

【Comprehensive Case】

[Question 1.1] Create two user groups, group1 and group2, and three users, dennis, daniel, and abigale, and assign the first two users to group1 and the last one to group2

【Question 1.2】Log in as user dennis and create a Hello.java file

【Question 1.3】Log in as user daniel and see whether you can access the /home/dennis directory and read or write the Hello.java file created there.

[Question 1.4] Log in as user dennis and modify the read and write permissions of the directory /home/dennis and the file Hello.java (Correction: When modifying directory permissions, you should use 770 instead of 760, otherwise the permissions will be insufficient)

【Question 1.5】Repeat 【Question 1.3】

【Question 1.6】Change abigale's user group from group2 to group1

Then, you can use cat /etc/passwd to view and confirm

【refer to】

-groupadd group name, add group in linux

-vi /etc/group, view all group information in Linux, you can view and edit

-cat /etc/group, view all group information in Linux, can only view but not edit

-useradd-g group name user name, when creating a user, specify which group the user will be assigned to

-vi /etc/passwd, view all user information in Linux, you can view and edit

-cat /etc/passwd, view all user information in Linux, can only view but not edit

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.