File permissions

On Linux, everything is a file, and just to make it easier to distinguish, we call files with different features by different names, so directory is actually a file.

There are three types of file permissions: user permissions, user group permissions, and other permissions. The more specific the authority, the higher the priority.

Each category has three more detailed permissions.

permissions Impact on files Impact on directories
R (read) File contents can be read You can list the contents of a directory (the filename under that directory)
W (write) You can change the file contents You can create or delete any file in a directory
X (execute) Can be used as a command execution file The directory can be used as the current working directory (you can CD into this directory, but you still need r permission to list files in it)

By default, if you change folder permissions on Linux, its children (or folders) do not inherit response permissions, unlike Windows. The purpose of this is to prevent potential virus files in the children from being granted permission to run

You can run the ls -l command to view permission information about files in the current directory. If ls -ld is used, information about the directory itself (but not its contents) is displayed.

In a long list, the first character indicates the type of the file: -(regular file), D (directory), l for soft links, P, S, and other devices.

The remaining nine characters in the long list, grouped in groups of three, represent user permissions, user group permissions, and other permissions.

Manage file permissions

You can use chmod (short for Change mode) to change permissions on files, if the current logged-in user has permission to invoke the chmod command.

chmod WhoWhatWhich file|directory

  • Who: u,g,o,a(User, Group, others, all)
  • What: +,-,=(Add, delete, set accurately)
  • Which: r,w,x(Read, write, execute)

In addition, the chmod command supports the -r argument, which recursively sets file permissions for the entire directory, but remember that if you use this argument for a directory, you end up using X (to indicate that execution permissions will not be inherited recursively, for reasons explained above) instead of X when setting execution limits for the directory.

If r, w, and x are represented by numbers, they are 4, 2, and 1 respectively. Then, add the numbers in groups of three. For example, 777 represents RWXRWXRWX.


Set read and write permissions for the user group
chmod g=rw file0

Remove read and write permissions from user groups and other users
chmod go-rw file1

Add user The permissions of other users in the user group are executable
chmod a+x file2

SQL > alter table test1; SQL > alter table test1
chmod -R g+rwx test1

SQL > alter table test2; SQL > alter table test2; SQL > alter table test2;
chmod -R g+rwx test2


# Numerical modification
Set read and write permissions for users, set read and execute permissions for user groups, and set read and execute permissions for other users.
chmod 654 file3

Copy the code

The user or user group that changes a file or directory

If you want to change the user or group of a file or directory, you can use the chown command if you already have a user or group of users and, of course, if the current user has permission to execute the command. Ok, I repeat.

File0 = student

chown student file0

Change the user group of file1 file to admins
chown :admins file0

# Change the owning user and owning group of file3

chown student file3

Copy the code

Manage default permissions and file access

Special privileges

In addition to the previous read, write, and execute permissions, there is a fourth type of permissions, that is, ** special permissions.

Special privileges Impact on files Impact on directories
U (for user) + s(suID) Execute as the user who owns the file (not the current user) No effect
G (for user groups) + s(sgid) Execute as owning filegroup (not the current user) When a new file is created in a directory, the user group of the file is set to the group that matches the directory (not the current user’s group)
O (For other users) + t(sticky) No effect A user who has the write permission to a directory can delete only the permissions of the current user, but cannot delete or forcibly save files owned by other users

Because there are only nine additional permissions (three groups), the third character of each group is changed when represented as a character. If numeric representation is required, an octal digit is preceded by the sum of three special privileges (4, 2, 1)


None of them have special privileges
# 0777
rwxrwxrwx 

# have special permission
# s s t Indicates that users (user groups, other users) have special and executable permissions
# 7777  
rwsrwsrwt 

# have special permission, but do not have execute permission
# S S T indicates that users (user groups, other users) have special permissions but no executable permissions
# 7666  
rwSrwSrwT 

# Of course S S T has no connection, like this

RwSrw -rwt 5767 S indicates that the user has special permissions (but not executable permissions). - Indicates that the user group has no special permissions. T indicates that other users have special permissions and can execute
# 6767 
rwsrwSrwx

Copy the code

Special permissions are set in the same way as ordinary permissions


chmod g+s test1

chmod u-s test2

# 7654 can be converted like this
# 7 S S T # (S + x) = s # (T + x) = t
# 654 rw-r-xr--
# the last rwSrxsr - T

chmod 7654 file1 

Copy the code

Default file permissions

When a user creates a new file or directory, they are assigned their default initial permissions. Two factors affect these initial permissions: the type of file created (file or directory), and the umask value (as set by the current shell).

If you create a directory, the system initially allocates 0777 permissions to the directory and 0666 permissions to the file. Then subtract the umask value to get the final permission (0000 at most).

The Bash shell’s default umask value is defined in the /etc/profile and /etc/bashrc files, or you can create your own scripts in the /etc/profile.d directory. (because the /etc/profile file executes all executable scripts in the /etc/profile.d directory).

Users can override system defaults in their.bash_profile and.bashrc files in their home directories. You can also use the umask command (yes, this command) to set the umask value.

Supplement: A colleague told me about umask, and of course he explained it to me later

Problem: Set the umask to 0231 and create a 1.txt file, which would be 0666-0231 = 0435 (r–r–r-x), but is actually r–r–rw-.

Answer: Because creating files does not have execution permission by default.

Reflection: So instead of 0666-0231, it should be 0777-0231 = 0546(r-xr–rw-) and remove x permissions for all groups

Pay attention to

Keep in mind that the root user can own any file on the operating system, even if that file is owned by another user.