The “#” in the following information indicates that the operation is performed as the root user

  • Linux permission operations are sibling operations with users and user groups. \

    The article directories

    • I. Overview of authority
      • 1. Introduction of permissions
      • 2. Identity introduction
      • 3. Introduction of Linux permissions
    • 2. Permission setting
      • 1, letter form
      • 2. Numerical form
      • 3. Precautions
    • 3. Setting owner and owner group
      • 1. Chown (emphasis)
      • 2. CHGRP (Understand)
    • 4. Expansion (1)

I. Overview of authority

  • Summary: Linux systems generally classify file savable/accessible identities into three categories:Owner, Group, and Others, and each of the three identitiesRead, write, executeSuch as permissions.

1. Introduction of permissions

  • What are permissions? In the management of multi-user computer systems, permissions mean that a particular user has the right to use certain system resources, such as folders, the use of certain system instructions, or storage limits.
  • Linux has read, write, and execute permissions respectively:
  • Permissions: For folders, read permissions affect whether users can list directory structures. For files, read permissions affect whether users can view file contents
  • Write permission: For folders, the write permission affects whether users can create/delete/copy to/move documents in folders. For files, the write permission affects whether users can edit files
  • Execution permissions: generally for files, especially script files.

2. Identity introduction

  • OwnerIdentity (file owner, default to document creator)

    Because Linux is a multi-user, multi-task operating system, it is often possible for several people to work on a host at the same time, but each person can set the permissions on the file on the host to make it a personal “private file,” or personal owner. Because the appropriate file permissions are set, users other than myself (the file owner) cannot view the contents of the file.
  • Let’s say someone sends you an Email love letter and you file it in your home folder. To prevent others from seeing your love letter, you can use the owner’s identity to set the file’s proper permissions, so that even if your rival wants to read your love letter, he or she cannot.
  • GroupIdentity (the user in the same group as the file owner)

    The most useful feature of grouping with file owners is thisWhen multiple teams develop resources on the same host. For example, there are two groups A and B on the host. In A, there are three members A1, A2 and A3, and in B, there are two members B1 and B2. The two groups need to complete A report F together. With proper permissions set, members of community A and B can modify each other’s data, but members of community C cannot modify the content of COMMUNITY F, or even have the permission to view it. Members of a group can also set up their own private files so that no other members of the group can read the file data.In Linux, each account supports multiple user groups. For example, users A1 and B1 can belong to user group A or user group B (primary group and additional group).
  • OthersIdentity (other person, relative to owner)

    This is a relative concept. For example, Three brothers, Daming, Er Ming and Xiao Ming, live in the same room. The name on the property certificate is Daming (ownerOwner), then, The Daming family is a user group, this group has daming, er Ming, xiao Ming three members; There’s another guy named Joe, nothing to do with the other three, so this Joe is somebody else.

    Meanwhile, Daming, Erming and Xiaoming have their own rooms. Although they can enter and leave their rooms freely, Xiaoming cannot let Daming see his love letters, diaries, etc., which is the meaning of file owner (user).
  • RootUser (superuser)

    In Linux, there is another god-like user, root, who manages ordinary users because it has the most privileges of all.

3. Introduction of Linux permissions

  • To set permissions, you need to know some basic file properties and permissions assignment rules. In Linux,lsThe command is used to display the file name and related properties.
Ls-l = ls-lCopy the code

  • The part highlighted in red is the document permission attribute information for Linux.
  • In LinuxUser, user group, and other concepts, each of them has different permissions. For a document, its permissions are assigned as follows:



    Ten characters indicate meaning:
  • The first1Bit: indicates the document type. The common value is”D for folder“,”- Indicates a file“,”L indicates soft connection“,”S stands for socket“And so on;
  • The first2-4Bit: indicates the permissions of the document owner, the first2Bit indicates the read permission. The value isR, -; The first3Bit indicates write permission,wMeans writable,-It means not writable, number one4Bit indicates the execution permission. The value can beX, -.
  • The first5 to 7Bit: indicates the permissions of users in the same group as the owner, the first5Bit indicates the read permission. The value isR, -; The first6Bit indicates write permission,wMeans writable,-It means not writable, number one7Bit indicates the execution permission. The value can beX, -.
  • The first8-10Bit: indicates the prefix except above2Part of the user other than the permission of other users, no8Bit indicates the read permission. The value isR, -; The first9Bit indicates write permission,wMeans writable,-It means not writable, number one10Bit indicates the execution permission. The value can beX, -.
  • Permission assignment, both yesrwxIs a combination of three parameters, and the position order does not change. If no corresponding permission is available, use – instead.
  • For example: What are the following document permissions?

  • A. It is the folder type
  • B. Owner: Has all permissions (read/write execution)
  • C. Group user: Readable and executable
  • D. Other users: Readable and executable

2. Permission setting

  • Grammar:# chmod option permission mode document
  • Common options:

    -RRecursively set permissions (when document type is folder)

    Permission mode: specifies the permission information to be set in this document

    Document: can be a file, folder, relative path or absolute path.
  • Pay attention to the point: If you want to set permissions on a document, the operator is eitherrootThe user, or the owner of the document.

1, letter form

  • For whom to set:

    u: Indicates the ownerowner(user)

    g: sets the user group to the owner (group)

    oSaid:othersTo set permissions for other users

    aSaid:all, to all (includingugoSet permissions
  • If the permission is not specified for any user, the permission is set for all users by default
  • Permission character:

    rRead:

    wWrite:

    x: Execution

    -: indicates no permission
  • Permission assignment mode:

    +: Indicates that a user is assigned new rights (relative to the current user).

    -: Indicates the permission to delete a user (relative to the current user).

    =: sets permissions to specific values (result-oriented)
  • Need to giveanaconda-ks.cfgFile (-rw-------.). Set permissions to ensure that the owner has all permissions, users in the same group have read and execute permissions, and other users have read-only permissions.
  • The answer:

    # chmod u+x,g+rx,o+r anaconda-ks.cfg

  • 2.# chmod u=rwx,g=rx,o=r anaconda-ks.cfg

  • Tip: When a document has execution permission (any part), its color is green on the terminal.
# chmod ug= RWXCopy the code
  • For example: Ifanaconda-ks.cfgThe file has no permissions. Can you use itrootIf the user sets the execution permission for all users, it can be written as

    # chmod +x anaconda-ks.cfg

    # chmod a=x anaconda-ks.cfg

    # chmod a+x anaconda-ks.cfg

2. Numerical form

  • You’ll often see technical web pages like this# chmod 777 a.txtSuch a permission, in this form, is called digital permission (777).
  • Read:r 4
  • Write:w 2
  • Perform:x 1
  • No permissions:0

  • Need to giveanaconda-ks.cfgSet permissions. Permissions require that the owner has all permissions, the same group of users have read and execute permissions, and other users are read-only.
  • Full Permissions (u) :Read + Write + Execute =4+2+1=7
  • Read and execute (g) :Read + execute =4+1=5
  • Read permissions,o) :Read = 4
  • According to the above, the permission is:754
 # chmod 754 anaconda-ks.cfg
Copy the code

  • The interview questionsThe command to set the document permissions with the super administrator is# chmod -R 731 aaaIs there anything unreasonable about this command?

    Owner:7=4+2+1= Read + write + Execute

    Group User:3=2+1= write + execute

    Other Users:1 = = 1
  • Note: When writing permissions, do not set such “weird permissions” as above. If there are 2 and 3 digits in a permission number, the permission is not reasonable.

3. Precautions

  • userootThe user creates a folder (/oo), permissions Default, permissions are as follows:

  • Need to be inooCreate files under directory (oo/xx.txt), need to give777Jurisdiction:

  • Switch to thetestThe user (not the document owner, not the same group of users, belongs tootherPart) :
  • Problem 1: Whether the test user can open the fileoo/xx.txtFile? [Can open]
  • Question 2: Can the test user edit the fileoo/xx.txtFile? 【 can 】
  • Problem 3: Can the test user be deletedoo/xx.txtFile? No, creating files/folders, moving files, and renaming files are also not allowed.

  • If you want to delete a file in Linux, you need to check whether the file has the write permission, not whether the file has the corresponding permission.

3. Setting owner and owner group

  • Owner: Owning user (file owner)
  • Owner Group: Indicates the owning user group

  • The previous root is the owner
  • The root in the back is the genus group

These two pieces of information are created with the creator’s information (the user name, the name of the primary group to which the user belongs).

If a user is sometimes deleted, the owner and owner group information of the document corresponding to the user needs to be modified.

1. Chown (emphasis)

  • Effect: Changes the owner of a document
  • Grammar:# chown -r username Specifies the file path
  • Case: will just nowrootuser-createdooDirectory, owner changed totest
# chown  test  oo/
Copy the code

2. CHGRP (Understand)

  • Effect: Changes the user group to which a document belongs
  • Grammar:# CHGRP -r groupname File path
  • Case: will just nowrootuser-createdooDirectory, owner changed totestAnd change the owning user group totest
# chgrp  test  oo/
Copy the code

  • How can you change both the user and the user group with a single command?
  • Answer: can achieve, throughchownThe command

    Grammar:# chown -r username:groupname File path
  • Case: Request onlychownInstruction,ooThe owning user and user group of the directory are changed back torootAnd contains subdirectories

4. Expansion (1)

  • Question:reboot,shutdown,init,halt,userManagement, in the ordinary user identity is not able to operate, but some special circumstances and need to have execution permission. It is impossible for root to tell its password to ordinary users. How to solve this problem?
  • The problem is solvable and can be usedSudo (switch user do)Command to set permissions.sudoYou can have the administrator (rootDefine in advance who can execute certain special commands.
  • The defaultsudoPhi is not divided by phirootRules for other users, if you want to use them, configure them firstsudo.
  • sudoConfiguration file:/etc/sudoers

  • A. configuresudoPlease use the# visudo"And how to use it after openingvimconsistent
  • B. Configure the rights of common users

  • rootIndicates the user name. In the case of a user group, it can be written as% group name
  • ALL: indicates the allowed host (address whitelist).
  • (ALL): indicates who executes the command. ALL indicatesrootidentity
  • ALL: indicates the commands that can be executed by the current user..“Segmentation
  • Case: ItselftestUser cannot add a usersudoConfiguration so that users can be added and passwords can be changed (but notrootUser password).
  • Note: in writingsudoWhen writing rules, it is not recommended to write direct commands, but to write the full path of the command.
  • Paths can be usedwhichCommand to view
  • Grammar:# which directive name





  • After adding the corresponding rules, you can switch users to ordinary userstest, and then execute:

  • To use the previous rule, run the following command:
# sudo command to executeCopy the code

  • After entering the sudo command, enter the current user password for confirmation (not root password), which is not required for the sudo command to be executed again within 5 minutes.
  • Pay special attention to: In accordance with the requirements of the case, it is not allowedtestThe user to changerootPassword, so the rule needs to be adjusted, otherwise it can change the root password:
  • From modificationrootConfiguration of passwords (first allow all, then denyrootPassword setting) :

    /usr/bin/passwd [A-Za-z]*, ! /usr/bin/passwd root
  • Addendum: How do I check what special permissions I have under ordinary users?
# sudo  -l
Copy the code

  • Pay attention to:sudoNot common to any Linux branch, commoncentoswithubuntuThere aresudoCommand.