When the path is long and obstructed, it will come. It never rains but it pours. Refueling SAO years nuggets first article, hope everyone a lot of attention, thank you seniors!

1 introduction

“One of the best things about Linux is its multi-user, multi-task environment. In order for each user to have more confidential file data, so file permissions management becomes very important.”

In this paper, I carefully read the corresponding contents of “Bird brother’s Linux Private Dishes” and summarized and recorded the results. If wrong, but also hope to correct! thank you

Linux generally divides the identities that can access files into three categories: owner, group, and others. The three identities have read, write, and execute permissions respectively.

This paper will focus on the following aspects:

2 Basic Concepts

2.1 Basic Concepts of Users and User Groups

The basic concepts of users and user groups take a real family as an example. Suppose there is a family with only three brothers, namely Wang Damao, Wang Ermao and Wang Sanmao, and the head of the family is Wang Damao. Brief analysis is as follows:

  • File owner (user) : In this family, Wang Damao, Wang Ermao and Wang Sanmao have their own rooms respectively, so they are the owners (users) of this room. At this time Wang Ermao can enter Wang Sanmao’s room, but can only see, what also can’t move, because these things are Wang Sanmao.
  • User group: because these three people are a family, they can live together in the common living room, where everyone can do their own things, such as watching TV, listening to music and so on.

2.2 Basic Features of Users and User Groups

What are the characteristics of users, user groups, and other categories?

  • User: Each user has its own space, data storage space, workspace, etc.
  • User group: Members of the same user group can communicate with each other in a shared space. Members of different user groups cannot access each other. For example, above Wang Damao’s family, another family user Zhang SAN, can not visit. Unless get wang Damao family user “invite”.
  • Other: another family of users, Zhang SAN, is other.

2.3 Default File Directory in Linux

In Linux, there is a default path for storing information about users and user groups as follows:

  • /etc/passwd: stores information about all system accounts, common users, and root users.
  • /etc/shadow: records the personal password.
  • /etc/group: records the names of all Linux groups.

Note that these three files are where accounts, passwords, and user groups are stored in the Linux system. Do not delete these three files.

3 File attributes in Linux

3.1 Viewing File Properties

When we use ls -l command to view directory files in Linux system, we will find a lot of content, I did not know very deeply at the beginning, just know the general, today read a book seriously, to make a summary.

For details about the parameters of the ls command in Linux, see the -ls tutorial. Some command parameters are captured as follows:

3.2 File attribute Analysis

I refer to my own Ubuntu and take the following files as examples:

Column 1 Column 2 Column 3 Column 4 Column 5 Column 6 The column 7
drwxrwxrwx 2 zhaoc zhaoc 4096 On October 16 o Music
drwxr-xr-x 2 root root 4096 21:50 on March 24 vim
-rw-r–r– 1 root root 438 On March 15 15:49 exports
  • Column 1: represents the type and permissions of the file. If you look closely, you’ll see that each column is made up of 10 characters (which may be joined together for editor reasons). Here’s a breakdown of the 10 characters:
    • The first character: indicates whether the file is a directory, file, or link file, which is the type of the fileThe letterIt means different things:
      • [d] : indicates directory, that is, the file type is a directory type, that is, a common folder. Like the “Music” folder above;
      • [-] : represents the file, which is the smallest unit, that is, the common basic file under Windows, etc. Like the “exports” file above;
      • [l] : lowercase letter “L”, which stands for linkfile.
      • [b] : indicates the interface device that can be stored in the device file.
      • [C] : serial port device in device file, such as keyboard, mouse, etc. (one-time reading device);
    • RWX: RWX: RWX: RWX: RWX: RWX: RWX: RWX: RWX: RWX
    • Characters 5-7: indicates the permissions of the same user group, that is, the permissions of other users in the same user group on this file. Take vim files as an example. The permissions of the same user group are [r-x], which are readable and executable permissions.
    • Characters 8-10: indicates the permissions of other user groups. Take the “exports” file as an example, the permissions of other non-local user groups are [r–], that is, readable permissions;
  • Column 2: indicates how many filenames are connected to this node. The common sense is how many are in this folderfolder. In my own tests, this only shows how many folders there are, not files. In addition, it should be noted that this number includes the number of hidden folders. Please refer to the following figure for comparison.11-LinuxThere is only one folder below the folder, but the file name shown here is 3, that is because there are two hidden folders, notice that the file type in front of these two hidden folders is alsod.
  • Column 3: Represents the “owner account” for the file or directory, which, as I understand it, was created first.
  • Column 4: indicates the user Group to which the file belongs, Group.
  • Column 5: represents the size of the file, in default B.
  • Column 6: indicates the date the file was first created, or the date it was last modified. That’s actually the date of the last modification. As a bonus, if you want to display the full time format, you can use the following command:
ls -l --full-time
Copy the code

  • Column 7: This column is the file name. It is necessary to understand that in English symbol “. The file at the beginning is a hidden file.

4 How do I change file attributes and permissions

There are several common commands for changing file properties and file permissions. List them first and analyze them one by one:

  • CHGRP: changes the owning user group of a file.
  • Chown: Changes the file owner;
  • Chmod: changes file permissions.

4.1 Changing the Owning User Group: CHGRP

The CHGRP command is commonly used to change the owning group of a file or directory. In fact, this command is the abbreviation of English change group;

Note that the group name to be changed must exist in the /etc/group file, otherwise an error will be reported.

The basic command format is as follows:

CHGRP [-r] [group] [File or directory] [-r]: performs recursive continuous change, that is, changes the group of this directory and all files/directories under it.Copy the code

For more detailed information, please refer to: Rookie tutorial – CHGRP, which has more detailed explanations and examples.

4.2 Changing the file owner: chown

The commonly used command to change the owner of a file or directory is the chown command, which is short for change owner.

Note also that the user must be an existing account in the system, that is, the user name recorded in the /etc/passwd file.

The basic command format is as follows:

Chown [-r] [account name] [file or directory] [-r]: Performs recursive continuous change, that is, changes the group of this directory and all files/directories under it.Copy the code

To change both the owner and user group of a file, run the following command:

chown root:root filename
Copy the code

To change the file owner and user group at the same time, you are advised to use a colon (:). What if you just need to change the user group? You can use the following command:

chown .root filename
Copy the code

In this case, you can use the English decimal point.

4.3 Changing File Permissions: chmod

This command is one of the most commonly used commands in practical use.

The basic command format is as follows:

Chmod [-r] [xyz] [File or directory] [-r]: Makes recursive continuous changes, that is, changes to this directory and groups of all files/directories under it.Copy the code

This command, on a larger scale, can be used in two different ways, described separately below.

4.3.1 Number Type Changing file Permissions

In practice, it is common to change file permissions by using digital methods directly. In simple terms, a file/directory has three different identities, each with three different permissions, divided in binary as follows:

r w x r w x r w x
4 2 1 4 2 1 4 2 1

Again, take these three files and do an analysis

Column 1 Column 2 Column 3 Column 4 Column 5 Column 6 The column 7
drwxrwxrwx 2 zhaoc zhaoc 4096 On October 16 o Music
drwxr-xr-x 2 root root 4096 21:50 on March 24 vim
-rw-r–r– 1 root root 438 On March 15 15:49 exports

If I want to set Music to the current permission (RWXRWXRWX), what should I do, analyze, this file has all permissions, to set this permission type should use the following command:

chmod 777 Music
Copy the code

Similarly, if you wanted to set exports to the current permission (RW-r –r–), the setup command would be as follows:

chmod 644 exports
Copy the code

As a rule of thumb, when changing file permissions using array types, convert the corresponding bit permissions to binary values. Set file permissions using this command.

4.3.2 Symbol Types Change file permissions

Symbolic types are used to change file permissions in a way similar to letters. The common identities are user, group and others. Therefore, in Linux, U, G and O are used to represent the three identities, and A is used to represent all the identities.

The specific permission type can be represented by r w x;

The operation mode can be expressed in the following three ways:

  • + : indicates that certain permissions are added to the file or directory. Other permissions remain unchanged. According to my understanding is only to modify the corresponding part of the permission;
  • – : indicates that certain permissions on the file/directory are removed and other permissions remain unchanged.
  • = : Sets the permission for a file or directory. In this mode, all the original permission content is overwritten.

For example, with the “exports” file above, the permission of this file is (RW-r –r–), and we can set it with the following command:

chmod u=rw,go=r exports
Copy the code

Set read and write permissions for the file owner “u”. Set read permissions for user groups and other users.

Note that u=rw,go=r are connected together without any Spaces

If we do not know the original properties of a file and want to give each user of the file a writable permission, we can use the following command:

chmod a+w filename
Copy the code

Similarly, if you want to remove executable permissions from all users of this file, you can use the following command:

chmod a-x filename
Copy the code

From the two examples above, you can see that in the + – state, the permission “will not be changed” as long as no option is specified.

5 Permission meaning of directories and files

Directory and file permissions, for data security is very important, the following separate file permissions for general files and directory files

5.1 Importance of Permissions to Files

A file is a place that actually contains data, including general text files, database content files, binary executable files, etc. Therefore, permissions for files have the following meanings:

  • R (read) : the actual content of the file can be read, such as the text content of a text file.
  • W (write) : you can edit, add, or modify the content of a file, but cannot delete the file. That is, the write permission can only modify the content of a file.
  • X (execute) : this file has permissions that can be executed by the system. Note the difference between Windows and Linux executables. Windows determines whether a file has executable permission according to its “extension name”. Linux determines whether the file can be executed by determining whether it has the “X” permission.
  • Summary: For a file, permissions are permissions on the contents of the file, but not permissions to delete the file itself. Because the file records the actual data.

5.2 Importance of Permissions to Directories

A file is where the actual data is stored. The main content of a directory is a list of file names, which are strongly associated with the directory. Therefore, different permissions have different effects on directories:

  • R (read) : indicates the permission to read the directory structure list. That is, you can see the list of files in this directory, but just look at it;
  • w(write)This writable permission is powerful for directories. It indicates that you have permission to change the list of directory structures:
    • Create new files and directories.
    • Delete existing files and directories (regardless of the permission of the file);
    • Rename an existing file or directory.
    • To move files and directories in this directory.
    • To summarize: the W permission for a directory is associated with changes in the file name under that directory.
  • X (execute) : What is the use of executable permissions for directories? The directory cannot be used for execution, but the x executable permission of the directory indicates whether the user can access the directory as a working directory.

5.2.1 Directory Example 1

To illustrate the use of executable permissions for a directory, suppose there is a directory with the following permissions:

DRWXR --r-- 3 root root 4096 3月 24 21:50 filenameCopy the code

At this time, the system has an account named zhaoc, which does not support root user group. What permission does Zhaoc have on this directory? Can I switch to this directory?

Answer: Zhaoc only has r permission on this directory, so Zhaoc can query the list of file names under this directory. Because Zhaoc does not have permission for X, zhaoc cannot switch to this directory. This is important

5.2.2 Directory Example 2

If I have a file named filename in this directory, the permissions to change the file are as follows:

-rwx------ 1 root root 4365 Sep 19 23:20 filename
Copy the code

Q: What is zhaoc’s permission on this folder? Can I delete this file?

Zhaoc can’t read, edit, or execute the file. That is, he can’t change its contents. However, since the file is in his home folder, he has full permissions for [RWX] in that directory, so for filename, Zhaoc is able to “delete”, that is, user Zhaoc is able to delete filename.

6. Combine the actual work

According to my current working experience, in practical work, the importance of file permissions will be clearly reflected in the development server. For example, when I first joined the company, all files were read-only; The directory permissions are readable and executable. That is, I don’t have write permission to anything on the server; One obvious benefit of this is to prevent the new employee from accidentally deleting files on the server and causing the company a loss.

Later, when I had been with the company for a while and got familiar with things and needed to get involved in project development, I was given the option to write to a specific directory on the server, so THAT I could make code changes, submit, and so on.

7 summary

  1. Have a basic understanding of user, user group and other conceptual characteristics;
  2. Has a basic understanding to the file attribute, as well as the file attribute view way;
  3. To change the file attributes and permissions of the three methods, have a deeper understanding;
  4. Have a good understanding of the use permissions in some specific situations;

This article is based on a reading of the book content, and a summary of my notes after in-depth understanding. If there are mistakes still hope to correct, I hope to help you! Feel good can leave a zan ha, convenient more people see, thank you!