Linux file permissions viewing and modification

Linux is a multi-user, multi-tasking system, often with multiple people working on a single machine at the same time. To protect everyone’s privacy, the role of “file owner” is quite important. When a Linux user logs on to the system, he or she carries a User ID (UID) and a Group ID (GID), which are equivalent to his or her business cards. When you need to access a file or program, you can swipe the card to know if you can read, write, or execute it.

Viewing and interpreting Linux file permissions

Type ls -l in the root directory to see the following information.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

[root@localhost /]# ls -l
total 32
lrwxrwxrwx.   1 root root    7 Aug 18 21:27 bin -> usr/bin
dr-xr-xr-x.   4 root root 4096 Aug 26 06:10 boot
drwxr-xr-x.  20 root root 3160 Aug 27 23:44 dev
drwxr-xr-x.  74 root root 8192 Aug 28 00:39 etc
drwxr-xr-x.   3 root root   15 Aug 18 21:31 home
lrwxrwxrwx.   1 root root    7 Aug 18 21:27 lib -> usr/lib
lrwxrwxrwx.   1 root root    9 Aug 18 21:27 lib64 -> usr/lib64
drwxr-xr-x.   2 root root    6 Aug 12  2015 media
drwxr-xr-x.   2 root root    6 Aug 12  2015 mnt
drwxr-xr-x.   2 root root    6 Aug 12  2015 opt
dr-xr-xr-x. 364 root root    0 Aug 27 23:43 proc
dr-xr-x---.   2 root root 4096 Aug 18 21:31 root
drwxr-xr-x.  21 root root  620 Aug 28 00:39 run
lrwxrwxrwx.   1 root root    8 Aug 18 21:27 sbin -> usr/sbin
drwxr-xr-x.   2 root root    6 Aug 12  2015 srv
dr-xr-xr-x.  13 root root    0 Aug 27 23:43 sys
drwxrwxrwt.   7 root root 4096 Aug 28 00:30 tmp
drwxr-xr-x.  13 root root 4096 Aug 18 21:27 usr
drwxr-xr-x.  19 root root 4096 Aug 27 23:43 var

Each record consists of 7 parts, in the order of lrwxrwxrwx. 1 root root 7 Aug 18 21:27 bin -> usr/bin, for example, and the specific representations are

• lrwxrwxrwx. represents the file type and permissions
• 1 for the number of file connections
• root is the owner
• root is the user group it belongs to
• 7 is the file size (in K)
• Aug 18 21:27 represents the last modified time of the file
• bin -> usr/bin filename

Let’s first split the lrwxrwxrwx. string, where the first character is used to describe the type of file, with the following optional values

• - represents a normal file
• d for directory
• l means this is a soft or hard connection
• b is a block device, such as a disk that holds large blocks of data
• c is a character device, such as a mouse, keyboard, and other devices that require continuous serial reading and writing
• s stands for socket file
• p stands for named pipe file

This file, l, represents a soft connection or hard connection. The nine immediately following characters, which need to be looked at three by three, represent.

• Permissions of the owner
• Permissions of the group it belongs to
• Permissions of other users

The order is rwx, corresponding to the permissions R ead (read), W rite (write), e Xe cute (execute), or - if you do not have a particular permission.

The last one. It may be confusing to know what it is used for, after checking, the information shows that this point indicates the presence of “SELinux security tag”! If selinux is turned off, this point will not appear.

rwx permissions explained

1
2
3
4
5
6
7
8
9

rwx 作用到文件
[r]代表可读(read)：可以读取，查看
[w]代表可写(write)：可以修改，但是不代表可以删除该文件，删除一个文件的前提条件是该文件所在目录有写权限
[x]代表可执行(execute)：可以被执行

rwx 作用到目录
[r]代表可读(read)：可以读取，查看
[w]代表可写(write)：可以修改，目录内创建+删除+重命名目录
[x]代表可执行(execute)：可以进入该目录

Also notice that the last file name of this last demo has a -> for soft link or hard link, so let’s learn the difference between soft link and hard link.

• A soft link (also called a symbolic link - symbolic link , symlink or soft link ) is a special type of file that contains a reference to another file or directory in the form of an absolute or relative path. It is somewhat similar to a windows shortcut. It is created by: ln -s source dist
• A hard link is a link through an index node. In the Linux file system, files stored in a disk partition are assigned a number, called the Inode Index, regardless of their type. In Linux, multiple file names pointing to the same index node exist. Generally this connection is a hard join. The purpose of a hard link is to allow a file to have multiple valid pathnames so that the user can create hard links to important files to prevent “accidental deletion”. The reason for this is as described above, because the index node corresponding to that directory has more than one connection. Deleting only one connection does not affect the index node itself and the other connections, but only when the last connection is deleted, the file’s data block and the directory’s connections are released. In other words, a file is only truly deleted if all hardwired files associated with it are deleted. The creation method is: ln source dist

With some combing, some similarities and differences between soft and hard connections can be seen.

• There is little difference in use, both are equivalent to a file with a different path or filename
• If you enter the target file to delete the file link, the soft link will fail, the hard link will only be “link number-1”
• Soft links can be created in any location, including the network, while hard links must be on the same disk

More details about soft and hard links will be presented when we organize inode related knowledge.

Linux file permissions modification

The next thing you learn is to modify the attributes and permissions of a file, and the first thing you learn is to modify the user or user group to which it belongs. Command format: chown [-R] username:group filename (where -R is used when modifying folders and represents a recursive modification.)

There are two methods to modify read and write permissions.

numeric method

The permission rwx corresponds to 4,2,1, which is actually a 3-digit binary, if only read permission is 4, if the user has read and write permission, then it is 4+2=6, and so on.

chmod 700 filename is executed by setting the user to have read and write access, while the user group and other users have no access.

Text method

The text method starts with introducing four letters: u, g, o, and a, where u stands for u ser, g stands for g roup, o stands for o ther, and a stands for all. in addition, you need to learn three symbols: +, -, and =, which stand for adding, subtracting, and setting, respectively. e.g., chmod ug+w filename, which means adding write permissions to filename, which means adding write permission to the user and user group of filename.

Additional content

Masking files

The initial ls -l doesn’t actually show all the files in the directory, you can use ls -al to show all the information:.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

[root@localhost ~]# ls -al
total 32
dr-xr-x---.  2 root root 4096 Aug 18 21:31 .
dr-xr-xr-x. 17 root root 4096 Aug 18 21:31 ..
-rw-------.  1 root root 1141 Aug 18 21:31 anaconda-ks.cfg
-rw-r--r--.  1 root root   18 Dec 29  2013 .bash_logout
-rw-r--r--.  1 root root  176 Dec 29  2013 .bash_profile
-rw-r--r--.  1 root root  176 Dec 29  2013 .bashrc
-rw-r--r--.  1 root root  100 Dec 29  2013 .cshrc
-rw-r--r--.  1 root root  129 Dec 29  2013 .tcshrc

You can see that root’s home directory has many files preceded by . These files are hidden files in Linux, in Linux will be files in front of the file name plus a . You can hide the file.

Special directories

There are several special directories under Linux: “.” , “…” , “-”, “~”

• “.” Current directory
• “…” Previous directory
• “-” The previous working directory
• “~” The current user’s home directory

Special File Permissions

Linux files have two special permissions, s and t, in addition to rwx. They are not used much in normal times and are not studied in depth.

chmod: change file permissions

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

语法：
    chmod <选项> <参数>

选项：
    -c或--changes                 # 效果类似“-v”参数，但仅回报更改的部分
    -f或--quiet或--silent　　      # 不显示错误信息
    -R或--recursive               # 递归处理，将指令目录下的所有文件及子目录一并处理
    -v或--verbose                 # 显示指令执行过程
    --reference=<参考文件或目录>    # 把指定文件或目录的所属群组全部设成和参考文件或目录的所属群组相同

参数：
    权限模式                       # 指定文件的权限模式
    文件　　                       # 要改变权限的文件

实例：
    # 第一种方式：+、-、=变更权限
    # u：所有者    g：所有组    o：其他人    a：所有人(u、g、o总和)
    chmod u=rwx,g=rx file         # 表示该文件者拥有读、写、执行权限，同一用户组拥有读、执行权限，其他人未设置拥有之前的权限
    chmod g+w file                # 表示该文件在原权限上添加同一用户组可写权限
    chmod a-x file                # 表示该文件在原权限上取消所有人的执行权限

    # 第二种方式：通过数字变更权限
    # r=4    w=2    x=1    -=0    如：rwx=4+2+1=7
    chmod 755 file                # 相当于chmod u=rwx,g=rx,o=rx file

chown: change file owner

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

语法：
    chown <选项> <参数>

选项：
    -c或--changes　　             # 效果类似“-v”参数，但仅回报更改的部分
    -f或--quite或--silent　　　　  # 不显示错误信息
    -h或--no-dereference　　      # 只对符号连接的文件作修改，而不更改其他任何相关文件
    -R或--recursive　　           # 递归处理，将指定目录下的所有文件及子目录一并处理
    -v或--version　　             # 显示指令执行过程
    --dereference                # 效果和“-h”参数相同
    --reference=<参考文件或目录>   # 把指定文件或目录的拥有者与所属群组全部设成和参考文件或目录的拥有者与所属群组相同

参数：
    用户:组　　　　                # 指定所有者和所属工作组。当省略“：组”，仅改变文件所有者
    文件　　                      # 指定要改变所有者和工作组的文件列表。支持多个文件和目标，支持shell通配符

实例：
    chown tom file               # 改变文件的所有者
    chmod tom:group file         # 改变用户的所有者和所有组

chgrp: change the group where the file is located

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

语法：
    chgrp <选项> <参数>

选项：
    -c或--changes　　            # 效果类似“-v”参数，但仅回报更改的部分
    -f或--quite或--silent        # 不显示错误信息
    -h或--no-dereference　　     # 只对符号连接的文件作修改，而不更改其他任何相关文件
    -R或--recursive　　          # 递归处理，将指定目录下的所有文件及子目录一并处理
    -v或--version　　            # 显示指令执行过程
    --reference=<参考文件或目录>  # 把指定文件或目录的拥有者与所属群组全部设成和参考文件或目录的拥有者与所属群组相同

参数：
    组　　                       # 指定新工作名称
    文件　　　　                  # 指定要改变所属组的文件列表。多个文件或者目录之间使用空格隔开

实例：
    chgrp group file　　         # 改变文件的所有组