Modify linux file permissions command: chmod command details

  • 2020-05-14 05:50:35
  • OfStack

Each file and directory on the Linux system has access permissions, which are used to determine who can access and manipulate the files and directories in what ways.

Access to files or directories is classified as read-only, write-only, and executable. In the case of a file, read-only permissions mean that only its contents are allowed to be read and no changes are allowed to be made to it. Executable permissions allow the file to be executed as a program. When a file is created, the file owner automatically has read, write, and executable rights to the file for easy reading and modification. Users can also set access to any combination as needed.

There are three different types of users who can access a file or directory: the file owner, the same group of users, and other users. Owner 1 is usually the creator of the file. The owner can grant the same group of users access to the file, and can also grant access to other users in the system. In this case, every user on the system has access to a file or directory owned by that user.

There are three groups of access permissions for each file or directory. Each group is represented by three bits, which are respectively the read, write and execute permissions of the file belonging to the master. Read, write, and execute permissions for users in the master group; Read, write, and execute permissions for other users in the system. When the file or directory details are displayed with the ls-l command, the leftmost 1 lists access to the file. Such as:

$ ls -l sobsrc. tgz

-rw-r--r-- 1 root root 483997 Ju1 l5 17:3l sobsrc. tgz

The horizontal line represents empty permission. r stands for read-only, w for write, and x for executable. Notice there are 10 positions here. The first character specifies the file type. In a general sense, a directory is also a file. If the first character is a line, it is a non-directory file. If it's d, it's 1 directory.

Such as:

- rw- r-- r--

Normal file file main group user other users

Is the access right of the file sobsrc.tgz, indicating that sobsrc.tgz is a common file; The owner of sobsrc.tgz has access to read and write; Users belonging to the master group of sobsrc.tgz have read permissions only; Other users also have read access only.

After determining the access rights for a file, users can use the chmod command provided by the Linux system to reset different access rights. You can also use the chown command to change the owner of a file or directory. Use the chgrp command to change the user group of a file or directory.

These commands are described below.

chmod command

The chmod command is very important and is used to change access to a file or directory. Users use it to control access to files or directories.

This command has two USES. One is the text setting method containing letters and operator expressions; The other is a number setting method that includes Numbers.

1. Text setting method

chmod [who] [+ |-| =] [mode] file name ¼

The meanings of the options in the command are:

The action object who is any one of the following letters or a combination of them:

u stands for "user (user)", the owner of a file or directory. g stands for "same group (group) users", that is, all users who have the same group of ID as the file owner. o stands for "other (others) users". a stands for "all (all) users". It is the system default.

The operation symbol can be:

+ add a permission. - cancels a permission. = give a given permission and cancel all other permissions, if any.

Set the permissions represented by mode to any combination of the following letters:

r readable. w writable. x is executable. X appends the x attribute only if the target file is executable for some users or if the target file is a directory. s sets the process's owner or group ID to the file owner of the file when the file is executed. Mode "u+s" to set the user ID bit of the file, "g+s" to set the group ID bit. t saves the text of the program to the switching device. u has the same permissions as the file owner. g has one of the same permissions as users who belong to the same group as the file. o has one of the same permissions as other users.

File name: a list of files separated by Spaces to change permissions. Wildcards are supported.

Multiple permission modes can be given on a single command line, separated by commas. For example: chmod g+r, o+r example

Enables the same group and other users to have read access to the file example.

2. Number setting method

We must first understand what a numeric attribute means: 0 for no permissions, 1 for executable permissions, 2 for writable permissions, 4 for readable permissions, and then add them up. So the format of the numeric attributes should be three hexadecimal Numbers from 0 to 7, in the order (u) (g) (o).

For example, if you want the owner of a file to have two read/write permissions, you need to make 4 (readable) +2 (writable) = 6 (read/write).

The general form of the number setting method is:

chmod [mode] file name ¼


(1) text setting method:

Case 1:

$ chmod a+x sort

That is, set the attributes of file sort as follows:

File owner (u) adds execution permissions

Adds execution permissions to the same group of users as the file (g)

Other users (o) add execution permissions

Example 2:

$ chmod ug+w . o-x text

That is, set the property of file text as:

File owner (u) adds write permissions

Adds write permissions to the same group of users (g) as the file belongs to

Other users (o) delete execute permissions

Example 3:

$ chmod u+s a.out

Assume that the permission of a.out after the execution of chmod is (can be seen with the ls, l a.out command) :

 � rws--x--x 1 inin users 7192 Nov 4 14:22 a.out

And this executable file will use a text file shiyan1.c, whose file access permission is "copy 172en --", which means that only the owner of the file has read and write access.

When another user executes a.out, his identity is temporarily changed to inin because of the s option used in the chmod command, so he can read the shiyan1.c file (although it is set to no one else has any permissions), which is what s does.

Therefore, in the whole system, root itself in particular, it is better not to set up too many such files (unless necessary) so as to guarantee the security of the system and avoid the system being invaded because of the bug of some programs.

Example 4:

$ chmod a � x mm.txt

$ chmod  � x mm.txt

$ chmod ugo � x mm.txt

These three commands all delete the execution permission of the file mm.txt, which sets the object for all consumers.

(2) number setting method:

Case 1:

$ chmod 644 mm.txt

$ ls  � l

That is, set the property of file mm.txt as follows:

-rw-r--r-- 1 inin users 1155 Nov 5 11:22 mm.txt

File owner (u) inin has read and write permissions

Users belonging to the same group as the file (g) have read rights

Others (o) have read rights

Example 2:

$ chmod 750 wch.txt

$ ls  � l

-rwxr-x--- 1 inin users 44137 Nov 12 9:22 wchtxt

That is, set the property of wchtxt as:

Document owner himself (u) inin readable/writable/actionable

File owner with group (g) readable/executable rights

Others (o) do not have any permissions

chgrp command

Function: change the group to which a file or directory belongs.

Grammar: chgrp [option] group filename¼

This command changes the user group to which the specified file belongs. Where group can be either the user group ID or the group name of the user group in the /etc/group file. Filenames are whitespace separated lists of files to change groups. Wildcards are supported. If the user is not the owner or superuser of the file, the group of the file cannot be changed.

The options of this command mean:

-R recursively changes the generic group of the specified directory and all subdirectories and files under it.

Case 1:

- rw- r-- r--

Change the generic group of all files in /opt/local /book/ and its subdirectories to book.

chown command

Function: change the owner and group of a file or directory. This command is also commonly used. For example, root users copy one of their own files to user xu. In order for user xu to access this file, root users should set the owner of this file to xu. Otherwise, user xu cannot access this file.

Syntax: chown [options] user or group file

Note: chown changes the owner of the specified file to the specified user or group. The user can be a username or user ID. A group can be a group name or group ID. The file is a whitespace separated list of files to change permissions. Wildcards are supported.

The options of this command have the following meanings:

-R recursively changes the owner of the specified directory and all subdirectories and files under it.

-v shows what the chown command does.

Example 1: change the owner of file shiyan.c to wang.

- rw- r-- r--

Example 2: change the owner of the directory /his and all the files and subdirectories under it to wang, and the parent group to users.

- rw- r-- r--

Related articles: