Linux to change file permissions chmod command details

  • 2020-10-23 20:24:37
  • OfStack

preface

Linux's chmod command is used to change file permissions. There are three common permissions for files or directories, respectively:

[

r: Read;
w: Write;
x: Execute.

]

Today, I will introduce the meaning and usage of chmod command in detail

[

The chmod command changes file permissions

]

1. Symbol mode

Command format:

[

chmod [who] operator [permission] filename

]

who contains options and what they mean:

The u document is subject to sovereignty.

g is a group user.

o other user permissions.

a all users (file owners, group owners, and other users).

operator contains options and what they mean:

Increase permissions.

Cancel permissions.

Set permissions.

permission contains options and what they mean:

r read permissions.

w write permissions.

x execute permissions.

s files belong to the master and group ES80en-ES81en.

t viscous bit *.

l locks the file so that other users cannot access it.

u, g, o operations for file owners, group owners, and other users.

filename is the file name of the file you want to operate on.

* The "t" bit is sometimes encountered when listing files or directories. "t" represents the sticky bit. If the "t" bit appears in a directory, this means that files in that directory can only be deleted by their owner, even if a member of the genus group has the same rights as the owner. However, some systems are not strict on the 1 rule.

If you see "t" in the list of files, it means that the script or program will be placed in the swap (virtual memory) when executed.
A further explanation of the "t" permissions

1. t permission is sticky bit

Example: in TMP directory, anyone has access to read and write execution, but not anyone can delete the file with writable permissions inside it, of course not, this is the use of sticky bits, only the owner has the right to delete their own files, of course, ROOT exception

2. i is another permission for file security, that is, the permission that cannot be modified

chattr u+i aaa then the aaa file cannot be modified by anyone. If it is deleted, use ES126en-ES127en. a permissions are simply append permissions, which are useful for logging systems, and make destination files append, not delete, and not append through the editor. Method and i permission 1 sample addition

If you want to see if a file has this right, use lsattr filename

Example of changing permissions (temp is 1 file) :


chmod a-x temp //rw- rw- rw-  Revoke execute privileges for all users 
chmod og-w temp //rw- r-- r- -  Reclaim write permissions for group users and other users 
chmod g+w temp //rw- rw- r- -  Grant write permissions to group users 
chmod u+x temp //rwx rw- r- -  Give the file master execution permission 
chmod go+x temp //rwx rwx r- x  Grant execution privileges to group users and other users 

2. Absolute mode

The command format

[

chmod [mode] file

]

mode is one hexadecimal number, and each permission is represented by one hexadecimal number.

Such as:

[

0, 4, 0, 0 files are master readable
0 2 0 0 files belong to the master writable
0 1 0 0 files belong to master executable

0, 0, 4, 0 is readable by group users
0, 0, 2, 0 can be written by group users
0 0 1 0 group users can execute

0 0 0 4 other users can read
0 0 0 2 other users can write
0 0 0 1 other users can execute

]

When setting permissions, just check the number corresponding to the permissions of the file owner, owner group user and other users according to the above, and add them up, is the corresponding permission representation.

For example, the symbolic mode permission of the temp file is detected as:


-rwxr--r-- 1 wjr root 0 2008-09-21 16:40 temp

The preceding "-" indicates that the file is 1 generic file.

Then, the corresponding absolute mode permission conversion process is:


rwx : 0400 + 0200 +0100 ( The file belongs to the master to read, write, and execute ) = 0 7 0 0
r-- : 0 0 4 0 ( It is readable by group users ) = 0 0 4 0
r-- : 0 0 4 0 ( It is readable by group users ) = 0 0 4 0
0 7 4 4

Or you could do it like this:

The corresponding hexadecimal value is as follows. If there are corresponding permissions, the value is added; if there are no permissions, zero is recorded.

r w x: 4 + 2 + 1

Group user: r w x: 4 + 2 + 1

Other users: r w x: 4 + 2 + 1

The permissions of the temp file are:


r w x r - - r - -
4+2+1 4 4

Add the corresponding permission at the beginning of 1, it is 744

As you can see, the maximum maximum size that a file owner, owner group user, and other users can have is 7.

Commands to change permissions are as follows:


$chmod 744 temp
$ls -l temp

Results:


-rwxr--r-- 1 wjr root 0 2008-09-21 16:40 temp

Command:


$chmod 766 temp
$ls -l temp

Results:


-rwxrw-rw- 1 wjr root 0 2008-09-21 16:40 temp

You can also set it by using the -ES230en option along with file 1 under the subdirectory:


$chmod -R 664 /temp/*

In this way, all the files in/temp, together with the files in each subdirectory, can be set once to be read and written by the owner and the group users, and read only by other users.

Use the -ES237en option 1 carefully and only if you need to change all file permissions under the directory tree.

conclusion


Related articles: