Detailed Explanation of Privilege Management Command in linux of chmod and chown and chgrp and unmask
- 2021-07-24 12:06:47
- OfStack
Linux operating system is very cumbersome to manage multiple users, so it becomes simple to manage users with the concept of group. Each user can be in an independent group, and each group can also have zero users or multiple users. This article gives you a detailed explanation of the rights management commands in linux (chmod/chown/chgrp/unmask), which is as follows:
chmod
Explanation
Command name: chmod command English original meaning: change the permissions mode of a file command path:/bin/chmod execution permission: All user function description: Change file or directory permission
Grammar
chmod [{ugoa}{+-=}{rwx}] [ Files or directories ]
chmod [mode=421] [ Files or directories ]
-R Recursive modification
# No. 1 1 Kinds of modification methods chmod [{ugoa}{+-=}{rwx}] [ Files or directories ]
ugoa:
u: Owner
g: Group to which
o: Others
a: All people
+-=:
+: Add a permission to a file or directory
-: Reduce a permission for a file or directory
=: Give new permissions to files or directories , Subject to the permissions at this time
# No. 1 2 Kinds of modification methods chmod [mode=421] [ Files or directories ]
rwx:
r:4
w:2
x:1
rwxrw-r--
Authority :764(4+2+1=7/4+2=6/4)
Example
# No. 1 1 Increase permissions
chmod g+x test.txt
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# ls -l test.txt
-rw-r--r-- 1 root root 11 Nov 28 15:39 test.txt
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# chmod g+x test.txt
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# ls -l test.txt
-rw-r-xr-- 1 root root 11 Nov 28 15:39 test.txt
# No. 1 2 Increase permissions
chmod 777 test.txt
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# ls -l test.txt
-rw-r-xr-- 1 root root 11 Nov 28 15:39 test.txt
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# chmod 777 test.txt
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# ls -l test.txt
-rwxrwxrwx 1 root root 11 Nov 28 15:39 test.txt
Special attention to authority
# In /tmp Create a new folder under test
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# mkdir test
# In /tmp/test New under folder test.txt
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# touch test/test.txt
# View test Files under files
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# ls -l test
total 0
-rw-r--r-- 1 root root 0 Nov 28 17:54 test.txt
# View /tmp/test Permissions for folders
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# ls -ld test
drwxr-xr-x 2 root root 4096 Nov 28 17:54 test
# Endowed with /tmp/test All permissions of the folder
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# chmod 777 test
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# ls -ld test
drwxrwxrwx 2 root root 4096 Nov 28 17:54 test
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# ls -l test/test.txt
-rw-r--r-- 1 root root 0 Nov 28 17:54 test/test.txt
# New additions 1 Ordinary users and change passwords
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# useradd eternity
[root@izm5e2q95pbpe1hh0kkwoiz tmp]# passwd eternity
# Use eternity Account number , Password 123456, Login server
# View the current directory
[eternity@izm5e2q95pbpe1hh0kkwoiz ~]$ pwd
/home/eternity
# Enter /tmp Directory
[eternity@izm5e2q95pbpe1hh0kkwoiz ~]$ cd /tmp
# View /tmp/test Permissions for the directory , Have full permissions
[eternity@izm5e2q95pbpe1hh0kkwoiz tmp]$ ls -ld test
drwxrwxrwx 2 root root 4096 Nov 28 17:54 test
# /tmp/test Existence under the directory test.txt, Have read permission
[eternity@izm5e2q95pbpe1hh0kkwoiz tmp]$ ls -l test/test.txt
-rw-r--r-- 1 root root 0 Nov 28 17:54 test/test.txt
# Delete /tmp/test Under test.txt Documents
[eternity@izm5e2q95pbpe1hh0kkwoiz tmp]$ rm test/test.txt
rm: remove write-protected regular empty file ' test/test.txt'? y
# Delete succeeded , At this time /tmp/test Directory test.txt It's gone
[eternity@izm5e2q95pbpe1hh0kkwoiz tmp]$ ls -l test/test.txt
ls: cannot access test/test.txt: No such file or directoryOnly administrators have rw read and write permissions, and their groups and others only have read permissions, but ordinary users delete files with r read permissions at this time. Why? ? ? ? Summary of file directory permissions
| 代表字符 | 权限 | 对文件的含义 | 对目录的含义 |
|---|---|---|---|
| r | 读权限 | 可以查看文件内容 | 可以列出目录中的内容 |
| w | 写权限 | 可以修改文件内容 | 可以在目录中创建和删除文件 |
| x | 执行权限 | 可以执行文件 | 可以进入目录 |
Analysis
Write permission to a file only means that you can modify the contents of the file, but you have no permission to delete the file
Write permissions for directories, where files can be created and deleted
Because the permissions of the/tmp/test directory above are 777, ordinary users also have the permissions to create and delete files for the/tmp/test directory. Therefore, ordinary users can also delete the/tmp/test/test. txt files, but ordinary users cannot edit the/tmp/test/test. txt files. When using vim to edit files, Waring will be prompted: Changing a readonly file
chown
Explanation
Command name: chown command English original meaning: change file ownership command path:/bin/chown execution authority: All user function description: Change the owner of a file or directory
Grammar
chown [User] [File or Directory]
In linux, only root can change the file owner, not even the creator
Example
# Change the file owner ( Will test.txt The owner of the eternity Change to root)
chown root /tmp/test/test.txt
[root@izm5e2q95pbpe1hh0kkwoiz ~]# pwd
/root
[root@izm5e2q95pbpe1hh0kkwoiz ~]# ls -l /tmp/test/test.txt
-rw-r--r-- 1 eternity eternity 7 Nov 28 18:15 /tmp/test/test.txt
[root@izm5e2q95pbpe1hh0kkwoiz ~]# chown root /tmp/test/test.txt
[root@izm5e2q95pbpe1hh0kkwoiz ~]# ls -l /tmp/test/test.txt
-rw-r--r-- 1 root eternity 7 Nov 28 18:15 /tmp/test/test.txt
chgrp
Explanation
Command name :chgrp
English original meaning of command :change file group ownership
The path where the command is located :/bin/chgrp
Execution authority : All users
Functional description : Change the group to which a file or directory belongs Grammar
chgrp [User Group] [File or Directory]
Example
# Change the group to which the file belongs ( Will test.txt The group that belongs to is defined by the eternity Change to eternityz)
chgrp eternityz /tmp/test/test.txt
# Current directory
[root@izm5e2q95pbpe1hh0kkwoiz ~]# pwd
/root
# View Details
[root@izm5e2q95pbpe1hh0kkwoiz ~]# ls -l /tmp/test/test.txt
-rw-r--r-- 1 root eternity 7 Nov 28 18:15 /tmp/test/test.txt
# Increase eternityz Group
[root@izm5e2q95pbpe1hh0kkwoiz ~]# groupadd eternityz
# Change belonging group
[root@izm5e2q95pbpe1hh0kkwoiz ~]# chgrp eternityz /tmp/test/test.txt
[root@izm5e2q95pbpe1hh0kkwoiz ~]# ls -l /tmp/test/test.txt
-rw-r--r-- 1 root eternityz 7 Nov 28 18:15 /tmp/test/test.txt
umask
Explanation
Command Name: umask Command English Original the user file-creation mask Command Path: shell Built-in Command Execution Permission: All User Function Description: Display/Set Default Permission of File
Grammar
umask [-S]-S Shows default permissions for new files as rwx (S in upper case)
Example
# View default permissions for files
umask -S
# View umask
umask
[root@izm5e2q95pbpe1hh0kkwoiz ~]# umask
0022
0022 Medium
0 Special authority
022 ----w--w-
# Through all permissions 777 And 022 Permission to perform XOR operation , Get the default permissions
777 rwx rwx rwx
022 --- -w- -w-
================
Directory rwx r-x r-x
Documents rwx r-- r--
# Change umask Value , And then change the default permissions
umask 077
# Change umask Value after , The default permission becomes
777 rwx rwx rwx
077 --- rwx rwx
================
Directory rwx --- ---
Documents rw- --- ---
# The following experiments match the settings for changing default permissions
[root@izm5e2q95pbpe1hh0kkwoiz ~]# umask 077
[root@izm5e2q95pbpe1hh0kkwoiz ~]# mkdir /tmp/lyf
[root@izm5e2q95pbpe1hh0kkwoiz ~]# ls -ld /tmp/lyf
drwx------ 2 root root 4096 Nov 29 10:55 /tmp/lyf
[root@izm5e2q95pbpe1hh0kkwoiz ~]# touch /tmp/lyf/lyf
[root@izm5e2q95pbpe1hh0kkwoiz ~]# ls -l /tmp/lyf/lyf
-rw------- 1 root root 0 Nov 29 10:56 /tmp/lyf/lyfIn linux, only root can change the file owner, even the creator can not be the default owner of the file. At this time, the default group is also the default permission of the folder in linux. When rwxr-xr-x, the default permission of the file is rw-r-r, the newly created file does not have executable permission