mycpen

Mycpen

记录学习历程与受益知识
github
telegram
bilibili
HomeArchives

16_Linux Basics - File & Directory Permissions and Ownership

#Linux#权限20
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This article discusses the basics of Linux file and directory permissions and ownership. It covers the different access permissions (read, write, execute) and the different ownership categories (owner, group, others). It also provides examples of how to view file and directory permissions using the "ls" command. Additionally, it explains the different file types and permissions, including symbolic links. The article also briefly mentions socket files and the five major subsystems of the Linux kernel: file system, memory management, process communication, process scheduling, and network interface. Finally, it mentions the different methods of inter-process communication, such as pipes, signals, shared memory, socket, and message queues.

1. File/Directory Permissions#

File/Directory Permissions

Access Permissions

  • Readable(read):Allows viewing file contents, displaying directory lists r
  • Writable(write):Allows modifying file contents, allows creating, moving, or deleting files or subdirectories in the directory w
  • Executable(execute):Allows running programs, switching directories x

Ownership

  • File Owner(owner):The user account that owns the file or directory # Note: Owner
  • Group(group):The group account that owns the file or directory # Note: Group
  • Others(others)Other people besides the owner and group # Note: Others

Note: Distinction is made for files versus directories#

ls -al View detailed information about files or folders in the current directory, including file permissions
ls -ld View the current directory

Example 1: Check file permissions ls -al
# Note: The third column is the owner, the fourth column is the group
---------------------------------------------------------------------------------------------------------------------------------
[root@sanchuang-linux ~]# ls -al				# Note: Check file permissions
Total usage 668
-rw-r--r--.  1 root root    211 Sep  18 10:31 '!'
dr-xr-x---. 21 root root  12288 Nov  6 15:16  .
[root@sanchuang-linux ~]# ls -al zuoye.sh 		# Note: Check permissions of a single file
-rw-r--r--. 1 root root 1212 Oct 29 20:20 zuoye.sh
[root@sanchuang-linux ~]# ls -al /home			# Note: Check permissions of all files in the /home directory
Total usage 18348
drwxr-xr-x. 43 root         root            4096 Nov  6 15:36 .
dr-xr-xr-x. 38 root         root            4096 Nov  5 15:12 ..
[root@sanchuang-linux ~]# ls -al *.sh			# Note: Check file permissions
-rw-r--r--. 1 root root    0 Sep  25 09:35 backup_log.sh
-rw-r--r--. 1 root root   41 Oct  28 20:27 file_test.sh

Example 2: Check directory permissions ls -ld /home
--------------------------------------------------------------------------------------------
[root@sanchuang-linux ~]# ls -ld /home			# Note: Check permissions of the /home directory
drwxr-xr-x. 43 root root 4096 Nov  6 15:36 /home

2. File/Directory Permissions#

[root@localhost ~]# ls -ld first.py 
-rw-r--r--. 1 root root 1097 Oct 13 10:20 first.py
File Type Access Permissions Owner Group

image-20220816204743513

Example: drwxr-xr-x
--------------------------------------------------------------------------------------------
The first column: indicates file type and permissions
	The first character
        -	Regular file file
        d	Indicates directory
        s	Indicates socket file			# Note: socket is a method of communication between processes.
        p	Pipe file
        c	Character device file	tty
        b	Block device file	 Disk	# Note: Block device files related to hardware are generally placed under /dev
        l	Link file				# Note: There are many link files under /usr/bin/

  #Permissions r Readable  w Writable  x Executable
  ·The 2nd to 4th characters
  	  Indicate owner permissions
  ·The 5th to 7th characters
  	  Indicate group permissions
  ·The last three
	  Indicate others' permissions
--------------------------------------------------------------------------------------------
All commands entered are searched in the PATH environment variable

Create a link file
# Note: ln -s source_file target_file		symbolic adj. Symbolic; using symbols
[root@sanchuang-linux bin]# ln -s python3.6 python			# Note: -s creates a soft link
[root@sanchuang-linux bin]# ln -s python3.6 /root/python	# Note: A link file can be created at an absolute path
# Note: The link file /root/python is placed in the /root directory
which checks the absolute path of a command
[root@sanchuang-linux bin]# which mkdir
/usr/bin/mkdir
[root@sanchuang-linux bin]# mv /usr/bin/mkdir /usr/bin/mkdirbak	# Note: After renaming, the command cannot be found
[root@sanchuang-linux bin]# mkdir
-bash: mkdir: command not found
[root@sanchuang-linux bin]# mkdirbak /tmp/mkdir
[root@sanchuang-linux bin]# mv /usr/bin/mkdirbak /usr/bin/mkdir	# Note: Rename back

There are many link files under /usr/bin/
[root@sanchuang-linux tmp]# cd /usr/bin/						# Note: There are many link files under /usr/bin/
[root@sanchuang-linux bin]# ls -al python2						# Note: Link file
lrwxrwxrwx. 1 root root 9 Jun   5 11:38 python2 -> python2.7
[root@sanchuang-linux bin]# ls -al python3						# Note: Link file
lrwxrwxrwx. 1 root root 25 Sep  18 15:47 python3 -> /etc/alternatives/python3

3. Socket#

Note: A socket is a method of communication between processes, usually used for communication between different processes on different hosts (network programming)#

The ftp service has vsftpd, which opens port 21 when the vsftpd server is running. To connect to this service, the ftp client needs to open a random port to connect to port 21 for network transmission. A specific protocol is specified through the network for the connection.

Starting a vsftpd will create a socket file.

Generally, an open port will have a socket file.

[root@localhost mail]# cd /data/mysql
[root@localhost mysql]# ls -al
srwxrwxrwx  1 mysql mysql        0 Oct  7 12:04 mysql.sock		# Note: s socket file (pink)

4. Five Major Subsystems of the Linux Kernel#

Five Major Subsystems of the Linux Kernel:

    1. File System
    1. Memory Management
    1. Process Communication
    1. Process Scheduling
    1. Network Interface

5. Processes#

A process is the basic unit of resource allocation in the system, and resources are isolated between different processes.

Inter-process communication (5 common types):

  1. Pipe
  2. Signal (kill -9)
  3. Shared Memory
  4. Socket
  5. Message Queue
Example 1: Pipe				# Note: A pipe is a method of communication between processes
Example
[root@sanchuang-linux ~]# cat /etc/passwd |grep sanchuang	# Note: Pass the output of the previous process to the input of the next process through a pipe
sanchuang:x:1005:1005::/home/sanchuang:/bin/bash
# Note: Suitable for different processes on the same host
--------------------------------------------------------------------------------------------
Example 2: Signal				
Example: kill -9 pid
[root@sanchuang-linux ~]# kill -l
 1) SIGHUP	 2) SIGINT	 3) SIGQUIT	 4) SIGILL	 5) SIGTRAP
 6) SIGABRT	 7) SIGBUS	 8) SIGFPE	 9) SIGKILL	10) SIGUSR1………………
[root@sanchuang-linux ~]# ps -ef |grep nginx
root        5868    5691  0 16:29 pts/0    00:00:00 grep --color=auto nginx
[root@sanchuang-linux ~]# kill -9 2868					# Note: Send signal 9 to process 1209
--------------------------------------------------------------------------------------------
Example 3: Shared Memory
# Note: A new memory space is created between A and B, which can be accessed together
# Note: Suitable for different processes on the same host
--------------------------------------------------------------------------------------------
Example 4: Socket
# Note: Used for network communication between different processes on different hosts
--------------------------------------------------------------------------------------------
Example 5: Message Queue
# Note: Similar to a queue of 1,2,3,4,5,6
# Note: In the shared memory space of A and B, A produces and B retrieves. A produces 1, B takes it out, 1 goes out from A

6. Under the Root Directory#

/etc Stores configuration files
/dev Stores device files # Note: Hardware-related Disk, Network Card, Socket
/root # Note: root user's home directory
/home # Note: Stores ordinary users' home directory files

[root@sanchuang-linux ~]# cd /dev
[root@sanchuang-linux dev]# ls -al
crw-rw-rw-   1 root tty       5,   0 Nov  6 11:32 tty		# Note: Character device file	tty
crw--w----   1 root tty       4,   0 Nov  5 15:12 tty0
crw--w----   1 root tty       4,   1 Nov  6 14:28 tty1
brw-rw----   1 root disk      8,   0 Nov  5 15:12 sda		# Note: Block device file	 Disk

7. Executable Permissions#

The second to tenth characters of the first column
  #Permissions r Readable  w Writable  x Executable
  The 2nd to 4th characters
  	  Indicate owner permissions
  The 5th to 7th characters
  	  Indicate group permissions
  The last three
	  Indicate others' permissions

Example
--------------------------------------------------------------------------------------------
[root@sanchuang-linux ~]# ls -al men_test.sh 
-rw-r--r--. 1 root root 0 Oct 30 16:26 men_test.sh
[root@sanchuang-linux ~]# bash men_test.sh 	# Note: Use bash interpreter to execute (creates a new bash)
[root@sanchuang-linux ~]# sh men_test.sh 	# Note: Use sh interpreter to execute (creates a new sh)
[root@sanchuang-linux ~]# . men_test.sh		# Note: Use the current bash to execute, will inherit the current environment variables
# Note: Equivalent to current bash, current environment
[root@sanchuang-linux ~]# ./men_test.sh 	# Note: Not enough permissions, lacks executable permissions
-bash: ./men_test.sh: Permission denied				 # Note: Files with executable permissions can be executed directly with ./men_test.sh

8. Shell File Execution Methods#

Shell file execution methods (3 types)

Note: There is no requirement for executable file suffixes in shell; it does not have to end with .sh#

[root@sanchuang-linux ~]# vim test_aa.sh
echo "testaa..."
echo $a
echo $b
[root@sanchuang-linux ~]# a=1
[root@sanchuang-linux ~]# b=2
[root@sanchuang-linux ~]# . test_aa.sh 	# Note: Use the current bash to execute test_aa.sh, will inherit the current shell's environment variables
testaa...								# Note: Using . will inherit all variables in the current bash
1
2
[root@sanchuang-linux ~]# bash test_aa.sh 	# Note: Creates a new bash environment to execute commands
testaa...									# Note: The new bash environment does not have defined variables a, b
											# Note: Does not output parent bash's a, b
											# Note: Does not retrieve a, b
[root@sanchuang-linux ~]# sh test_aa.sh 		# Note: Creates a new sh environment to execute commands
testaa...
											# Note: No output

[root@sanchuang-linux ~]# ./test_aa.sh 		# Note: Execute the file itself, check if the file itself has execution permissions
-bash: ./test_aa.sh: Permission denied				 # Note: Directly executing this file in the current directory requires executable permissions
# Note: Other methods do not necessarily require executable permissions

Summary
. test_aa.sh			No executable permissions required	Executed in the current bash process
bash test_aa.sh			No executable permissions required	New bash process runs
sh test_aa.sh			No executable permissions required	New bash process runs
./test_aa.sh			Requires executable permissions	New bash process runs

9. chmod Command#

chmod Command # Note: Modify file access permissions

Format 1: chmod [ugoa] [+-=] [rwx] file or directory...

  • u, g, o, a represent
    u owner, g group, o other users, a all users

  • +,-,= represent
    + add, - remove, = set permissions

  • rwx
    Corresponding permission characters

Common command options

  • -R: Recursively modify permissions of all files and subdirectories in the specified directory
Example
--------------------------------------------------------------------------------------------
[root@sanchuang-linux ~]# chmod u+x men_test.sh 		# Note: Add executable permission for the owner
[root@sanchuang-linux ~]# ls -al men_test.sh 
-rwxr--r--. 1 root root 0 Oct 30 16:26 men_test.sh		# Note: Executable files are all green
# Note: Executable files are all green
# Note: Socket files are all pink
[root@sanchuang-linux ~]# ./men_test.sh 				# Note: Can be executed directly now
--------------------------------------------------------------------------------------------
[root@sanchuang-linux lianxi]# chmod a-x sc -R		# Note: -R recursively removes executable permissions from the directory and all its subfiles
[root@sanchuang-linux lianxi]# chmod a+x sc -R		# Note: Adds executable permissions for all users
============================================================================================
# Note: Only the root user can use the root directory
[root@sanchuang-linux ~]# ls -ld /
dr-xr-xr-x. 38 root root 4096 Nov  5 15:12 /
============================================================================================
[root@mysql-binary ~]# chmod u+x group_member.sh 
[root@mysql-binary ~]# ./group_member.sh sanchuang5		# Note: After adding executable permissions, can run with ./
sanchuang5,sanchuang11,sanchuang13,sanchuang10,sanchuang12

10. chmod Command#

chmod Command # Note: Modify file access permissions

Format 2: chmod nnn file or directory... # Note: nnn represents a 3-digit octal number

Permission Item Read Write Execute Read Write Execute Read Write Execute

Character Representation r w x r w x r w x

Numeric Representation 4 2 1 4 2 1 4 2 1

Permission Allocation File Owner File Group Other Users

image-20220816210259355

Common command options

  • -R: Recursively modify permissions of all files and subdirectories in the specified directory

Note: The root user can generally use it regardless of permissions#

Example
--------------------------------------------------------------------------------------------
[root@sanchuang-linux ~]# chmod 777 sc 				# Note: All have read, write, and execute permissions
[root@sanchuang-linux ~]# chmod 700 sc 				# Note: Owner has read, write, and execute permissions
--------------------------------------------------------------------------------------------
[root@sanchuang-linux home]# ls -ld sanchuang		# Note: Check directory permissions ls -ld
drwx------. 4 sanchuang sanchuang 122 Nov  6 17:10 sanchuang
[root@sanchuang-linux home]# chmod 777 /home/sanchuang		# Note: All have read, write, and execute permissions
[root@sanchuang-linux home]# ls -ld sanchuang
drwxrwxrwx. 4 sanchuang sanchuang 122 Nov  6 17:10 sanchuang
[root@sanchuang-linux home]# chmod 777 /home/sanchuang -R	# Note: -R: Recursively modify permissions of all files and subdirectories in the specified directory
[root@sanchuang-linux home]# ls -ld sanchuang
drwxrwxrwx. 4 sanchuang sanchuang 122 Nov  6 17:10 sanchuang
# Note: Granting read, write, and execute permissions to all objects in a user's home directory (e.g., /home/sanchuang) will prevent ordinary user sanchuang from logging in remotely.

Example: The root user can generally use it regardless of permissions
[root@sanchuang-linux ~]# ls -ld /etc/shadow
---------- 1 root root 4201 Nov  7 12:04 /etc/shadow
[root@sanchuang-linux ~]# vim /etc/shadow

11. Generally, ordinary users can only create files or folders in their home directory or the /tmp directory#

Generally, ordinary users can only create files or folders in their home directory or the /tmp directory.

Note: The /tmp directory is a temporary directory, generally used to store temporary items (e.g., some records needed during program execution, which are deleted after the program ends)#

[root@sanchuang-linux ~]# su - sanchuang
Last login: Fri Nov  6 17:09:41 CST 2020 pts/2
[sanchuang@sanchuang-linux ~]$ ls -ld /
dr-xr-xr-x. 38 root root 4096 Nov  5 15:12 /
[sanchuang@sanchuang-linux ~]$ ls -ld /etc
drwxr-xr-x. 90 root root 8192 Nov  7 15:00 /etc
[sanchuang@sanchuang-linux ~]$ ls -ld ./				# Note: Create files or folders in the home directory
drwxrwxrwx. 4 sanchuang sanchuang 122 Nov  6 17:10 ./
[sanchuang@sanchuang-linux ~]$ ls -ld /tmp				# Note: Create files or folders in the /tmp directory
drwxrwxrwt. 12 root root 264 Nov  7 10:36 /tmp

# Note: chmod can only modify permissions when you are the owner

12. chmod#

chmod # Note: Modify file ownership permissions

Using chmod, you must be the owner of the file to change its read, write, and execute permissions (except for root)

[root@sanchuang-linux chenpeng]# su - sanchuang11		# Note: Adding - will automatically go to the home directory
Last login: Sat Nov  7 15:10:51 CST 2020 pts/0
[sanchuang11@sanchuang-linux ~]$ exit
Logout
[root@sanchuang-linux chenpeng]# su sanchuang11			# Note: Not adding - will stay in the current path
[sanchuang11@sanchuang-linux chenpeng]$
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.