权限对象:
属主: u
属组: g
其他人: o
基本权限类型:
读:r 4
写:w 2
执行: x 1
rwx rw- r-- alice hr file1.txt
属主(所有者)权限 属组权限 其他人权限 属主 属组 文件名
一 alice对file1.txt文件有什么权限?
a. alice是所有者吗? 是,rwx
二 jack对file1.txt文件有什么权限? 前提:jack属于hr组
a. jack是所有者吗?
b. jack属于hr组吗? 是,rw
三 tom对file1.txt文件有什么权限?
a. tom是所有者吗?
b. tom属于hr组吗?
c. tom为其他人 r
1.1.设置权限
更改文件的属主(所有者)、属组 (所属组)
chown:
[root@fanhua ~]# chown alice.hr file1 //改属主、属组
[root@fanhua ~]# chown alice:hr file1 //改属主、属组
[root@fanhua ~]# chown alice file1 //只改属主
[root@fanhua ~]# chown .hr file1 //只改属组
[root@fanhua ~]# chown -R zhouchen.hr dir1 //递归修改 dir是目录 包括目录下文件user和group
chgrp:
[root@fanhua ~]# chgrp it file1 //改文件属组
[root@fanhua ~]# chgrp -R it dir1 //改目录属组 (-R包含目录下内容)
1.2.更改权限
a. 使用符号
对象 赋值符 权限类型
u + r
chmod g - w file1
o = x
all
[root@fanhua ~]# chmod u+x file1 //属主增加执行权限
[root@fanhua ~]# chmod g+x file1 //属组增加执行权限
[root@fanhua ~]# chmod u+x,g+x
======================================================================================
[root@fanhua ~]# chmod u-x file1
[root@fanhua ~]# chmod g-x file1
[root@fanhua ~]# chmod u-x,g-x file1
=======================================================================================
[root@fanhua ~]# chmod a=rwx file1 //所有人等于读写执行权限
[root@fanhua ~]# chmod a=- file1 //所有人没有权限
[root@fanhua ~]# chmod ug=rw,o=r file1 //属主属组等于读写,其他人只读
[root@fanhua ~]# ll file1 //以长模式方式查看文件权限
-rw-rw-r-- 1 alice it 17 10-25 16:45 file1 //显示的结果
b.使用数字
[root@fanhua ~]# chmod 644 file1
[root@fanhua ~]# ll file1
-rw-r--r-- 1 alice it 17 10-25 16:45 file11
2 .权限案例 UGO
======================================================
2.1.设置权限案例
针对hr部门的访问目录/home/hr设置权限,要求如下:
-
root用户和hr组的员工可以读、写、执行
-
其他用户没有任何权限
<pre spellcheck="false" class="md-fences mock-cm md-end-block" lang="shell" cid="n36" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: pre-wrap; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">[root@fanhua ~]# groupadd hr //创建一个用户组
[root@fanhua ~]# useradd ehome01 -G hr //创建hr01用户添加到hr组里
[root@fanhua ~]# useradd ehome02 -G hr //创建hr02用户添加到hr组里
[root@fanhua ~]# mkdir /home/hr //在/home创建一个hr目录
[root@fanhua ~]# chgrp hr /home/hr //将/home/hr目录的所属组设置为hr
[root@fanhua ~]# chmod 770 /home/hr //将/home/hr目录的权限设置为770
[root@fanhua ~]# ll -d /home/hr/ //查看/home/hr目录本身的权限
drwxrwx---. 2 root hr 4096 3月 13 14:26 /home/hr/
=======================================================================================
测试其他人权限
[root@fanhua home]# su - user05
Last login: Wed Dec 25 14:28:08 CST 2019 on pts/0
[user05@fanhua ~]$ cd /home/hr/
-bash: cd: /home/hr/: Permission denied
========================================================================================
测试所属组用户权限
[root@fanhua home]# su - ehome01
Last login: Wed Dec 25 19:31:06 CST 2019 on pts/0
[ehome01@fanhua ~]$ cd /home/hr/
[ehome01@fanhua hr]$ touch a.txt
[ehome01@fanhua hr]$ ls
a.txt
[ehome01@fanhua hr]$ rm -rf a.txt
</pre>
2.2.rwx对文件的影响
实战案例1:rwx对文件的影响
<pre spellcheck="false" class="md-fences mock-cm md-end-block" lang="shell" cid="n41" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: pre-wrap; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">date 查看日期时间
[root@fanhua ~]# vim /home/file1
date
[root@fanhua ~]# ll /home/file1
-rw-r--r-- 1 root root 5 7月 26 14:43 /home/file1
[root@fanhua ~]# su - alice
[alice@fanhua ~]$ cat /home/file1 //测试读
date
============================================================================
没加执行权限之前
[alice@fanhua ~]$ /home/file1 //测试执行
-bash: /home/file1: Permission denied
[root@fanhua ~]# chmod o+x /home/file1
加执行权限之后
[alice@fanhua ~]$ /home/file1
Wed Dec 25 19:58:19 CST 201
</pre>
<pre spellcheck="false" class="md-fences md-end-block ty-contain-cm modeLoaded" lang="shell" cid="n42" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">=============================================================================
[root@fanhua ~]# su - user09
Last login: Wed Dec 25 19:55:52 CST 2019 on pts/0
[user09@fanhua ~]$ vim /home/file1 </pre>
[root@fanhua ~]# chmod o+w /home/file1
[alice@fanhua ~]$ vim /home/file1 //测试写
date
ls
:wq保存并退出成功。
2.3.rwx对目录的影响
实战案例2:对目录没有w,对文件有rwx
[root@fanhua ~]# mkdir /dir10
[root@fanhua ~]# touch /dir10/file1
[root@fanhua ~]# chmod 777 /dir10/file1
[root@fanhua ~]# ll -d /dir10/
drwxr-xr-x. 2 root root 4096 3月 11 18:37 /dir10/
[root@fanhua ~]# ll /dir10/file1
-rwxrwxrwx. 1 root root 0 3月 11 18:37 /dir10/file1
[root@fanhua ~]# vim /dir10/file1
jack
[root@fanhua ~]# su - alice
[alice@fanhua ~]$ cat /dir10/file1
jack
[alice@fanhua ~]$ rm -rf /dir10/file1
rm: cannot remove ‘/dir10/file1’: Permission denied //权限不够
[alice@fanhua ~]$ touch /dir10/file2
touch: cannot touch ‘dir10/file2’: Permission denied //权限不够
实战案例3:对目录有w,对文件没有任何权限
[root@fanhua ~]# chmod 777 /dir10/
[root@fanhua ~]# chmod 000 /dir10/file1
[root@fanhua ~]# ll -d /dir10/
drwxrwxrwx. 2 root root 4096 3月 11 18:37 /dir10/
[root@fanhua ~]# ll /dir10/file1
----------. 1 root root 0 3月 11 18:37 /dir10/file1
[root@fanhua ~]# su - alice //切换到alice用户
[alice@fanhua ~]$ cat /dir10/file1
不能查看,权限不够
[alice@fanhua ~]$ rm -rf /dir10/file1 //可以删除
[alice@fanhua ~]$ touch /dir10/file2 //可以创建
小结:
对目录有w权限,可以在目录中创建新文件,可以删除目录中的文件(跟文件权限无关)
注意事项
文件: x 权限小心给予
目录: w 权限小心给予