1. 权限的基本概述
什么是权限
系统对用户所能执行的功能的限制
为什么要有权限
为了保护每个用户的自己的工作环境和隐私
权限跟用户有什么关系
属主 User u
属组 Group g
其他人 others o
a 所有
对应了三个基础权限
r 可读 readable 4
w 可写 writable 2
x 可执行 executable 1
- 没有权限 权限位占位符 0
[root@zzc ~]
total 61152
-rw-r--r--. 1 root root 39 Jul 17 19:16 123.txt
-rw-r--r--. 1 root root 9272936 Jul 17 12:01 access.log
- rw- r-- r-- 644
文件的类型 属主 属组 匿名
每三个为一组
第一个对应 可读 r
第二个对应 可写 w
第三个对应 可执行 x
没有此权限则用-代替
为什么要设置权限,如何设置权限
设置某个用户对于系统的某个资源拥有什么样管理权力
chmod 设置权限
chmod
选项:
-R
只有root管理员才可以修改任何人的权限 普通用户只能修改自己的权限
2. 权限的设置案例
-rwxrw-r-- test01 dev file.txt
test01 user01属于dev组 zzc01属于zzc01组
三个用户分别对这个文件拥有什么权限
test01是文件的所有者 可读 可写 可执行权限
user01属于dev组,dev组所拥有的权限,user01同样拥有 可读 可写 权限
zzc01不属于dev组,对于此文件来说,就是一个陌生人 拥有匿名用户的权限 可读
判断一个用户对一个文件拥有什么权限
1. 系统会判断该用户是否为所有者,如果是,则按照属主的权限进行访问
2. 如果不是所有者,则判断该用户是否为所属组,如果是,则按照所属组的权限进行访问
3. 如果此用户不是所有者,也不是所属组,则按照匿名用户进行访问
修改权限的两种方法:
字母进行修改
u 属主
g 属组
o 匿名用户
a 所有用户
权限字母
r 可读
w 可写
x 可执行
- 没有权限
赋予的方式
+
-
=
[root@zzc ~]
total 4
-rw-r--r-- 1 root root 158 Jul 23 09:06 hosts
[root@zzc ~]
[root@zzc ~]
total 4
-rwxr--r-- 1 root root 158 Jul 23 09:06 hosts
[root@zzc ~]
[root@zzc ~]
total 4
-rwxrwxr-- 1 root root 158 Jul 23 09:06 hosts
[root@zzc ~]
[root@zzc ~]
total 4
-rwxrwxrw- 1 root root 158 Jul 23 09:06 hosts
[root@zzc ~]
[root@zzc ~]
total 4
-rwxrwxrwx 1 root root 158 Jul 23 09:06 hosts
[root@zzc ~]
[root@zzc ~]
total 4
-rw-rw-rw- 1 root root 158 Jul 23 09:06 hosts
[root@zzc ~]
[root@zzc ~]
total 4
-r--rw-rw- 1 root root 158 Jul 23 09:06 hosts
[root@zzc ~]
[root@zzc ~]
total 4
-r--r----- 1 root root 158 Jul 23 09:06 hosts
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
total 4
-rw-rw-rw- 1 root root 158 Jul 23 09:06 hosts
[root@zzc ~]
[root@zzc ~]
total 4
-rw-rw---- 1 root root 158 Jul 23 09:06 hosts
根据数字进行修改 会把原来的权限全部覆盖掉
-R
[root@zzc ~]
[root@zzc ~]
total 4
-rw-r--r-- 1 root root 158 Jul 23 09:06 hosts
[root@zzc ~]
[root@zzc ~]
total 4
drwxr-xr-x 2 root root 6 Jul 23 09:35 data
-rw-r--r-- 1 root root 158 Jul 23 09:06 hosts
[root@zzc ~]
[root@zzc ~]
total 4
-rw-r--r-- 1 root root 158 Jul 23 09:35 hosts
[root@zzc ~]
drwxr-xr-x 2 root root 19 Jul 23 09:35 data/
[root@zzc ~]
[root@zzc ~]
drwx------ 2 root root 19 Jul 23 09:35 data/
[root@zzc ~]
total 4
-rw-r--r-- 1 root root 158 Jul 23 09:35 hosts
[root@zzc ~]
[root@zzc ~]
drwxr-xr-x 2 root root 19 Jul 23 09:35 data/
[root@zzc ~]
total 4
-rwxr-xr-x 1 root root 158 Jul 23 09:35 hosts
/opt/test 针对于此目录
属主为root 属组为dev dev01 dev02
属主拥有所有权限
属组拥有可读 可写权限
其他人没有任何权限
[root@zzc ~]
[root@zzc ~]
total 0
drwxr-xr-x 2 root root 6 Jul 23 09:40 test
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
total 0
drwxr-xr-x 2 root dev 6 Jul 23 09:40 test
[root@zzc ~]
[root@zzc ~]
total 0
drwxrw---- 2 root dev 6 Jul 23 09:40 test
3. 权限对文件或者目录的影响
权限对文件或者目录的影响
权限 文件 目录
r 可以查看文件内容 cat head tail 浏览目录及子目录的列表 ls tree
w 可以新增,修改文件内容的权利 vim echo > >> 可以新建或者删除,移动目录中的文件的权利
x 可以执行文件的权利 脚本 可以进入目录 cd
4. 文件权限设置案例
r权限
[root@zzc ~]
[root@zzc ~]
total 4
-rw-r--r-- 1 root root 9 Jul 23 09:57 file.txt
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
Changing password for user zzc01.
passwd: all authentication tokens updated successfully.
[root@zzc ~]
Last login: Thu Jul 23 09:59:14 CST 2020 on pts/0
[zzc01@zzc ~]$ ll /opt/
total 4
-rw-r--r-- 1 root root 9 Jul 23 09:57 file.txt
drwxrw---- 2 root dev 6 Jul 23 09:40 test
[zzc01@zzc ~]$ cat /opt/file.txt
hostname
[zzc01@zzc ~]$ head /opt/file.txt
hostname
[zzc01@zzc ~]$ tail /opt/file.txt
hostname
[zzc01@zzc ~]$ vim /opt/file.txt
[zzc01@zzc ~]$ echo "123" >> /opt/file.txt
-bash: /opt/file.txt: Permission denied
[zzc01@zzc ~]$ /opt/file.txt
-bash: /opt/file.txt: Permission denied
w权限
[root@zzc ~]
[root@zzc ~]
-rw-r---w- 1 root root 9 Jul 23 09:57 /opt/file.txt
[root@zzc ~]
Last login: Thu Jul 23 10:00:14 CST 2020 on pts/0
[zzc01@zzc ~]$ cat /opt/file.txt
cat: /opt/file.txt: Permission denied
[zzc01@zzc ~]$ vim /opt/file.txt
[zzc01@zzc ~]$ cat /opt/file.txt
cat: /opt/file.txt: Permission denied
[zzc01@zzc ~]$ /opt/file.txt
-bash: /opt/file.txt: Permission denied
[root@zzc ~]
uirethruie
[zzc01@zzc ~]$ echo "test" >> /opt/file.txt
[zzc01@zzc ~]$ echo "test" > /opt/file.txt
[root@zzc ~]
uirethruie
test
[root@zzc ~]
test
x权限
[root@zzc ~]
[root@zzc ~]
-rw-r----x 1 root root 5 Jul 23 10:09 /opt/file.txt
[root@zzc ~]
Last login: Thu Jul 23 10:08:38 CST 2020 on pts/0
[zzc01@zzc ~]$ ll /opt/file.txt
-rw-r----x 1 root root 5 Jul 23 10:09 /opt/file.txt
[zzc01@zzc ~]$ cat /opt/file.txt
cat: /opt/file.txt: Permission denied
[zzc01@zzc ~]$ echo "123" >> /opt/file.txt
-bash: /opt/file.txt: Permission denied
[zzc01@zzc ~]$ /opt/file.txt
bash: /opt/file.txt: Permission denied
rw权限
[root@zzc ~]
[root@zzc ~]
-rw-r--rw- 1 root root 5 Jul 23 10:09 /opt/file.txt
[root@zzc ~]
Last login: Thu Jul 23 10:11:27 CST 2020 on pts/0
[zzc01@zzc ~]$ cat /opt/file.txt
test
[zzc01@zzc ~]$ echo "hostname" > /opt/file.txt
[zzc01@zzc ~]$ vim /opt/file.txt
[zzc01@zzc ~]$ cat /opt/file.txt
hostname
pwd
[zzc01@zzc ~]$ /opt/file.txt
-bash: /opt/file.txt: Permission denied
rx权限
[root@zzc ~]
[root@zzc ~]
-rw-r--r-x 1 root root 13 Jul 23 10:14 /opt/file.txt
[root@zzc ~]
Last login: Thu Jul 23 10:14:16 CST 2020 on pts/0
[zzc01@zzc ~]$ cat /opt/file.txt
hostname
pwd
[zzc01@zzc ~]$ echo "123" > /opt/file.txt
-bash: /opt/file.txt: Permission denied
[zzc01@zzc ~]$ vim /opt/file.txt
[zzc01@zzc ~]$ /opt/file.txt
zzc
/home/zzc01
wx权限 没有什么用处
rwx权限 权限太大
Permission denied
总结: 权限对文件的影响
5. 目录权限设置案例
权限对目录的影响
r权限 具有可以浏览目录及其子目录下的列表 属性信息
[root@zzc ~]
[root@zzc ~]
total 4
-rw-r--r-x 1 root root 13 Jul 23 10:14 file.txt
drwxrw-r-- 2 root root 6 Jul 23 09:40 test
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
total 0
-rw-r--r-- 1 root root 0 Jul 23 10:51 data.log
-rw-r--r-- 1 root root 0 Jul 23 10:51 data.sh
-rw-r--r-- 1 root root 0 Jul 23 10:51 data.txt
drwxr-xr-x 2 root root 6 Jul 23 10:51 oldboy01
drwxr-xr-x 2 root root 6 Jul 23 10:51 oldboy02
drwxr-xr-x 2 root root 6 Jul 23 10:51 oldboy03
[root@zzc ~]
Last login: Thu Jul 23 10:51:09 CST 2020 on pts/0
[zzc01@zzc ~]$ ls /opt/test/
ls: cannot access /opt/test/data.txt: Permission denied
ls: cannot access /opt/test/data.log: Permission denied
ls: cannot access /opt/test/data.sh: Permission denied
ls: cannot access /opt/test/oldboy01: Permission denied
ls: cannot access /opt/test/oldboy02: Permission denied
ls: cannot access /opt/test/oldboy03: Permission denied
data.log data.sh data.txt oldboy01 oldboy02 oldboy03
[zzc01@zzc ~]$ ls -l /opt/test/
ls: cannot access /opt/test/data.txt: Permission denied
ls: cannot access /opt/test/data.log: Permission denied
ls: cannot access /opt/test/data.sh: Permission denied
ls: cannot access /opt/test/oldboy01: Permission denied
ls: cannot access /opt/test/oldboy02: Permission denied
ls: cannot access /opt/test/oldboy03: Permission denied
total 0
-????????? ? ? ? ? ? data.log
-????????? ? ? ? ? ? data.sh
-????????? ? ? ? ? ? data.txt
d????????? ? ? ? ? ? oldboy01
d????????? ? ? ? ? ? oldboy02
d????????? ? ? ? ? ? oldboy03
[zzc01@zzc ~]$ rm -f /opt/test/data.log
rm: cannot remove ‘/opt/test/data.log’: Permission denied
[zzc01@zzc ~]$ touch /opt/test/data.conf
touch: cannot touch ‘/opt/test/data.conf’: Permission denied
[zzc01@zzc ~]$ mv /opt/test/data.log /tmp
mv: cannot stat ‘/opt/test/data.log’: Permission denied
[zzc01@zzc ~]$ cd /opt/test/
-bash: cd: /opt/test/: Permission denied
[zzc01@zzc ~]$ tree /opt/test/
/opt/test/
0 directories, 0 files
w权限
[root@zzc ~]
[root@zzc ~]
total 4
-rw-r--r-x 1 root root 13 Jul 23 10:14 file.txt
drwxrw--w- 5 root root 101 Jul 23 10:51 test
[root@zzc ~]
Last login: Thu Jul 23 10:52:22 CST 2020 on pts/0
[zzc01@zzc ~]$ ls /opt/test/
ls: cannot open directory /opt/test/: Permission denied
[zzc01@zzc ~]$ ls -l /opt/test/
ls: cannot open directory /opt/test/: Permission denied
[zzc01@zzc ~]$ cd /opt/test/
-bash: cd: /opt/test/: Permission denied
[zzc01@zzc ~]$ touch /opt/test/123.txt
touch: cannot touch ‘/opt/test/123.txt’: Permission denied
[zzc01@zzc ~]$ rm -f /opt/test/data.log
rm: cannot remove ‘/opt/test/data.log’: Permission denied
[zzc01@zzc ~]$ mv /opt/test/data.log /tmp/
mv: cannot stat ‘/opt/test/data.log’: Permission denied
[zzc01@zzc ~]$ cp /opt/test/data.log /tmp
cp: cannot stat ‘/opt/test/data.log’: Permission denied
[zzc01@zzc ~]$ cp /opt/test/data.log /tmp
cp: cannot stat ‘/opt/test/data.log’: Permission denied
[zzc01@zzc ~]$ mv /opt/test/data.log /tmp/
mv: cannot stat ‘/opt/test/data.log’: Permission denied
[zzc01@zzc ~]$ rm -f /opt/test/data.log
rm: cannot remove ‘/opt/test/data.log’: Permission denied
[zzc01@zzc ~]$ ll -d /opt/
drwxrwxrwx 3 root root 34 Jul 23 09:57 /opt/
x权限 进入目录
[root@zzc ~]
Last login: Thu Jul 23 10:57:51 CST 2020 on pts/0
[zzc01@zzc ~]$ cd /opt/test/
[zzc01@zzc test]$ ls
ls: cannot open directory .: Permission denied
[zzc01@zzc test]$ ls -l
ls: cannot open directory .: Permission denied
[zzc01@zzc test]$ rm -f data.log
rm: cannot remove ‘data.log’: Permission denied
[zzc01@zzc test]$ touch data.conf
touch: cannot touch ‘data.conf’: Permission denied
[zzc01@zzc test]$ mv data.log /tmp/
mv: cannot move ‘data.log’ to ‘/tmp/data.log’: Permission denied
[zzc01@zzc test]$ cp data.log /tmp/
[zzc01@zzc test]$ ll /tmp/
total 4
drwxr-xr-x. 2 root root 51 Jul 17 17:59 data1
drwxr-xr-x. 2 root root 51 Jul 17 17:59 data2
drwxr-xr-x. 2 root root 51 Jul 17 17:59 data3
-rw-r--r-- 1 zzc01 zzc01 0 Jul 23 11:03 data.log
rw权限
[root@zzc ~]
[root@zzc ~]
total 4
-rw-r--r-x 1 root root 13 Jul 23 10:14 file.txt
drwxrw-rw- 5 root root 101 Jul 23 10:51 test
[root@zzc ~]
Last login: Thu Jul 23 11:06:21 CST 2020 on pts/0
[zzc01@zzc ~]$ cd /opt/test/
-bash: cd: /opt/test/: Permission denied
[zzc01@zzc ~]$ ls /opt/test/
ls: cannot access /opt/test/data.txt: Permission denied
ls: cannot access /opt/test/data.log: Permission denied
ls: cannot access /opt/test/data.sh: Permission denied
ls: cannot access /opt/test/oldboy01: Permission denied
ls: cannot access /opt/test/oldboy02: Permission denied
ls: cannot access /opt/test/oldboy03: Permission denied
data.log data.sh data.txt oldboy01 oldboy02 oldboy03
[zzc01@zzc ~]$ ls -l /opt/test/
ls: cannot access /opt/test/data.txt: Permission denied
ls: cannot access /opt/test/data.log: Permission denied
ls: cannot access /opt/test/data.sh: Permission denied
ls: cannot access /opt/test/oldboy01: Permission denied
ls: cannot access /opt/test/oldboy02: Permission denied
ls: cannot access /opt/test/oldboy03: Permission denied
total 0
-????????? ? ? ? ? ? data.log
-????????? ? ? ? ? ? data.sh
-????????? ? ? ? ? ? data.txt
d????????? ? ? ? ? ? oldboy01
d????????? ? ? ? ? ? oldboy02
d????????? ? ? ? ? ? oldboy03
[zzc01@zzc ~]$ touch /opt/test/data.conf
touch: cannot touch ‘/opt/test/data.conf’: Permission denied
[zzc01@zzc ~]$ rm -f /opt/test/data.log
rm: cannot remove ‘/opt/test/data.log’: Permission denied
[zzc01@zzc ~]$ mv /opt/test/data.log /tmp/
mv: cannot stat ‘/opt/test/data.log’: Permission denied
[zzc01@zzc ~]$ cp /opt/test/data.txt /tmp/
cp: cannot stat ‘/opt/test/data.txt’: Permission denied
rx权限
[root@zzc ~]
[root@zzc ~]
total 4
-rw-r--r-x 1 root root 13 Jul 23 10:14 file.txt
drwxrw-r-x 5 root root 101 Jul 23 10:51 test
[root@zzc ~]
Last login: Thu Jul 23 11:10:14 CST 2020 on pts/0
[zzc01@zzc ~]$ cd /opt/test/
[zzc01@zzc test]$ ls
data.log data.sh data.txt oldboy01 oldboy02 oldboy03
[zzc01@zzc test]$ ls -l
total 0
-rw-r--r-- 1 root root 0 Jul 23 10:51 data.log
-rw-r--r-- 1 root root 0 Jul 23 10:51 data.sh
-rw-r--r-- 1 root root 0 Jul 23 10:51 data.txt
drwxr-xr-x 2 root root 6 Jul 23 10:51 oldboy01
drwxr-xr-x 2 root root 6 Jul 23 10:51 oldboy02
drwxr-xr-x 2 root root 6 Jul 23 10:51 oldboy03
[zzc01@zzc test]$ touch data.conf
touch: cannot touch ‘data.conf’: Permission denied
[zzc01@zzc test]$ rm -f data.log
rm: cannot remove ‘data.log’: Permission denied
[zzc01@zzc test]$ mv data.txt /tmp/
mv: cannot move ‘data.txt’ to ‘/tmp/data.txt’: Permission denied
[zzc01@zzc test]$ cp data.txt /tmp/
[zzc01@zzc test]$ ll /tmp/
total 4
drwxr-xr-x. 2 root root 51 Jul 17 17:59 data1
drwxr-xr-x. 2 root root 51 Jul 17 17:59 data2
drwxr-xr-x. 2 root root 51 Jul 17 17:59 data3
-rw-r--r-- 1 zzc01 zzc01 0 Jul 23 11:03 data.log
-rw-r--r-- 1 zzc01 zzc01 0 Jul 23 11:13 data.txt
wx权限
[root@zzc ~]
[root@zzc ~]
total 4
-rw-r--r-x 1 root root 13 Jul 23 10:14 file.txt
drwxrw--wx 5 root root 101 Jul 23 10:51 test
[root@zzc ~]
Last login: Thu Jul 23 11:12:31 CST 2020 on pts/0
[zzc01@zzc ~]$ cd /opt/test/
[zzc01@zzc test]$ ls
ls: cannot open directory .: Permission denied
[zzc01@zzc test]$ touch 123.txt
[zzc01@zzc test]$ ls
ls: cannot open directory .: Permission denied
[zzc01@zzc test]$ rm -f data.log
[zzc01@zzc test]$ mv data.txt /tmp/
[zzc01@zzc test]$ ls
ls: cannot open directory .: Permission denied
总结: 权限对目录的影响
对目录设置权限时,不能离开x权限
对文件设置权限时,不能离开r权限
6. chown属主属组设置
chown
选项:
-R
[root@zzc ~]
total 4
-rw-r--r-x 1 root root 13 Jul 23 10:14 file.txt
drwxrw--wx 5 root root 84 Jul 23 11:17 test
[root@zzc ~]
[root@zzc ~]
total 4
-rw-r--r-x 1 zzc01 root 13 Jul 23 10:14 file.txt
drwxrw--wx 5 root root 84 Jul 23 11:17 test
[root@zzc ~]
[root@zzc ~]
total 4
-rw-r--r-x 1 zzc01 zzc01 13 Jul 23 10:14 file.txt
drwxrw--wx 5 root root 84 Jul 23 11:17 test
[root@zzc ~]
[root@zzc ~]
total 4
-rw-r--r-x 1 root root 13 Jul 23 10:14 file.txt
drwxrw--wx 5 root root 84 Jul 23 11:17 test
[root@zzc ~]
[root@zzc ~]
drwxrw--wx 5 zzc01 zzc01 84 Jul 23 11:17 /opt/test/
[root@zzc ~]
total 0
-rw-rw-r-- 1 zzc01 zzc01 0 Jul 23 11:17 123.txt
-rw-r--r-- 1 root root 0 Jul 23 10:51 data.sh
drwxr-xr-x 2 root root 6 Jul 23 10:51 oldboy01
drwxr-xr-x 2 root root 6 Jul 23 10:51 oldboy02
drwxr-xr-x 2 root root 6 Jul 23 10:51 oldboy03
[root@zzc ~]
[root@zzc ~]
total 0
-rw-rw-r-- 1 zzc01 zzc01 0 Jul 23 11:17 123.txt
-rw-r--r-- 1 zzc01 zzc01 0 Jul 23 10:51 data.sh
drwxr-xr-x 2 zzc01 zzc01 6 Jul 23 10:51 oldboy01
drwxr-xr-x 2 zzc01 zzc01 6 Jul 23 10:51 oldboy02
drwxr-xr-x 2 zzc01 zzc01 6 Jul 23 10:51 oldboy03
chgrp
[root@zzc ~]
[root@zzc ~]
drwxrw--wx 5 zzc01 root 84 Jul 23 11:17 /opt/test/
7. Umask控制权限
[root@zzc ~]
total 4
drwxr-xr-x 2 root root 6 Jul 23 11:21 123
-rw-r--r-- 1 root root 0 Jul 23 11:21 123.txt
系统中为什么新创建的目录的权限为755,文件的权限为644
都是由系统的控制权限所控制的
umask
[root@zzc ~]
0022
系统中是如何计算权限
系统新创建的目录的权限由最大权限777减去umask控制权限022得到的就是755,所以说新创建的目录的权限为755,新创建文件的权限由文件最大权限666减去umask控制权限022,得到644权限,所以说新创建的文件的权限为644,当文件权限遇到奇数时,在奇数为加一
[root@zzc ~]
0022
[root@zzc ~]
[root@zzc ~]
0033
[root@zzc ~]
[root@zzc ~]
total 4
drwxr-xr-x 2 root root 6 Jul 23 11:21 123
-rw-r--r-- 1 root root 0 Jul 23 11:21 123.txt
drwxr--r-- 2 root root 6 Jul 23 12:02 oldboy
[root@zzc ~]
[root@zzc ~]
total 4
drwxr-xr-x 2 root root 6 Jul 23 11:21 123
-rw-r--r-- 1 root root 0 Jul 23 11:21 123.txt
drwxr--r-- 2 root root 6 Jul 23 12:02 oldboy
-rw-r--r-- 1 root root 0 Jul 23 12:02 oldboy.txt