linux文件权限_Linux文件权限

linux文件权限

介绍： (Introduction:)

Linux is an open-source Unix-like operating system, which was initially released by Linus Torvalds in 1991. Though it may not be as user-friendly as some other popular operating systems, Linux is robust and it rarely crashes. Any computing device broadly consists of two main functional blocks, the compute block (this is where the processing happens) and the memory block (this is where the data is stored). The data is stored on the computer in the form of an object called ‘File’. The data could be information, configuration, settings, or commands. Now these files, in general, could be read or tampered with by anybody, causing serious security issues. This developed a need for authorization for each file. File permissions dictate the authorization (who is allowed to do what) of a particular file.

L inux是一个开放源代码的类Unix操作系统，最初由Linus Torvalds于1991年发布。尽管它可能不像其他一些流行的操作系统那样用户友好，但Linux健壮并且很少崩溃。 任何计算设备大致都包含两个主要功能块，即计算块(在此进行处理)和存储块(在此存储数据)。 数据以称为“文件”的对象的形式存储在计算机上。 数据可以是信息，配置，设置或命令。 现在，这些文件通常可以被任何人读取或篡改，从而导致严重的安全问题。 因此，需要对每个文件进行授权。 文件权限规定了特定文件的授权(允许执行什么操作)。

List(ls)命令： (The List (ls) Command:)

Before venturing further into the file permissions, let’s have to look into what files we have on the computer. If you’ve access to a Linux based machine, open the terminal (bash) and you can try the mentioned commands as you read by. Please take note that the pictures that follow show the results which I got in my system and the names of the files or directories do not carry any deeper meaning in the current context. To list out the contents of the directory you’re currently in (present working directory), type the following command:

在进一步研究文件权限之前，我们必须研究一下计算机上拥有的文件。 如果您可以访问基于Linux的计算机，请打开终端(bash)，然后在阅读时可以尝试上述命令。 请注意，以下图片显示了我在系统中获得的结果，在当前上下文中文件或目录的名称没有更深层的含义。 要列出您当前所在目录(当前工作目录)的内容，请键入以下命令：

ls

Fig.1: Output of ‘ls’ command on my system 图1：我系统上的“ ls”命令输出

In Fig.1, the contents highlighted in blue are directories and the rest are files. The ‘ls’ command provides several options (or flags), one of which is the long format (-l) flag. Now type the following command into your terminal:

在图1中，以蓝色突出显示的内容是目录，其余的是文件。 'ls'命令提供了几个选项(或标志)，其中之一是长格式(-l)标志。 现在，在您的终端中键入以下命令：

ls -lh

Fig.2: Output of ‘ls -lh’ command on my system 图2：我的系统上的“ ls -lh”命令输出

Fig.2 depicts the output of the aforementioned command on my system. For the ease of understanding, the output has been divided into seven sections. The first section from the left is the permissions section. But before discussing it in detail, let’s get the other six sections out of the way first.

图2描述了上述命令在我的系统上的输出。 为了便于理解，将输出分为七个部分。 左侧的第一部分是权限部分。 但是，在详细讨论之前，让我们先排除其他六个部分。

The second section denotes the number of links or directories inside of that particular directory.

第二部分表示该特定目录内的链接或目录的数量。

The third section displays the user who owns the file or the directory.

第三部分显示拥有文件或目录的用户。

The fourth section contains the group to which that file or directory belongs. As there’re no groups created in my machine, it will show the user itself in the fourth section.

第四部分包含该文件或目录所属的组。 由于我的计算机中没有创建任何组，因此它将在第四部分中显示用户本身。

The fifth section shows the size of the file or the directory (the -h flag used along with -l flag in the command shows the size in human-readable format) in bytes.

第五部分以字节为单位显示文件或目录的大小(命令中的-h标志与-l标志一起使用，以人类可读的格式显示大小)。

The sixth section indicates the date and time (timestamp) when the file was last modified.

第六部分指示文件的最后修改日期和时间(时间戳)。

The seventh section shows the name of the file or the directory. Again, the names of the directories are highlighted in blue color.

第七部分显示文件或目录的名称。 同样，目录名称以蓝色突出显示。

For more information on the ‘ls’ command, try the following:

有关“ ls”命令的更多信息，请尝试以下操作：

ls --help

Or

要么

man ls

[What X Who]矩阵： (The [What X Who] Matrix:)

The different file permissions can be laid out across two dimensions, which could be called the [What X Who] matrix, meaning who can do what with a file or a directory. The three operations which Linux allows users to perform on a file are ‘Read’, ‘Write’, and ‘Execute’. These three operations constitute the ‘What’ part of the matrix.

可以在两个维度上划分不同的文件权限，这可以称为[What X Who]矩阵，这意味着谁可以对文件或目录执行操作。 Linux允许用户对文件执行的三个操作是“读取”，“写入”和“执行”。 这三个操作构成矩阵的“ What”部分。

· Read: This indicates that the file can be read.

·读取：表示可以读取文件。

· Write: This indicates that the file can be written onto or overwritten.

·写入：表示文件可以写入或覆盖。

· Execute: This indicates that the file is an executable.

·执行：表示文件是可执行文件。

The people allowed to do the above-mentioned operations constitute the ‘Who’ part of the matrix. In Linux, the ‘Who’ is segregated as ‘User’, ‘Group’, and ‘Others’.

允许执行上述操作的人员构成了矩阵的“谁”部分。 在Linux中，“谁”被分为“用户”，“组”和“其他”。

· User: This indicates the permissions of the user mentioned in the third section of Fig.2.

·用户：这表示图2第三部分中提到的用户权限。

· Group: This indicates the permissions of the group mentioned in the fourth section of Fig.2.

·组：这表示图2第四部分中提到的组的权限。

· Others: This indicates what permissions everybody else has.

·其他：这表明其他人都具有什么权限。

Now, let’s try this using an example. From Fig.2, let’s consider the permissions section of the file called ‘first’. The permissions given to this file (located in the first section) are ‘-rw-r — r — ’. Every permission in the first section of Fig.2 consists of 10 place-holders. The first place-holder shows whether the particular content is a file or a directory or a link. Since the file ‘first’ is not a directory, it is denoted by a ‘hyphen (-)’. For a directory, consider ‘guest’, the first place-holder shows the letter ‘d’, indicating that the content is a directory. Similarly, for a link, the first place-holder is represented by the letter ‘l’.

现在，让我们使用一个示例进行尝试。 从图2，让我们考虑一下名为“ first”的文件的权限部分。 授予此文件(位于第一部分)的权限为'-rw-r — r —'。 图2第一部分中的每个许可都包含10个占位符。 第一个占位符显示特定内容是文件还是目录或链接。 由于文件“ first”不是目录，因此用“连字符(-)”表示。 对于目录，请考虑“ guest”，第一个占位符显示字母“ d”，表示内容是目录。 类似地，对于链接，第一个占位符由字母“ l”表示。

The second, third and fourth place-holders indicate the permissions that the user has. In our example, the user ‘abhichandra1998’ has ‘rw-’ permissions, indicating the fact that the user has read and write permissions but not the execute permission.

第二，第三和第四个占位符指示用户具有的权限。 在我们的示例中，用户“ abhichandra1998”具有“ rw-”权限，表明该用户具有读取和写入权限，但没有执行权限。

The fifth, sixth and seventh place-holders indicate the permissions that the group has. In our example, the group ‘abhichandra1998’ has ‘r — ’ permissions, indicating the fact that the group has only read permission and no write and execute permissions.

第五，第六和第七个占位符指示该组具有的权限。 在我们的示例中，组“ abhichandra1998”具有“ r —”权限，表明该组仅具有读取权限，而没有写和执行权限。

The eighth, ninth and tenth place-holders indicate the permissions that everybody else has. In our example, others have ‘r — ’ permissions, indicating the fact that they also have only read permission.

第八，第九和第十个占位符表示其他所有人都具有的权限。 在我们的示例中，其他人具有“ r —”权限，表明他们也只有阅读权限。

The permissions field ‘rw-r — r — ’ can be summarized as:

权限字段“ rw-r — r —”可以概括为：

·         r              : User can Read the file·         w              : User can Write to the file·         -              : User cannot Execute the file·         r              : Group can Read the file·         -              : Group cannot Write to the file·         -              : Group cannot Execute the file·         r              : Others can Read the file·         -              : Others cannot Write to the file·         -              : Others cannot Execute the file

These permissions for our file ‘first’ can be plotted across the [What X Who] matrix as shown:

可以在[What X Who]矩阵中绘制文件“ first”的这些权限，如下所示：

Table 1: [What X Who] matrix for the file ‘first’ 表1： “第一个”文件的[What X Who]矩阵

Similarly, let’s consider the example of the directory ‘rasa_files’, the permission set denotes ‘drwxr-xr-x’. The first place-holder ‘d’ indicates that this is a directory. The remaining nine values can be plotted across our matrix as:

同样，让我们​​考虑目录“ rasa_files”的示例，权限集表示“ drwxr-xr-x”。 第一个占位符“ d”表示这是一个目录。 剩余的九个值可以在我们的矩阵上绘制为：

Table 2: [What X Who] matrix for the directory ‘rasa_files’ 表2：目录“ rasa_files”的[What X Who]矩阵

矩阵评分： (Matrix Scoring:)

Now I know what you’re thinking, all this permissions business is good and all, but doesn’t a 9 characters string make it difficult to represent, and quite frankly, messy? Of course, it does, that’s why in Linux, this 9 character string can be represented by a 4 -bit octal (base-8) score, in which every bit represents certain permissions. Consider the 4-bit octal number ‘0755’, the four bits represent the ‘sticky bit’, ‘user permissions’, ‘group permissions’ and ‘others’ permissions’, starting from the left-most bit.

现在，我知道您在想什么，所有这些权限生意都很好，但是9个字符的字符串不是很难表示吗，坦白说，很乱？ 当然可以，这就是为什么在Linux中，这9个字符串可以用4位八进制(以8为底)的分数表示，其中每一位代表一定的权限。 考虑4位八进制数“ 0755”，这四位代表“粘性位”，“用户权限”，“组权限”和“其他”权限，从最左边的位开始。

Table 3: Meaning of the 4 Octal bits 表3： 4个八进制位的含义

Mostly only three bits are used, the sticky bit is set if others have ‘execute’ permission, indicating that files and directories within that directory can only be deleted or renamed by the owner. Each permission (read, write and execute) has a score associated with it. These scores are set as follows,

通常只使用三个位，如果其他人具有“执行”权限，则会设置粘滞位，指示该目录中的文件和目录只能由所有者删除或重命名。 每个权限(读，写和执行)都有一个与之相关的分数。 这些分数设置如下，

Table 4: Permissions Scores 表4：权限分数

These values are added up to represent unique permissions. These scores never produce ambiguous sums, meaning that the sum of any two is always a unique number, which represents a unique set of permissions. If a user has ‘r — ’ permission, then it’s given a score of only 4 (4+0+0). If they have ‘rwx’ permissions, then they’re given a score of 7 (4+2+1). That’s how the user, group and others are given a score based on their permissions. Let’s consider our first example, the file ‘first’, and try to score it.

这些值加起来代表唯一的权限。 这些分数永远不会产生模棱两可的总和，这意味着任何两个总和始终是唯一的数字，代表唯一的一组权限。 如果用户具有'r-'权限，则其得分仅为4(4 + 0 + 0)。 如果他们具有“ rwx”权限，那么他们得到的分数为7(4 + 2 + 1)。 这就是根据用户，组和其他人的权限为其评分的方式。 让我们考虑第一个示例，文件“ first”，并尝试对其打分。

Table 5: Permission Scores for the file ‘first’ 表5：文件“第一”的权限得分

The entire 9-character permissions string ‘rw-r — r — ’ can be represented with the score ‘644’. Now let’s try to score our second example, the directory ‘rasa_files’.

整个9个字符的权限字符串'rw-r_r_'可以用分数'644'表示。 现在，让我们尝试为第二个示例评分，即目录“ rasa_files”。

Table 6: Permission Scores for the directory ‘rasa_files’

表6：目录“ rasa_files”的权限得分

The permissions score for the directory ‘rasa_files’ is 755.

目录“ rasa_files”的权限分数是755。

更改权限： (Changing the Permissions:)

Now, what if we want to change these permissions? What if we want to make a file executable, or reassign the permissions? This is where the ‘chmod’ (change mode) command comes into the picture. Let’s try to change the permission of our ‘first’ file, and give the user only executable permission. Try the following command:

现在，如果我们要更改这些权限怎么办？ 如果我们要使文件可执行或重新分配权限怎么办？ 这是“ chmod”(更改模式)命令进入图片的位置。 让我们尝试更改“第一个”文件的权限，并仅向用户授予可执行权限。 尝试以下命令：

chmod u=x <file_name>

You can replace <file_name> with a file on your system. I’ve performed this operation on the file ‘first’. Now list the contents again in long format:

您可以将<file_name>替换为系统上的文件。 我已经在文件“ first”上执行了此操作。 现在再次以长格式列出内容：

ls -l

Fig.3: Newly set permissions of the file ‘first’ 图3：新设置文件“ first”的权限

As shown in Fig.3, the user permission is changed to ‘ — x’. Now, to make the change of permissions simpler, we can also use the scores that should be allotted to each file. To change the permission of ‘rasa_info’ file to give all permissions to everybody, the score needed is 777. The first 7 indicates the user permissions (4+2+1), the second 7 indicates the group permissions (4+2+1) and the third 7 indicates the others’ permissions (4+2+1). So try the following command:

如图3所示，用户许可被改变为“×”。 现在，为了简化权限的更改，我们还可以使用应分配给每个文件的分数。 要更改“ rasa_info”文件的权限以授予所有人所有权限，需要的分数是777。前7个表示用户权限(4 + 2 + 1)，后7个表示组权限(4 + 2 + 1) )，第三个7表示其他人的权限(4 + 2 + 1)。 因此，请尝试以下命令：

chmod 777 <file_name>

You can replace <file_name> with a file on your system. I’ve performed this operation on the file ‘rasa_info’. Now, list the contents in the long format again (‘ls -l’).

您可以将<file_name>替换为系统上的文件。 我已经在文件“ rasa_info”上执行了此操作。 现在，再次以长格式列出内容(“ ls -l”)。

Fig.4: Newly set permissions of the file ‘rasa_info’ 图4：新设置文件“ rasa_info”的权限

In the above Fig.4, we can see that the permissions for ‘rasa_info’ file have been changed to ‘rwxrwxrwx’. You can try changing the file permissions to different values and try various flags for the ‘chmod’ command. For instance, using the ‘-R’ flag applies the permission settings to all the files and directories present inside the directory as well.

在上面的图4中，我们可以看到'rasa_info'文件的权限已更改为'rwxrwxrwx'。 您可以尝试将文件权限更改为不同的值，并尝试使用“ chmod”命令的各种标志。 例如，使用'-R'标志还将权限设置应用于目录中存在的所有文件和目录。

For more information on ‘chmod’ command, try the following:

有关“ chmod”命令的更多信息，请尝试以下操作：

chmod --help

Or

要么

man chmod

翻译自: https://medium.com/@abhichandra1998/linux-file-permissions-9f2bbb0c4370

linux文件权限