linux 45198端口,How do linux file permissions work?

Controlling Access to

Your Files with Permissions and Owners

If you share a Linux (or Unix) system, you will undoubtedly have

private files that you want to keep private, as well as files that

you want to be public. You can control access to your files by

setting the permission flags and ownership for your files.

How to Tell What

Access Your Files Have

When we discussed using the ls command, you may

have been wondering about that gibberish in the first few columns

of the ls -l command (stuff like -rw, r--, and so

on). Here's an example of output from the ls -l

command showing the contents of a directory:

Permissions User Group Size Date Name

-rw-r----- 1 hermie users 64183 Feb 14 22:07 cow_info

-rw-r----- 1 hermie users 115032 Jan 06 11:14 dog_info

-rw-r--r-- 1 hermie users 248 Jan 16 09:18 pig_info

-rw-r--r-- 1 hermie users 45090 Mar 23 23:17 cat_info

-rwx--x--- 1 hermie users 45198 Jan 23 11:14 zippity

drwxr-x--- 1 hermie friends 1024 Feb 28 06:12 slugs

For each file you see listed a set of permissions; the owning

user; a group name; and the size, creation date, and name of the

file. We'll focus on the permission first by dissecting the

file-access permissions for the cow_info file.

Specifically, these permissions are shown in the string of

characters preceding the file in the first column:

-rw-r-----. Note that the permissions data is made

up of ten characters, each of which has meaning.

To understand how to read file permissions, let's start by

splitting apart those ten characters for

cow_info:

Directory? User's Access Group Access Others' Access

- r w - r - - r - -

| | | | | |

Readable ---+ | | | | +--- Not executable8pt">

Writable -----+ | | +----- Not writable8pt">

Not executable -----+ +------- Readable

The character in the first position, a hyphen (-), indicates

that this is a file and not a directory. Directories are marked

with a d, as in drwxr-x--- (this precedes the

directory slugs).

The next three characters (rw-) tell us whether

the file's owner (hermie) can read, write, and

execute the file. An r in the first position means that the file

can be read; a w in the second position means that the file can be

written to (updated); and an x in the third position means that the

file can be executed (run). In all three cases, if a hyphen appears

in place of an r, w, or x, that specific privilege is removed. For

example, rw- means that the file can be read and written to, but

not executed.

The next sets of three characters define read, write, and

execute access for the users in a particular group (the users

group, in this case), along the same lines as above. For example,

the characters r-- that appear in these positions

for cow_info tell us that the users group can read

this file but can't write to or execute it.

The final set of three characters--all hyphens, in this

case--defines access for those who are not the owner or in the

listed group. This one's easy: No one outside the listed group has

any kind of access to this file.

Note: Groups are a convenient way to give a set of users the

same access to a bunch of files. Only a superuser can add to or

remove users from groups. To find out what groups you belong to,

use the groups command.

In sum, access to the cow_info file is

controlled like so: The user (hermie) can read and update the file,

but cannot execute it. People in the users group can only read the

file, and everybody else on the system gets no access at all.

Here's another example:

-rwx--x--- 1 hermie

users 45198 Jan 23 11:14 zippity

The characters that precede the file name

zippity tell us that this file is readable,

writable, and executable by hermie; only members of the users group

can execute it; and others outside the users group have no access

to it.

Note: You can give execute permission to any file, but it

doesn't make sense to do so unless the file is actually a

program.

Look at the listing for slugs:

drwxr-x--- 1 hermie

friends 1024 Feb 28 06:12 slugs

You can see first that it's a directory (signified by the d in

the first position). User hermie has read and write access, which

in the case of a directory translates into the ability to list files and to

create and delete files. Hermie also has execute access, which in

the case of a directory means the ability to use

cd to change to it. Those in the friends group can

list files in the directory and use cd to make it

the current directory, but others have no access whatsoever to the

directory.

Note: Unless you are administering a large Unix system with

lots of users, groups are not very important. In these examples,

users is just the name of a group that all users belong to by

default in a Linux system. If your primary group is users, all

files you create will show that as the group name, unless you use

the chgrp command to change it. If you're curious,

use the man chgrp command to find

out more.