Linux File Attr Permission
A Linux system is a typical multi-user system, where different users hold different statuses and possess different permissions.
To protect the security of the system, Linux has different regulations for the permissions of different users accessing the same file (including directory files).
In Linux, we typically use the following two commands to modify the owner and permissions of a file or directory:
* chown (change owner): Changes the owner and group.
* chmod (change mode): Changes the user's permissions.
The image below shows authorizing a user with chown and setting the permission for the user to open a door with chmod.
!(#)
In Linux, we can use the `ll` or `ls βl` command to display a file's attributes and the user and group it belongs to, like this:
[root@www /]# ls -l total 64 dr-xr-xr-x 2 root root 4096 Dec 14 2012 bin dr-xr-xr-x 4 root root 4096 Apr 19 2012 boot β¦β¦
In the example, the first attribute of the **bin** file is represented by `d`. In Linux, `d` indicates that the file is a directory.
In Linux, the first character represents whether the file is a directory, a file, or a link file, etc.
* `d` means it is a directory.
* `-` means it is a file.
* `l` means it is a link document (link file).
* `b` means it is a storage interface device in a device file (random-access device).
* `c` means it is a serial port device in a device file, such as a keyboard or mouse (one-time read device).
The subsequent characters are grouped in threes, each being a combination of the three parameters `rwx`. Here, `r` stands for readable, `w` for writable, and `x` for executable. Note that the position of these three permissions does not change; if there is no permission, a hyphen `-` appears instead.
!(#)
Each file's attributes are determined by the first 10 characters on the left (as shown in the image below).

From left to right, they are represented by the numbers **0-9**.
The **0th** position determines the file type. Positions **1-3** determine the permissions of the owner (the owner of the file).
Positions 4-6 determine the permissions of the group (users in the same group as the owner). Positions 7-9 determine the permissions of other users.
Among them, positions **1, 4, and 7** represent read permissions. If represented by the character `r`, read permission is granted; if represented by `-`, read permission is not granted.
Positions **2, 5, and 8** represent write permissions. If represented by `w`, write permission is granted; if represented by `-`, write permission is not granted. Positions **3, 6, and 9** represent execute permissions. If represented by `x`, execute permission is granted; if represented by `-`, execute permission is not granted.
* * *
## Linux File Owner and Group
[root@www /]# ls -l total 64 drwxr-xr-x 2 root root 4096 Feb 15 14:46 cron drwxr-xr-x 3 mysql mysql 4096 Apr 21 2014 mysql β¦β¦
For a file, it has a specific owner, which is the user who has ownership of the file.
At the same time, in the Linux system, users are classified by groups, and a user belongs to one or more groups.
Users other than the file owner can be divided into users in the same group as the owner and other users.
Therefore, the Linux system defines different file access permissions based on the file owner, users in the same group as the owner, and other users.
In the above example, the `mysql` file is a directory file, and both its owner and group are `mysql`. The owner has read, write, and execute permissions. Other users in the same group as the owner have read and execute permissions. Other users also have read and execute permissions.
For the root user, generally speaking, file permissions do not apply to it.
* * *
## Changing File Attributes
### 1. chgrp: Change File Group
Syntax:
chgrp groupname filename
Parameter Options
* `-R`: Recursively change the file group. When changing the group of a directory file, if the `-R` parameter is added, the group of all files under that directory will be changed.
### 2. chown: Change File Owner (owner), and can also change the file group simultaneously.
Syntax:
chown [βR] owner filename chown owner:groupname filename
Enter the `/root` directory (`~`) and change the owner of `install.log` to the `bin` account:
[root@www ~] cd ~[root@www ~]# chown bin install.log [root@www ~]# ls -l -rw-r--r-- 1 bin users 68495 Jun 25 08:53 install.log
Change the owner and group of `install.log` back to `root`:
[root@www ~]# chown root:root install.log [root@www ~]# ls -l -rw-r--r-- 1 root root 68495 Jun 25 08:53 install.log
### 3. chmod: Change the 9 Attributes of a File
There are two methods to set Linux file attributes: one is numeric, and the other is symbolic.
Linux files have nine basic permissions, which are the **read/write/execute** permissions for the three identities: **owner/group/others**.
Let's review the data mentioned earlier: the permission characters of a file are `-rwxrwxrwx`. These nine permissions are grouped in threes! We can use numbers to represent each permission. The score table for each permission is as follows:
* `r`: 4
* `w`: 2
* `x`: 1
The scores for the three permissions (`r/w/x`) of each identity (owner/group/others) need to be summed. For example, when the permission is `-rwxrwx---`, the score is:
* owner = rwx = 4+2+1 = 7
* group = rwx = 4+2+1 = 7
* others= --- = 0+0+0 = 0
So, when we set the permission change later, the permission number for the file will be **770**. The syntax for the `chmod` command to change permissions is:
chmod xyz file or directory
Options and Parameters:
* **xyz**: This is the numeric permission attribute mentioned earlier, which is the sum of the numeric values of the **rwx** attributes.
* **-R**: Perform a recursive continuous change, meaning all files under the subdirectory will also be changed.
For example, if you want to enable all permissions for the file **.bashrc**, the command is as follows:
[root@www ~]# ls -al .bashrc -rw-r--r-- 1 root root 395 Jul 4 11:45 .bashrc [root@www ~]# chmod 777 .bashrc [root@www ~]# ls -al .bashrc -rwxrwxrwx 1 root root 395 Jul 4 11:45 .bashrc
What if you want to change the permission to `-rwxr-xr--`? Then the permission score becomes [4+2+1][4+0+1][4+0+0]=754.
### Changing File Permissions with Symbolic Type
There is another method to change permissions. From the previous introduction, we can see that the nine permissions are basically:
* user: user
* group: group
* others: others
So we can use **u, g, o** to represent the permissions of the three identities.
Additionally, **a** represents **all**, meaning all identities. Read and write permissions can be written as `r`, `w`, `x`, which can be understood using the following table:
chmod u
g
o
a+(add)
-(remove)
=(set)r
w
x file or directory
If we need to set the file permission to **-rwxr-xr--**, we can use `chmod u=rwx,g=rx,o=r filename` to set it:
# touch test1 // Create test1 file# ls -al test1 // View default permissions of test1-rw-r--r-- 1 root root 0 Nov 15 10:32 test1 # chmod u=rwx,g=rx,o=r test1 // Modify permissions of test1# ls -al test1-rwxr-xr-- 1 root root 0 Nov 15 10:32 test1
What if you want to remove permissions without changing other existing permissions? For example, to remove execute permissions for everyone, use:
# chmod a-x test1# ls -al test1-rw-r--r-- 1 root root 0 Nov 15 10:32 test1
* * *
## More References
YouTip