Learn GNU/Linux Commands (11): Permission - stat, chown, chmod
In GNU/Linux and other Unix-like systems, everything can be considered as a file, every file belongs to a user and a group. The user, other members of the group, and other users of the system have their own permission to access the file. There are 3 kinds of permission: the permission to read, to write, to execute.
To execute a file means to let the system perform base on the content of the file. In order to execute a non-binary script (file), the user needs the permission to read it as well.
By default, when a normal file is made, the user who makes it owns it, the owner and members in the group have the permission to read and write it, others have the permission to read it. For a directory, it is the same as normal files besides that every user has the permission to execute the directory. This is for files under it to be executable.
The superuser, or root, can read and write all files. Root can execute a file if there is at least one user who is permitted to do that. This is to say, if a file can be executed by its owner, but not by other members of the group and any other users, root can execute it as well. If a file can't be executed by its owner or other members of the group, but any other users can, root can execute it as well.
Display Permission and Ownership
ls -l [PATHNAME]...
List information about the files (the current directory by default) using a long listing format.
For example:
[texpion@com ~]$ ls -l
-rw-rw-r--. 1 texpion texpion 0 Sep 1 10:29 myfile
drwxrwxr-x. 3 texpion texpion 4096 Sep 1 10:29 mydirectory
- The 1st column is the permission.
- The 3rd is the user that owns the file.
- The 4th is the group that owns the file.
- The last is its name.
stat FILE
Display file or file system status.
For example:
[texpion@com ~]$ stat ./mydirectory
File: ./mydirectory
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 155078 Links: 3
Access: (0775/drwxrwxr-x) Uid: ( 1001/ texpion) Gid: ( 1001/ texpion)
Access: 2018-09-01 10:29:49.658883886 -0400
Modify: 2018-09-01 10:30:44.553320975 -0400
Change: 2018-09-01 10:30:44.553320975 -0400
Birth: -
The access permission string has the same structure as the string "ls -l" displays except that it doesn't have the 11th (the last) character.
"stat" also displays the permission in the numeric format. That is 0775 in the example. The first number is for special flags.
- Uid: the user that owns the file.
- Gid: the group that owns the file.
Meaning of the text format
- "d" means it's a directory, "-" means it isn't.
- "r" stands for "read".
- "w" stands for "write".
- "x" stands for "execute".
- "-" means negative.
- They are in the order as "read, write, execute".
- The first 3 characters are for the user.
- The next 3 characters are for the group.
- The last 3 characters are for others.
- "+" means the file has additional attributes, "." means it has not.
For the 1st character
For the next 9 characters
For the last character
Directory | User perm. | Group perm. | Other perm. | Additional attr. |
---|---|---|---|---|
-rw-rw-r--. 1 test test 0 Sep 1 10:29 myfile | ||||
- | rw- | rw- | r-- | . |
yes | read, write | read, write | read only | no |
drwxrwxr-x. 3 test test 4096 Sep 1 10:29 mydirectory | ||||
d | rwx | rwx | r-x | . |
yes | read, write, execute | read, write, execute | read, execute | no |
Meaning of the numeric format
The basic structure has 3 octal digits, the 1st represents the permission for the user, the 2nd for the group, and the 3rd for others. If there is 4 octal digit, the first is for special flags.
Each octal digit can be 0 to 7.
- 1: executable.
- 2: writable
- 4: readable.
- 7=1+2+4: readable, writable and executable.
- 6=2+4: readable and writable.
- 5=1+4: readable and executable.
- 3=1+2: writable and executable.
- 0: no permission.
Change Permission
Only root and the user who owns the file can change its permission.
chown MODE FILE...
Change the mode (permission) of each FILE to MODE.
MODE format
- u: user.
- g: group.
- o: other.
- a: all of the above.
- =: set as the permission on the right.
- +: grant(add) the permission on the right.
- -: deny(subtract) the permission on the right.
Mode | Equivalents | Example Before | After |
---|---|---|---|
33 | 033, 0033, go=3 | 0664/-rw-rw-r-- | 0033/-----wx-wx |
-1 | o-1, o-x | 0775/drwxrwxr-x | 0664/drw-rw-r-- |
u=7 | u=rwx | 0664/-rw-rw-r-- | 0764/-rwxrw-r-- |
a=rx | =rx, 555, =555, 0555, =0555 | 0664/-rw-rw-r-- | 0555/-r-xr-xr-x |
-w | ug-w, -220 | 0775/drwxrwxr-x | 0555/dr-xr-xr-x |
+x | a+x, ugo+x, +111 | 0775/drwxrwxr-x | 0555/dr-xr-xr-x |
Below are some of the most commonly used modes:
+x, 775, 664, 600, 400
Change Ownership
Change to Another User Only
chown USER FILE...
Change the owner of each FILE to USER i.e. Make USER the new owner of each FILE.
Only root can do this.
Change to Another Group Only
chown :GROUP FILE...
Change the group each FILE belongs to to GROUP.
root can do this. If the user owns each FILE and the user belongs to GROUP, the user can do this as well.
Change to USER and Group
chown USER: FILE...
Change the owner to USER and the group to USER's primary group.
For example:
[root@com ~]# ls -l myfile
-rw-rw-r--. 1 texpion texpion 0 Sep 1 10:29 myfile
[texpion@com ~]# chown root: myfile
[root@com ~]# ls -l myfile
-rw-rw-r--. 1 root root 0 Sep 1 10:29 myfile
chown USER:GROUP FILE...
Change the owner to USER and the group to GROUP. USER doesn't have to be a member of GROUP.
For example:
[root@com ~]# ls -l myfile
-rw-rw-r--. 1 texpion texpion 0 Sep 1 10:29 myfile
[texpion@com ~]# chown root:test myfile
[root@com ~]# ls -l myfile
-rw-rw-r--. 1 root test 0 Sep 1 10:29 myfile
Only root can do this.
Comments
Post a Comment