Understanding file permissions

The ls command displays the permissions of files, directories, and devices on the Linux operating system.

qwldeMacBook-Pro:bin qinwanli$ cd/Users/qinwanli/Desktop/development/flutter/bin qwldeMacBook-Pro:bin qwl$ ls -l total 32 drwxr-xr-x@ 28 qwl staff 896 10  23 10:23 cache -rwxr-xr-x 1 qwl staff 7455 6 19 16:03 flutter -rw-r--r-- 1 qwl staff 7575 6 19 16:03 flutter.bat drwxr-xr-x@ 18 qwl staff 576 6 19 16:03 internal qwldeMacBook-Pro:bin qwl$Copy the code

The contents listed are:The first field in the output is the encoding that describes file and directory permissions, such as viewflutterThe first field of output is-rwxr-xr-x, the first character of the field represents the type of the object:

  • -On behalf of the file
  • dOn behalf of the directory
  • lOn behalf of the link
  • cRepresents a character device
  • bRepresentative block device
  • nRepresents network equipment

According to the above information, the flutter is a document.

The encoding of three sets of three characters after the first character – is RWX /r-x/r-x. Each group represents a security level. The corresponding security levels are as follows: File owner (primary user), file owner group (group user), and other users. Each security level corresponds to three types of access rights:

  • rRepresents that the object is readable
  • wRepresents that the object is writable
  • xRepresents that the object is executable

If there is no permission, a single break line – will appear in the permission bit.

Permissions to interpret the document Flutter:

  • rwx: The primary user of the file, assuming the system login name:user_one.
  • r-x: An array of files (group users), suppose the system group is:users.
  • r-x: Other users. Assume that other users are:other_user.

Description: The user of user_One has full permissions to read, write, and execute the file. Users in the Users group have the permission to read and execute this file. The user of other_user has the permission to read and execute this file.

Default file permissions

File permissions are set using the umask command. Using the umask command, you can set the default permissions for files and directories.

MacOS terminal input
umask
# output
0022
Copy the code

0022: The first represents a special security feature called sticky bits. The next three bits, 022, represent the umask octal values for the file or directory (the security Settings for octal mode). Source of octal values: Obtain the three RWX permission values and then convert them to 3-bit binary values, represented by an octal value. In this binary representation, each position represents a binary bit. Each combination of values corresponds to an octal number, called a file permission code:

permissions Binary values Octal value describe
000 0 I don’t have any permissions
–x 001 1 Only execute permission
-w- 010 2 Write permission only
-wx 011 3 Have write and execute permissions
r– 100 4 Read permission only
r-x 101 5 Have read and execute permissions
rw- 110 6 Read and write permissions are available
rwx 111 7 Have full access

Octal mode obtains the octal value of the permission, and then lists the octal values of the three security levels (owner, parent group, and other users) in order. Thus, the value 664 in octal mode represents read and write permissions for both the owner and group members, while all other users have read permissions only.

# Create file
touch new_file
ls -l new_file
# output
-rw-r--r--  1 qwl staff  0 10 23 16:27 new_file
# Create directory
mkdir new_dir
# output
drwxr-xr-x  2 qwl staff        64 10 23 17:00 new_dir
Copy the code

By default, macOS creates files with an octal value of 644, directories with an octal value of 755, and my umask is 022. How does the umask command set the default permissions for files and directories? In fact, the umask value is only a mask. It blocks permissions that it does not want to grant to the user level. The umask value is subtracted from the object’s carte Blanche value to be the permission value for the final file created. For files, the value of full permission is 666(all users have read and write permissions); For directories, it is 777(all users have read, write, and execute permissions). Therefore, the default permissions for files are: 666-022=644; The default permission for a directory is 777-022=755.

You can change the permission of the created file or directory by modifying the umask value.

qwldeMacBook-Pro:desktop qwl$ umask 026
qwldeMacBook-Pro:desktop qwl$ touch new_file1
qwldeMacBook-Pro:desktop qwl$ ls -l new_file1
-rw-r-----  1 qwlstaff  0 10 23 17:07 new_file1
Copy the code

The permission of the created file new_file1 changed to 640. You can use this method to change the permissions of a newly created file or directory. How can you change the permissions of an already created directory or file?

Changing file Permissions

Using the chmod command, you can change the permission Settings of a file or directory. The format of the command is as follows:

The mode parameter can be set in octal or symbolic mode for security
chmod options mode file 
Copy the code

Change file permissions

qwldeMacBook-Pro:desktop qwl$ touch newfile
qwldeMacBook-Pro:desktop qwl$ ls -l newfile
-rw-r--r--  1 qwl staff  0 10 23 17:19 newfile
qwldeMacBook-Pro:desktop qwl$ chmod 755 newfile
qwldeMacBook-Pro:desktop qwl$ ls -l newfile
-rwxr-xr-x  1 qinwanli  staff  0 10 23 17:19 newfile
Copy the code

In addition to the above method of using octal values, chmod has another method, symbolic mode. Format for specifying permissions in symbolic mode: [ugoa…] [[+-=][rwxXstugo…] The first set of characters defines the object on which the permission is applied:

  • uOn behalf of the user
  • gA group
  • oOn behalf of the other
  • aRepresents all of the above

The second set of characters indicates whether to add +, subtract -, or equal to = to a certain user level, in addition to the current user’s permissions. The third set of characters indicates the permissions to be set:

  • x: Grant execute permission if the object is a directory or it has execute permission.
  • s: runtime resetUIDorGID.
  • t: Saves files or directories.
  • u: Sets the permission to be the same as that of the owner.
  • g: Sets the permission to the same as that of the parent group.
  • o: Sets permissions to be the same as those of other users.

Restore the permission of the newfile file

# Restore target
-rw-r--r--  1 qwl staff  0 10 23 17:19 newfile
# After the above modifications
-rwxr-xr-x  1 qwl staff  0 10 23 17:19 newfile
# Start restore
chmod u-x newfile
# output
-rw-r-xr-x  1 qwl staff  0 10 23 17:23 newfile
# Restore group user permissions
chmod g-x newfile
# output
-rw-r--r-x  1 qwl staff  0 10 23 17:19 newfile
# Restore other user permissions
chmod o-x newfile
# output
-rw-r--r--  1 qwl staff  0 10 23 17:19 newfile
# Restore complete
Copy the code

The resources

Linux command line and shell script programming