如果您是Linux 新用户(new Linux user),您可能在早期的某个时候遇到过Chmod命令。(Chmod)也许有人告诉你“chmod 777”将文件移动到某个文件夹,它成功了!那么 chmod 命令有什么作用,这些数字是什么意思呢?
本文将讨论您需要了解的有关Linux文件权限的所有信息。了解这一点对于理解 chmod 命令和与某些访问级别相对应的数字很重要。无论您使用Ubuntu、Fedora 还是更奇特的Linux 发行版,您都应该了解何时可以使用(Linux distro)CHMOD命令将权限设置为 777,以及何时应该使用不同的设置。
Linux 文件权限如何工作
在Linux中,操作系统根据文件权限、所有权和属性来确定谁可以访问某个文件。系统允许您(所有者或管理员)启用对各种文件和目录的访问限制。您可以通过仅向您信任的用户和程序授予访问权限来提高系统的安全性。
了解用户类(Understanding User Classes)
一个特定的用户和一个组拥有每个文件和目录。这意味着您可以为三类用户(three categories of users)分配特定级别的访问权限。这些用户分类如下:
通过右键单击任何目录,选择Properties并转到Permissions选项卡,您可以在Ubuntu中直观地看到这些组。
所有者(Owner)是拥有所有权力的人。通常,他们拥有对每个文件和目录的完全访问权限,并且还可以更改其他用户的文件权限。
该组由许多用户组成,这些用户对(Group)所有者(Owner)提供的文件或目录具有一定的访问权限。例如,可以将一组用户排除在修改文件之外,同时授予其查看该文件的访问权限。
Others类仅代表不属于其他两个类别的访客用户。默认情况下,他们的访问级别通常受到限制。由所有者(Owner)决定来宾用户可以做什么或不可以做什么。
了解文件权限级别(Understanding File Permission Levels)
作为所有者(Owner),您可以为您的文件和目录分配三个级别的访问权限:
- 读取(Read):它使您可以有限地访问文件或目录。您所能做的就是读取文件或查看目录的内容。您不能编辑文件,也不能将任何新文件删除或添加到目录中。
- 写入(Write):它允许您读取和编辑文件。如果您将此级别的访问权限分配给目录,您还可以删除或添加文件。
- Execute:仅在运行或执行文件时才重要。例如,您不能在没有Execute权限的情况下运行脚本或程序。
通过组合类和权限,您可以控制特定用户对文件或目录的访问权限。
许可符号(Symbols)和数字(Numbers)解释
文件权限以数字或符号表示。您可以使用符号和数字来更改文件和目录权限。最简单的方法是使用数字,但您也应该了解符号。那么我们先来看看文件权限背后的符号。
文件权限符号(File Permission Symbols)
如果您在终端中键入以下命令,则可以查看您对某个目录中所有内容的权限:
ls -l
您可以使用cd命令导航到任何目录。如果您是一个完整的初学者,请查看我们关于基本 Linux 命令(basic Linux commands)的文章。
在我们的示例中,该目录包含另外两个目录和一个文件。权限使用 (1+) 9 个符号编写,这些符号可以拆分为三元组以便于理解。让我们检查一下Books目录的第一组权限:
drwxrwxr-x
让我们拆分它以提高可读性:
d rwx rwx rx
第一个符号是d,它代表目录。如果它是一个文件,它也可以是一个短划线符号,如您在Outline.docx文件的第三组权限中所见。
接下来,我们有三组符号。第一组代表 Owner 的权限级别,第二组代表Group类,第三组代表 Others。
每组 3 个符号表示按顺序读取、写入、执行。因此,所有者(Owner)有权读取、写入和执行在测试(Test)目录中找到的所有文件和目录。这是一个视觉表示:
当您看到破折号而不是 r、w 或 x 时,表示权限不存在。
文件许可编号(File Permission Numbers)
文件权限的数字格式很简单。本质上,文件权限代码是三位数字:
- 第一个用于文件所有者。
- 第二个代表文件的组。
- 最后一个数字是给其他人的。
数字范围从 0 到 7,其中:
- 4 = 阅读。
- 2 = 写入。
- 1 = 执行。
- 0 = 没有权限。
每个类的权限位数是通过将权限的值相加来确定的。换句话说,每个类的每个数字都可以是 4、2、1 和 0 的总和。这是权限的完整列表:
- 0 (0 + 0 + 0) = 用户类没有任何权限。
- 1 (0 + 0 + 1) =仅执行(Execute)权限。
- 2 (0 + 2 + 0) =仅写(Write)权限。
- 3 (0 + 2 + 1) =写入(Write)和执行权限。
- 4 (4 + 0 + 0) =只读(Read)权限。
- 5 (4 + 0 + 1) =读取(Read)和执行权限。
- 6 (4 + 2 + 0) =读写(Read)权限。
- 7 (4 + 2 + 1) = 所有权限。
例如,644 权限表示文件所有者具有读写权限,而其他两个类只有读取权限。使用数字格式设置权限只需要基本的数学运算。
许可 777
您可能已经猜到了,777 权限为所有三个用户类提供读取、写入和执行权限。换句话说,任何有权访问您的系统的人都可以读取、修改和执行文件。仅当您信任所有用户并且无需担心安全漏洞时才使用它。
Permission 777 经常使用,因为它很方便,但您应该谨慎使用它。事实上,我们建议不要使用它,因为安全风险太大。未经授权的用户可能会破坏您的系统,或者例如更改您的网站以分发恶意软件。
您应该改为授予权限 755。这样,您作为文件所有者就可以完全访问某个文件或目录,而其他人可以读取和执行,但未经您的批准不得进行任何修改。
使用Chmod(Chmod)修改文件(File)权限
您可以在 chmod 命令的帮助下更改文件权限。在没有任何其他变量的情况下使用此命令的最基本方法如下:
chmod 777 文件名(chmod 777 filename)
将“(Replace “) filename”替换为文件名及其路径。
请记住,唯一有权更改文件权限的用户是具有 root 访问权限的用户、文件所有者以及具有sudo权限的任何其他人。
Linux File Permissions – What Is Chmod 777 and How to Use It
If you’rе a new Linux user, you probably encountered the Chmod command at some point early on. Perhaps someone told you to “chmod 777” to move a file to a certain folder, and it worked! So what does the chmod command do and what do the numbers mean?
This article will discuss everything you need to know about Linux file permissions. It’s important to know this to understand the chmod command and the numbers that correspond to certain access levels. Whether you use Ubuntu, Fedora, or a more exotic Linux distro you should understand when it’s okay to set permissions to 777 using the CHMOD command and when you should use a different setting.
How Linux File Permissions Work
In Linux, the operating system determines who can access a certain file based on file permission, ownership, and attributes. The system allows you, the owner or admin, to enable access restrictions to various files and directories. You can improve the security of your system by giving access only to users and programs you trust.
Understanding User Classes
A specific user and a group own every single file and directory. This means there are three categories of users to which you can assign a certain level of access. These users are classified as follows:
You can see these groups visually in Ubuntu by right-clicking on any directory, selecting Properties, and going to the Permissions tab.
The Owner is the person with all the power. Usually, they have full access to every file and directory and can change the file permissions of other users as well.
The Group consists of a number of users that have a certain level of access to a file or directory given by the Owner. For example, a group of users can be excluded from modifying a file while being granted access to view that file.
The Others class simply represents guest users that don’t fall into the other two categories. By default, their level of access is usually restricted. It’s up to the Owner to determine what guests users can or can’t do.
Understanding File Permission Levels
As the Owner you can assign three levels of access to your files and directories:
- Read: It gives you limited access to a file or directory. All you can do is read the file or view the directory’s contents. You can’t edit files, and you can’t remove or add any new files to the directory.
- Write: It lets you read and edit files. If you assign this level of access to a directory, you can also remove or add files.
- Execute: It’s only important when running or executing files. For example, you can’t run a script or a program without permission to Execute.
By combining Classes and Permissions, you can control how much access a specific user has to a file or directory.
Permission Symbols and Numbers Explained
File permissions are represented numerically or symbolically. You can use both symbols and numbers to change file and directory permissions. The easiest method is with numbers, but you should also understand the symbols. So let’s take a look at the symbols behind file permissions first.
File Permission Symbols
You can view your permissions for all content in a certain directory if you type the following command in the terminal:
ls -l
You can navigate to any directory by using the cd command. If you’re a complete beginner, check out our article on basic Linux commands.
In our example, the directory contains two other directories and one file. The permissions are written using (1+) 9 symbols that can be split into triplets for an easier understanding. Let’s examine the first set of permissions for the Books directory:
drwxrwxr-x
Let’s split it for readability:
d rwx rwx r-x
The first symbol is d, and it stands for directory. It can also be a dash symbol if it’s a file, as you can see in the third set of permissions for the Outline.docx file.
Next, we have three groups of symbols. The first group represents the Owner’s permission levels, the second group is for the Group class, and the third represents Others.
Each set of 3 symbols means read, write, execute – in that order. So the Owner has permission to read, write, and execute all files and directories found inside the Test directory. Here’s a visual representation:
When you see a dash symbol instead of r, w, or x, it means that permission doesn’t exist.
File Permission Numbers
The numeric format for file permissions is simple. In essence, the file permission codes have three digits:
- The first one is for the file owner.
- The second one represents the file’s group.
- The last digit is for everyone else.
The digits range from 0 to 7 where:
- 4 = read.
- 2 = write.
- 1 = execute.
- 0 = no permission.
The permission digit of each class is determined by summing up the values of the permissions. In other words, each digit for each class can be the sum of 4, 2, 1, and 0. Here’s a full list of permissions:
- 0 (0 + 0 + 0) = The user class doesn’t have any permissions.
- 1 (0 + 0 + 1) = Execute permission only.
- 2 (0 + 2 + 0) = Write permission only.
- 3 (0 + 2 + 1) = Write and execute permissions.
- 4 (4 + 0 + 0) = Read permission only.
- 5 (4 + 0 + 1) = Read and execute permissions.
- 6 (4 + 2 + 0) = Read and write permissions.
- 7 (4 + 2 + 1) = All permissions.
For example, a 644 permission means that the file owner has read and write permissions, while the other two classes have only read permission. Setting permissions by using the number format requires only basic math.
Permission 777
As you’ve probably already guessed, a 777 permission gives read, write, and execute permissions to all three user classes. In other words, anyone who has access to your system can read, modify, and execute files. Use it only when you trust all your users and don’t need to worry about security breaches.
Permission 777 is used often because it’s convenient, but you should use it sparingly. In fact, we recommend never using it because the security risks are too great. An unauthorized user could compromise your system or, for example, change your website to distribute malware.
You should give permission 755 instead. That way, you as the file owner have full access to a certain file or directory, while everyone else can read and execute, but not make any modifications without your approval.
Modifying File Permissions with Chmod
You can change file permission with the help of the chmod command. The most basic way of using this command without any other variables is as follows:
chmod 777 filename
Replace “filename” with the name of the file and its path.
Keep in mind that the only users with the power to change file permissions are those with root access, the file owners, and anyone else with sudo powers.
