Difference between revisions of "Centos Permissions"
Line 11: | Line 11: | ||
A user who does not have the execute permission to a directory is prevented from listing the directory’s contents, adding and removing files, and working with files and subdirectories inside that directory, regardless of what permissions the user has to them. In short, a quick way to deny a user from accessing a directory and all of its contents in Linux is to take away the execute per- mission on that directory. Because the execute permission on a directory is crucial for user access, it is commonly given to all users via the other category, unless the directory must be private. | A user who does not have the execute permission to a directory is prevented from listing the directory’s contents, adding and removing files, and working with files and subdirectories inside that directory, regardless of what permissions the user has to them. In short, a quick way to deny a user from accessing a directory and all of its contents in Linux is to take away the execute per- mission on that directory. Because the execute permission on a directory is crucial for user access, it is commonly given to all users via the other category, unless the directory must be private. | ||
[[File:Linuxusergroup.jpg|740x200px|frameless|left|userpermission]] | [[File:Linuxusergroup.jpg|740x200px|frameless|left|userpermission]] | ||
<br> | <br><br><br><br> | ||
Revision as of 18:48, 5 February 2019
View your current username
whoami
View your group membership
groups
Change Group
chgrp sys file1 chgrp -R sys Desktop
Chown changes ownership and group ownership of a file
chown user1.root file1 chown -R user1.root Desktop
A user who does not have the execute permission to a directory is prevented from listing the directory’s contents, adding and removing files, and working with files and subdirectories inside that directory, regardless of what permissions the user has to them. In short, a quick way to deny a user from accessing a directory and all of its contents in Linux is to take away the execute per- mission on that directory. Because the execute permission on a directory is crucial for user access, it is commonly given to all users via the other category, unless the directory must be private.
To change the mode of file1 to rw-r--r--, you must add the write permission to the user of the file, add the read permission and take away the write permission for the group of the file, and add the read permission and take away the execute permission for other.
chmod u+w,g+r-w,o+r-x file1
If the permissions to be changed are identical for the user, group, and other categories, you can use the “a” character to refer to all categories.
chmod a+x file1
All of the aforementioned chmod examples use the symbols listed in Table 4-5 as the criteria used to change the permissions on a file or directory. You might instead choose to use numeric criteria with the chmod command to change permissions. All permissions are stored in the inode of a file or directory as binary powers of two:
- read=2^2=4
- write=2^1=2
- execute=2^0 =1
Thus, the mode of a file or directory can be represented using the numbers 421421421 instead of rwxrwxrwx. Because permissions are grouped into the categories user, group, and other, you can then simplify this further by using only three numbers, one for each category that represents the sum of the permissions, as depicted in Figure 4-4. Similarly, to represent the mode rw-r--r--, you can use the numbers 644 because user has read and write (4 þ 2 = 6), group has read (4), and other has read (4). The mode rwxr-x--- can also be represented by 750 because user has read, write, and execute (4 þ 2 þ 1 = 7), group has read and execute (4 þ 1 = 5), and other has nothing (0). Table 4-6 provides a list of the different permissions and their corresponding numbers.