chmod
作用:更改文件或文件夹权限
注释:
a 所有用户
u 所有者
g 所有组
o 其它人
rwx 对应权限分别为4、2、1
常用选项:
-R 可递归遍历子目录,把修改应到目录下所有文件和子目录
实例:
[[email protected] ~]# touch 123 [[email protected] ~]# mkdir 321 [[email protected] ~]# ll total 4 -rw-r--r-- 1 root root 0 Mar 31 12:39 123 drwxr-xr-x 2 root root 4096 Mar 31 12:39 321 [[email protected] ~]# chmod a+w 123 [[email protected] ~]# ll total 4 -rw-rw-rw- 1 root root 0 Mar 31 12:39 123 drwxr-xr-x 2 root root 4096 Mar 31 12:39 321 [[email protected] ~]# chmod u=r-- 321 [[email protected] ~]# ll total 4 -rw-rw-rw- 1 root root 0 Mar 31 12:39 123 dr--r-xr-x 2 root root 4096 Mar 31 12:39 321 [[email protected] ~]# chmod o-x 321 [[email protected] ~]# ll total 4 -rw-rw-rw- 1 root root 0 Mar 31 12:39 123 dr--r-xr-- 2 root root 4096 Mar 31 12:39 321 [[email protected] ~]# chmod 777 123 [[email protected] ~]# ll total 4 -rwxrwxrwx 1 root root 0 Mar 31 12:39 123 dr--r-xr-- 2 root root 4096 Mar 31 12:39 321 [[email protected] ~]# [[email protected] ~]# mkdir 123 [[email protected] ~]# touch 123/321 [[email protected] ~]# ll total 4 drwxr-xr-x 2 root root 4096 Mar 31 12:41 123 [[email protected] ~]# ll 123/321 -rw-r--r-- 1 root root 0 Mar 31 12:41 123/321 [[email protected] ~]# chmod 777 123 [[email protected] ~]# ll 123 total 0 -rw-r--r-- 1 root root 0 Mar 31 12:41 321 [[email protected] ~]# ll -d 123 drwxrwxrwx 2 root root 4096 Mar 31 12:41 123 [[email protected] ~]# chmod -R 777 123 [[email protected] ~]# ll 123 total 0 -rwxrwxrwx 1 root root 0 Mar 31 12:41 321 [[email protected] ~]#
chown
作用:改变用户的所有者或所有组
常用选项:
-R 可递归遍历子目录,把修改应到目录下所有文件和子目录
实例:
[[email protected] ~]# mkdir one [[email protected] ~]# mkdir two [[email protected] ~]# mkdir three [[email protected] ~]# ll total 12 drwxr-xr-x 2 root root 4096 Mar 31 12:47 one drwxr-xr-x 2 root root 4096 Mar 31 12:47 three drwxr-xr-x 2 root root 4096 Mar 31 12:47 two [[email protected] ~]# chown jacken one [[email protected] ~]# ll total 12 drwxr-xr-x 2 jacken root 4096 Mar 31 12:47 one drwxr-xr-x 2 root root 4096 Mar 31 12:47 three drwxr-xr-x 2 root root 4096 Mar 31 12:47 two [[email protected] ~]# chown jacken: two [[email protected] ~]# ll total 12 drwxr-xr-x 2 jacken root 4096 Mar 31 12:47 one drwxr-xr-x 2 root root 4096 Mar 31 12:47 three drwxr-xr-x 2 jacken jacken 4096 Mar 31 12:47 two [[email protected] ~]# chown jacken:user1 three [[email protected] ~]# ll total 12 drwxr-xr-x 2 jacken root 4096 Mar 31 12:47 one drwxr-xr-x 2 jacken user1 4096 Mar 31 12:47 three drwxr-xr-x 2 jacken jacken 4096 Mar 31 12:47 two [[email protected] ~]# [[email protected] ~]# mkdir 1 [[email protected] ~]# touch 1/file_1 [[email protected] ~]# mkdir 2 [[email protected] ~]# touch 2/file_2 [[email protected] ~]# ll total 8 drwxr-xr-x 2 root root 4096 Mar 31 12:49 1 drwxr-xr-x 2 root root 4096 Mar 31 12:49 2 [[email protected] ~]# ll 1 2 1: total 0 -rw-r--r-- 1 root root 0 Mar 31 12:49 file_1 2: total 0 -rw-r--r-- 1 root root 0 Mar 31 12:49 file_2 [[email protected] ~]# chown jacken:user1 1 [[email protected] ~]# chown -R jacken:user1 2 [[email protected] ~]# ll total 8 drwxr-xr-x 2 jacken user1 4096 Mar 31 12:49 1 drwxr-xr-x 2 jacken user1 4096 Mar 31 12:49 2 [[email protected] ~]# ll 1 2 1: total 0 -rw-r--r-- 1 root root 0 Mar 31 12:49 file_1 2: total 0 -rw-r--r-- 1 jacken user1 0 Mar 31 12:49 file_2 [[email protected] ~]#
chgrp
作用:改变文件或文件夹的组
常用选项:
-R 遍历子目录,把修改应到目录下所有文件和子目录
实例:
[[email protected] ~]# mkdir hi [[email protected] ~]# touch hi/hi_hi [[email protected] ~]# mkdir hello [[email protected] ~]# touch hello/hello_hello [[email protected] ~]# ll total 8 drwxr-xr-x 2 root root 4096 Mar 31 12:52 hello drwxr-xr-x 2 root root 4096 Mar 31 12:52 hi [[email protected] ~]# ll hi/ hello/ hello/: total 0 -rw-r--r-- 1 root root 0 Mar 31 12:52 hello_hello hi/: total 0 -rw-r--r-- 1 root root 0 Mar 31 12:52 hi_hi [[email protected] ~]# chgrp jacken hello [[email protected] ~]# ll total 8 drwxr-xr-x 2 root jacken 4096 Mar 31 12:52 hello drwxr-xr-x 2 root root 4096 Mar 31 12:52 hi [[email protected] ~]# ll hello/ total 0 -rw-r--r-- 1 root root 0 Mar 31 12:52 hello_hello [[email protected] ~]# chgrp -R jacken hi [[email protected] ~]# ll hi/ total 0 -rw-r--r-- 1 root jacken 0 Mar 31 12:52 hi_hi [[email protected] ~]#
lsattr
作用:查看文件的隐藏权限
常用选项:
-R:递归列示目录及文件属性。
-V:显示程序版本号。
-a:显示所有文件属性,包括隐藏文件(.)、当时目录(./)及上层目录(../)。
-d:仅列示目录属性。
-l:(此参数目前没有任何作用)。
-v:显示文件或目录版本。
实例:
[[email protected] ~]# lsattr -R -------------e- ./123 -------------e- ./hi ./hi: -------------e- ./hi/hi_hi -------------e- ./hello ./hello: -------------e- ./hello/hello_hello [[email protected] ~]#
chattr
作用:修改文件或目录隐藏权限
常用选项:
-R:递归处理,将指定目录下的所有文件及子目录一并处理
+ :在原有参数设定基础上,追加参数。
- :在原有参数设定基础上,移除参数。
= :更新为指定参数设定
A:文件或目录的 atime (access time)不可被修改(modified), 可以有效预防例如手提电脑磁盘I/O错误的发生
a:即append,设定该参数后,只能向文件中添加数据,而不能删除,多用于服务器日志文件安全,只有root才能设定这个属性
d:即no dump,设定文件不能成为dump程序的备份目标
i:设定文件不能被删除、改名、设定链接关系,同时不能写入或新增内容。i参数对于文件 系统的安全设置有很大帮助
实例:
[[email protected] ~]# touch 123 [[email protected] ~]# chattr +i 123 [[email protected] ~]# lsattr 123 ----i--------e- 123 [[email protected] ~]# echo hi > 123 -bash: 123: Permission denied [[email protected] ~]# echo hi >> 123 -bash: 123: Permission denied [[email protected] ~]# vim 123 [[email protected] ~]# rm -rf 123 rm: cannot remove `123‘: Operation not permitted [[email protected] ~]# [[email protected] ~]# touch 456 [[email protected] ~]# chattr +a 456 [[email protected] ~]# lsattr 456 -----a-------e- 456 [[email protected] ~]# vim 456 [[email protected] ~]# cat 456 [[email protected] ~]# echo new > 456 -bash: 456: Operation not permitted [[email protected] ~]# echo new2 >> 456 [[email protected] ~]# cat 456 new2 [[email protected] ~]# rm -rf 456 rm: cannot remove `456‘: Operation not permitted [[email protected] ~]#
setfacl
作用:设置特殊权限
常用选项:
-m 修改文件或目录的acl规则
-x 删除文件或目录的acl规则
-d 设定默认的acl规则
实例:
[[email protected] ~]# cd / [[email protected] /]# touch 123 [[email protected] /]# setfacl -m jacken:rw- 123 [[email protected] /]# getfacl 123 # file: 123 # owner: root # group: root user::rw- user:jacken:rw- group::r-- mask::rw- other::r-- [[email protected] /]# su - user1 [[email protected] ~]$ echo "hi" > /123 -bash: /123: Permission denied [[email protected] ~]$ exit logout [[email protected] /]# su - jacken [[email protected] ~]$ echo "hi" > /123 [[email protected] ~]$ cat /123 hi [[email protected] ~]$ [[email protected] /]# setfacl -x u:jacken /123 [[email protected] /]# getfacl /123 getfacl: Removing leading ‘/‘ from absolute path names # file: 123 # owner: root # group: root user::rw- group::r-- mask::r-- other::r-- [[email protected] /]#
时间: 2024-10-06 20:27:52