The command ls -l displays the permissions and associated group for any file. Here is an example of the output of this command:. These definitions can be used to interpret the example output of ls -l presented above:. This is a directory named "private", owned by user elvis and associated with Unix group elvis.
The directory has read, write, and execute permissions for the owner, and no permissions for any other user. This is a normal file named "try. It is readable and writable by the owner, but is not accessible to any other user. This is a normal file named "a. It is executable, as well as readable and writable, for the owner only. This is a directory named "share", owned by user elvis and associated with group bigsci. The owner can read and write the directory; all members of the file group bigsci can list the contents of the directory.
Presumably, this directory would contain files that also have "group read" permissions. This is a directory named "public", owned by user elvis and associated with group bigsci.
The owner can read and write the directory; all other users can only read the contents of the directory. A directory such as this would most likely contain files that have "world read" permissions.
When a file is created, the permission flags are set according to the file mode creation mask, which can be set using the umask command. The file mode creation mask sometimes referred to as "the umask" is a three-digit octal value whose nine bits correspond to fields of the permission flags.
The resulting permissions are calculated via the bitwise AND of the unary complement of the argument using bitwise NOT and the default permissions specified by the shell typically for files and for directories. Common useful values are:. In each of these examples, the access types that aren't specified are unchanged. The previous command, for example, doesn't change any existing settings specifying whether users besides yourself may have read r access to myfile.
The chmod command also operates on directories. For example, to remove write permission for other users on a subdirectory named mydir , you would enter:. To change permissions recursively in all subdirectories below the specified directory, add the -R option; for example, to grant execution permissions for other users to a directory mydir and all the subdirectories it contains, you would enter:. Be careful when setting the permissions of directories, particularly your home directory; you don't want to lock yourself out by removing your own access.
Also, you must have execute permission on a directory to switch cd to it. The other way to use the chmod command is the absolute form, in which you specify a set of three numbers that together determine all the access classes and types. Rather than being able to change only particular attributes, you must specify the entire state of the file's permissions.
The three numbers are specified in the order: user or owner , group, and other. Each number is the sum of values that specify read, write, and execute access:. You can think of the three digit sequence as the sum of attributes you select from the following table:. Sum all the accesses you wish to permit. To share a file or directory that you own with someone, you can grant read and execute privileges for that user. However, you must also set the same privileges on any parent directories above the item you're sharing; if you don't, the user can't look and change into cd all the parent directories above your file or directory.
If you think of a file system as a physical place, then permissions work like keys that let you access different directories:. Imagine the path as a physical space:. You might try to do it this way:. However, a user can't read or access a subdirectory unless the user also has x permissions to the parent directories. In other words, the above command gives out a key to your closet, but not to your room or apartment. The permissions of a file are the first line of defense in the security of a Unix system.
Directory access modes are listed and organized in the same manner as any other file. Access to a directory means that the user can read the contents. The user can look at the filenames inside the directory. A user must have execute access to the bin directory in order to execute the ls or the cd command.
To change the file or the directory permissions, you use the chmod change mode command. There are two ways to use chmod — the symbolic mode and the absolute mode. The easiest way for a beginner to modify file or directory permissions is to use the symbolic mode.
With symbolic permissions you can add, delete, or specify the permission set you want by using the operators in the following table. Here's an example using testfile.
The second way to modify permissions with the chmod command is to use a number to specify each set of permissions for the file. Each permission is assigned a value, as the following table shows, and the total of each set of permissions provides a number for that set.
Here's an example using the testfile. All the permissions mentioned above are also assigned based on the Owner and the Groups. The value of the user can be either the name of a user on the system or the user id uid of a user on the system.
0コメント