179-182.html

来自「linux-unix130.linux.and.unix.ebooks130 l」· HTML 代码 · 共 178 行

<HTML>
<HEAD>
<TITLE>Linux Unleashed, Third Edition:File and Directory Permissions</TITLE>
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!--ISBN=0672313723//-->
<!--TITLE=Linux Unleashed, Third Edition//-->
<!--AUTHOR=Tim Parker//-->
<!--PUBLISHER=Macmillan Computer Publishing//-->
<!--IMPRINT=Sams//-->
<!--CHAPTER=9//-->
<!--PAGES=179-182//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->

<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="176-179.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="182-184.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<P>In the case of <TT>myfile</TT>, the owner has <TT>rw-</TT>, which means read and write permissions. This file cannot be executed by typing <TT>myfile</TT> at the Linux prompt since there is no execute permission. The group permissions are <TT>r--</TT>, which means that members of the group <TT>users</TT> can read the file but cannot change it or execute it. Likewise, the permissions for all others are <TT>r--</TT>, or read-only.</P>
<H3><A NAME="Heading7"></A><FONT COLOR="#000077">UMASK Settings</FONT></H3>
<P>When you create a file (such as with redirection), how does Linux know which file permissions to assign? The answer is that a variable called the UMASK (user file creation mask) contains the instructions for every file you create. The system administrator can set the UMASK setting for any user or for the entire set of users on the whole system. You can change your own UMASK setting, but not that of others (unless you are logged in as <TT>root</TT>).</P>
<P>The value of UMASK can be shown at any time by typing the command <TT>umask</TT> (lowercase to distinguish it from the environment variable UMASK) at the shell prompt:</P>
<!-- CODE SNIP //-->
<PRE>
&#36; umask
022
</PRE>
<!-- END CODE SNIP //-->
<P>You may have four numbers instead of three, but the first one doesn&#146;t mean anything so simply ignore it. What do the numbers mean? They are a set of octal numbers which indicate the user, group, and other permissions. The valid set of numbers in the <TT>umask</TT> command are shown in Table 9.1.</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT><B>Table 9.1.</B> Octal values used by <TT>UMASK</TT> and their meanings.
<TR>
<TH COLSPAN="2"><HR>
<TR>
<TH WIDTH="30%" ALIGN="LEFT">Octal number
<TH WIDTH="70%" ALIGN="LEFT">Permissions granted
<TR>
<TH COLSPAN="2"><HR>
<TR>
<TD>0
<TD>Read and write (and execute for directories)
<TR>
<TD>1
<TD>Read and write
<TR>
<TD>2
<TD>Read (and execute for directories)
<TR>
<TD>3
<TD>Read
<TR>
<TD>4
<TD>Write (and execute for directories)
<TR>
<TD>5
<TD>Write
<TR>
<TD>6
<TD>Execute for directories only
<TR>
<TD>7
<TD>No permissions
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P>In the UMASK setting of 022 shown earlier, the simple translation, according to this table, is that the user has read and write permissions (and execute for directories), while <TT>group</TT> and <TT>other</TT> have read-only (and execute for directories). This corresponds to the following directory block:</P>
<!-- CODE SNIP //-->
<PRE>
rw-r--r--
</PRE>
<!-- END CODE SNIP //-->
<P>The column regarding execute for directories shows that if you were to create a directory with this UMASK setting, the permissions would include execute (which allows <TT>cd</TT> to be used to change that directory). The permission block for a directory created with this set of <TT>umask</TT> values would be as follows:</P>
<!-- CODE SNIP //-->
<PRE>
rwxr-xr-x
</PRE>
<!-- END CODE SNIP //-->
<P>Note that there is no way to automatically assign execute permission to a file using the file creation mask. This was done intentionally so that you, the system administrator, have to manually set the execute permission on a file.
</P>
<P>To change your UMASK setting, specify the three new values you want to use. For example, the setting 077 removes all permissions for group and other:</P>
<!-- CODE //-->
<PRE>
&#36; umask
0022
&#36; who &gt; file1
&#36; ls -l
total 2
-rw-r--r--   1 tparker group     37 May 9 11:18 file1
&#36; umask 077
&#36; who &gt; file2
&#36; ls -l
total 4
-rw-r--r--   1 tparker group     37 May 9 11:18 file1
-rw-------   1 tparker group     37 May 9 11:18 file2
</PRE>
<!-- END CODE //-->
<P>Notice that the permissions of file2 have set no access for members of the group or for the other users on the system. Only the owner has access to this file. Your UMASK setting is in effect until you log out.
</P>
<H3><A NAME="Heading8"></A><FONT COLOR="#000077">Changing File Permissions</FONT></H3>
<P>You will probably be happy with the default permissions on your files for a while. Eventually, though, you will want to change them, either to add execute permission to a program that you own (so you can run it) or to let others have better or more restrictive access. To change file permissions, UNIX uses the <TT>chmod</TT> (change mode of a file) command.</P>
<P>The syntax of the <TT>chmod</TT> command is</P>
<!-- CODE SNIP //-->
<PRE>
chmod &lt;specification&gt; file.
</PRE>
<!-- END CODE SNIP //-->
<P>There are two ways to write the permission specification. One is by using the numeric coding system for permissions (called <I>absolute setting</I>) or by using letters (called <I>symbolic setting</I>). The latter is easier to understand, so let&#146;s start with that.</P>
<P>Using symbolic setting of permissions, you specify which of the permissions to change from the four possible sets of <TT>u</TT> (user), <TT>g</TT> (group), <TT>o</TT> (other), or <TT>a</TT> (all). You can use any combination of these as well, in order to change just <TT>group</TT> and other permissions and leave <TT>user</TT> alone. This set of letters is followed by a <B>&#43;</B> to add permissions or a <B>-</B> to remove them. This in turn is followed by the permissions to be added or removed from the letter r (read), w (write), or x (execute), or any combination of the three letters.</P>
<P>The general syntax of this approach is</P>
<!-- CODE SNIP //-->
<PRE>
chmod [u|g|o][&#43;|-][r|w|x] filename &#214;
</PRE>
<!-- END CODE SNIP //-->
<P>There is no space between the three parts of the symbolic permission section of the command, but there must be a space after <TT>chmod</TT> and before the filename. A few examples make this a little clearer. To add execute permissions for the group and others, type</P>
<!-- CODE SNIP //-->
<PRE>
<B>chmod go&#43;r myfile</B>
</PRE>
<!-- END CODE SNIP //-->
<P>To remove read and write permission from <TT>user</TT>, <TT>group</TT>, and <TT>other</TT> use one of the following commands:</P>
<!-- CODE SNIP //-->
<PRE>
chmod ugo-rw filename
chmod a-rw filename
</PRE>
<!-- END CODE SNIP //-->
<P>A few important notes about changing these permissions: Not all systems support <TT>a</TT> for all. If they don&#146;t, you will have to specify <TT>ugo</TT>, as shown in the preceding example. You can specify as many files as you want on the command line, either by listing them one after another separated by spaces or by using wildcards. Finally, when you change permissions using this method, it doesn&#146;t matter whether a permission was on or off when the command started because the <TT>chmod</TT> command overrides those permissions. However, if you don&#146;t specify a particular set of permissions (<TT>user</TT>, <TT>group</TT>, or <TT>other</TT>), those permissions are not touched. For example, look at the following commands:</P>
<!-- CODE //-->
<PRE>
&#36; l
total 4
-rwxrwxrwx   1 tparker group     37 May 9 11:18 file1
-rw-------   1 tparker group     37 May 9 11:18 file2
&#36; chmod go-rw file*
&#36; l
total 4
-rwx--x--x   1 tparker group     37 May 9 11:18 file1
-rw-------   1 tparker group     37 May 9 11:18 file2
</PRE>
<!-- END CODE //-->
<P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="176-179.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="182-184.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>


</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>