命令行大全

chmod

瑞兹 发表于 2020-12-31 09:21浏览次数:

在像 Unix一样的操作系统中,chmod 命令设置文件或目录的权限。

查看英文版

目录:

1 chmod 运行系统环境

2 chmod 描述

3 chmod 语法

4 chmod 例子

chmod 运行系统环境

Unix&Linux

chmod 描述

在一个与Unix 一样运行的操作系统上,一组与每个文件关联的标志决定了谁可以访问该文件,以及他们如何访问该文件。这些标志称为文件权限或模式,如在"访问模式"中。命令名称chmod代表"更改模式"。它限制文件的访问权限。

有关文件模式的详细信息,请参阅什么是文件权限,以及它们是如何工作的?它包含如何定义和指定文件权限的全面说明。

通常,chmod命令采取以下形式:

chmod options permissions file name

如果未指定任何选项,chmod将文件名指定的文件的权限修改为权限指定的权限

权限定义文件所有者("用户")、拥有该文件的组成员("组")和其他人("其他人")的权限。有两种方法来表示这些权限:使用符号(字母数字字符)或八进制数字(数字07)。

假设您是名为myfile的文件的所有者,并且要设置其权限,以便:

  • user 可以read, w仪式, 和 execute 它; 
  • 你的g roup的成员可以read 和 execute 它;和 
  • o他们只能把

此命令将执行以下操作:

chmod u=rwx,g=rx,o=r myfile

此示例使用符号权限表示法。字母u, go代表 "user", "group" 和 "other".等号("=")表示"设置权限完全相同",字母"r"、"w""x"分别代表"读取"、"写入"和"执行"。逗号分隔不同的权限类,它们之间没有空格。

下面是使用八进制权限表示法的等效命令:

chmod 754 myfile

这里的数字7、54分别按此顺序表示用户、组和其他人的权限。 每个数字都是数字4、2、1和 0 的组合:

  • 4代表"阅读", 
  • 2代表"写", 
  • 1代表"执行",以及 
  • 0表示"无权限"。

因此,7是权限 4+2=1(读取、写入和执行)的组合,54=0=1(读取、无写入和执行),44=0=0(读取、无写入和未执行)。

On Unix-like operating systems, a set of flags associated with each file determines who can access that file, and how they can access it. These flags are called file permissions or modes, as in "mode of access." The command name chmod stands for "change mode." It restricts the way a file can be accessed.

For more information about file modes, see What Are File Permissions, And How Do They Work? in our documentation of the umask command. It contains a comprehensive description of how to define and specify file permissions.

In general, chmod commands take the form:

chmod options permissions file name

If no options are specified, chmod modifies the permissions of the file specified by file name to the permissions specified by permissions.

permissions defines the permissions for the owner of the file (the "user"), members of the group who owns the file (the "group"), and anyone else ("others"). There are two ways to represent these permissions: with symbols (alphanumeric characters), or with octal numbers (the digits 0 through 7).

Let's say you are the owner of a file named myfile, and you want to set its permissions so that:

  • the user can read, write, and execute it; 
  • members of your group can read and execute it; and 
  • others may only read it. 

This command will do the trick:

chmod u=rwx,g=rx,o=r myfile

This example uses symbolic permissions notation. The letters ug, and o stand for "user", "group", and "other". The equals sign ("=") means "set the permissions exactly like this," and the letters "r", "w", and "x" stand for "read", "write", and "execute", respectively. The commas separate the different classes of permissions, and there are no spaces in between them.

Here is the equivalent command using octal permissions notation:

chmod 754 myfile

Here the digits 75, and 4 each individually represent the permissions for the user, group, and others, in that order. Each digit is a combination of the numbers 421, and 0:

  • 4 stands for "read", 
  • 2 stands for "write", 
  • 1 stands for "execute", and 
  • 0 stands for "no permission."

So 7 is the combination of permissions 4+2+1 (read, write, and execute), 5 is 4+0+1 (read, no write, and execute), and 4 is 4+0+0 (read, no write, and no execute).

查看英文版

查看中文版

chmod 语法

chmod [OPTION]... MODE[,MODE]... FILE...
chmod [OPTION]... OCTAL-MODE FILE...
chmod [OPTION]... --reference=RFILE FILE...

选项

-c, --changes

如 --verbose ,但仅在实际进行更改时才提供详细输出。

-f, --silent,--quiet

安静模式;禁止显示大多数错误消息。

-v, --verbose

详细模式;输出每个处理文件的诊断消息。

- - no-preserve-root

不要以任何特殊方式处理'/' (根目录),这是默认设置。

-- preserve-root

请勿\/ '上递归操作。

- - reference =RFILE

设置权限以匹配文件RFILE 的权限,忽略任何指定的模式

-R , --recursive

递归式地更改文件和目录。

- - help

显示帮助消息并退出。

- - version

输出版本信息并退出。

技术描述

chmod根据MODE更改每个指定FILE的文件模式,它可以是要更改的符号表示形式,也可以是表示新模式位位位的八进制数字。

符号模式的格式为:

	[ugoa...][[+-=][perms...]...] 

其中perms是来自集r、w、x、X、s t的零个或多个字母,或来自集u、go的单个字母。可以给出多种符号模式,用逗号分隔。

字母u、g 、o和控件的组合将更改用户对文件的访问权限:拥有该文件的用户(u)、文件组(g)、不在文件组(o)中的其他用户或所有用户(a)。 如果未给出这些,则效果就像给定的样,但在umask 中设置的位不受影响。

运算符=导致将选定的文件模式位添加到每个文件的现有文件模式位;-导致删除它们;和 =导致添加它们并导致删除未提及的位,但目录的未提及集用户和组 ID 位不受影响。

字母r, w, x, X, st为受影响的用户选择文件模式位: 读取 (r), 写入 (w), 执行 (x), 仅在文件是目录或已具有某些用户(X)执行权限时执行 , 设置用户或组 ID 执行(s),限制删除标志或粘滞位(t).对于目录,执行选项XX定义查看目录内容的权限。

您可以完全指定其中一个字母u、go:授予拥有文件的用户的权限(u)、授予文件组(g)成员的其他用户的权限,以及授予前两个类别中两个类别(o)的用户的权限。

数值模式是从 1 到 4 个八进制数字(0-7),通过将值4、2和 1的位加起来来派生。省略的数字假定为前导零。第一个数字选择设置的用户 ID (4) 和设置组 ID (2) 和受限删除或粘滞 (1) 属性。第二个数字为拥有读取(4)、写入 (2)和执行 ( 1 ) 的用户选择权限。第三个选择文件组中其他用户的权限,其值相同;第四个用于不在文件组中的其他用户,其值相同。

chmod从不更改符号链接的权限;chmod系统调用无法更改其权限。但是,这不是问题,因为从不使用符号链接的权限。但是,对于命令行上列出的每个符号链接,chmod将更改指向文件的权限。相反,chmod忽略递归目录遍历过程中遇到的符号链接。

设置和设置位

如果文件的组 ID 与用户的有效组 ID 或用户的补充组 ID 之一不匹配,则chmod将清除常规文件的设置组 ID 位,除非用户具有适当的权限。其他限制可能会导致忽略MODE 或 RFILE的设置用户ID设置组 ID位。此行为取决于基础chmod系统调用的政策和功能。如果有疑问,请检查基础系统行为。

chmod保留目录的集用户 ID 和设置组 ID 位,除非您显式指定其他位。您可以使用 u+s 和g-s 等符号模式设置清除位,并且可以使用数字模式设置(但不清楚)位。

受限删除标志(或"粘性位")

受限删除标志或粘滞位是单个位,其解释取决于文件类型。对于目录,它可防止非特权用户删除或重命名目录中的文件,除非他们拥有该文件或目录;这称为目录的受限删除标志,通常在/tmp等可写世界目录上找到。对于某些较旧系统上的常规文件,该位将程序的文本图像保存在交换设备上,以便运行时加载得更快;这称为粘性位。

查看文件的权限

列出文件权限的快速和简单的方法是ls命令的长列表 (-l) 选项。例如,若要查看文件.txt,可以使用以下命令:

ls -l file.txt

...显示如下所示的输出:

-rwxrw-r-- 1   hope   hopestaff  123   Feb 03 15:36   file.txt

以下是此信息的每个部分的含义:

-

第一个字符表示文件类型:"-"对于常规文件,"d"表示目录,"l"表示符号链接。

rwx

接下来的三个字符表示文件所有者的权限:在这种情况下,所有者可以从或x到或从或 x 执行文件。

rw -

接下来的三个字符表示文件组成员的权限。在这种情况下,文件拥有组的任何成员可能从或w仪式到文件。最后的破折号是占位符;组成员没有执行此文件的权限。

r -

"其他人"(其他人)的权限。其他人可能只 read 此文件。

1

指向此文件的硬链接数。

hope

文件的所有者。

hopestaff

文件所属的组。

123

文件的大小在块

Feb 03 15:36

文件的 mtime(上次修改文件的日期和时间)。

file.txt

文件的名称。

chmod [OPTION]... MODE[,MODE]... FILE...
chmod [OPTION]... OCTAL-MODE FILE...
chmod [OPTION]... --reference=RFILE FILE...

Options

-c--changes

Like --verbose, but gives verbose output only when a change is actually made.

-f--silent--quiet

Quiet mode; suppress most error messages.

-v--verbose

Verbose mode; output a diagnostic message for every file processed.

--no-preserve-root

Do not treat '/' (the root directory) in any special way, which is the default setting.

--preserve-root

Do not operate recursively on '/'.

--reference=RFILE

Set permissions to match those of file RFILE, ignoring any specified MODE.

-R--recursive

Change files and directories recursively.

--help

Display a help message and exit.

--version

Output version information and exit.

Technical Description

chmod changes the file mode of each specified FILE according to MODE, which can be either a symbolic representation of changes to make, or an octal number representing the bit pattern for the new mode bits.

The format of a symbolic mode is:

	[ugoa...][[+-=][perms...]...] 

where perms is either zero or more letters from the set rwxXs and t, or a single letter from the set ug, and o. Multiple symbolic modes can be given, separated by commas.

A combination of the letters ugo, and a controls which users' access to the file will be changed: the user who owns it (u), other users in the file's group (g), other users not in the file's group (o), or all users (a). If none of these are given, the effect is as if a were given, but bits that are set in the umask are not affected.

The operator + causes the selected file mode bits to be added to the existing file mode bits of each file; - causes them to be removed; and = causes them to be added and causes unmentioned bits to be removed except that a directory's unmentioned set user and group ID bits are not affected.

The letters rwxXs and t select file mode bits for the affected users: read (r), write (w), execute (x), execute only if the file is a directory or already has execute permission for some user (X), set user or group ID on execution (s), restricted deletion flag or sticky bit (t). For directories, the execute options X and X define permission to view the directory's contents.

Instead of one or more of these letters, you can specify exactly one of the letters ug, or o: the permissions granted to the user who owns the file (u), the permissions granted to other users who are members of the file's group (g), and the permissions granted to users that are in neither of the two preceding categories (o).

A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 42, and 1. Omitted digits are assumed to be leading zeros. The first digit selects the set user ID (4) and set group ID (2) and restricted deletion or sticky (1) attributes. The second digit selects permissions for the user who owns the read (4), write (2), and execute (1); the third selects permissions for other users in the file's group, with the same values; and the fourth for other users not in the file's group, with the same values.

chmod never changes the permissions of symbolic links; the chmod system call cannot change their permissions. However, this is not a problem since the permissions of symbolic links are never used. However, for each symbolic link listed on the command linechmod changes the permissions of the pointed-to file. In contrast, chmod ignores symbolic links encountered during recursive directory traversals.

Setuid And Setgid Bits

chmod clears the set-group-ID bit of a regular file if the file's group ID does not match the user's effective group ID or one of the user's supplementary group IDs, unless the user has appropriate privileges. Additional restrictions may cause the set-user-ID and set-group-ID bits of MODE or RFILE to be ignored. This behavior depends on the policy and functionality of the underlying chmod system call. When in doubt, check the underlying system behavior.

chmod preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise. You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the bits with a numeric mode.

Restricted Deletion Flag (or "Sticky Bit")

The restricted deletion flag or sticky bit is a single bit, whose interpretation depends on the file type. For directories, it prevents unprivileged users from removing or renaming a file in the directory unless they own the file or the directory; this is called the restricted deletion flag for the directory, and is commonly found on world-writable directories like /tmp. For regular files on some older systems, the bit saves the program's text image on the swap device so it will load more quickly when run; this is called the sticky bit.

Viewing Permissions of files

A quick and easy way to list a file's permissions are with the long listing (-l) option of the ls command. For example, to view the permissions of file.txt, you could use the command:

ls -l file.txt

...which displays output that looks like the following:

-rwxrw-r-- 1   hope   hopestaff  123   Feb 03 15:36   file.txt

Here's what each part of this information means:

-

The first character represents the file type: "-" for a regular file, "d" for a directory, "l" for a symbolic link.

rwx

The next three characters represent the permissions for the file's owner: in this case, the owner may read from, write to, ore xecute the file.

rw-

The next three characters represent the permissions for members of the file group. In this case, any member of the file's owning group may read from or write to the file. The final dash is a placeholder; group members do not have permission to execute this file.

r--

The permissions for "others" (everyone else). Others may only read this file.

1

The number of hard links to this file.

hope

The file's owner.

hopestaff

The group to whom the file belongs.

123

The size of the file in blocks.

Feb 03 15:36

The file's mtime (date and time when the file was last modified).

file.txt

The name of the file.

查看英文版

查看中文版

chmod 例子

chmod 644 file.htm

将文件的权限.htm"所有者可以读取和写入;组只能读取;其他人只能读"。

chmod -R 755 myfiles

递归 (-R) 将目录 myfile 及其包含的所有文件夹和文件的权限更改为模式755:用户可以读取、写入和执行;组成员和其他用户可以读取和执行,但不能写入。

chmod u=rw example.jpg

更改示例所有者的权限.jpg所有者可以读取和写入文件。不要更改组或其他组的权限。

chmod u+s comphope.txt

设置"设置-用户-ID"位.txt,以便任何尝试访问该文件的人这样做,如果他们是文件的所有者。

chmod u-s comphope.txt

与上述命令相反;取消设置 SUID 位。

chmod 755 file.cgi

将文件权限设置为.cgi所有者读取、写入和执行"和"由组和其他人读取和执行"。

chmod 666 file.txt

将文件权限设置为.txt"由所有人读取和写入"。

chmod a=rw file.txt

使用符号表示法完成与上述命令相同的操作。

chmod 644 file.htm

Set the permissions of file.htm to "owner can read and write; group can read only; others can read only".

chmod -R 755 myfiles

Recursively (-R) Change the permissions of the directory myfiles, and all folders and files it contains, to mode 755: User can read, write, and execute; group members and other users can read and execute, but cannot write.

chmod u=rw example.jpg

Change the permissions for the owner of example.jpg so that the owner may read and write the file. Do not change the permissions for the group, or for others.

chmod u+s comphope.txt

Set the "Set-User-ID" bit of comphope.txt, so that anyone who attempts to access that file does so as if they are the owner of the file.

chmod u-s comphope.txt

The opposite of the above command; un-sets the SUID bit.

chmod 755 file.cgi

Set the permissions of file.cgi to "read, write, and execute by owner" and "read and execute by the group and everyone else".

chmod 666 file.txt

Set the permission of file.txt to "read and write by everyone.".

chmod a=rw file.txt

Accomplishes the same thing as the above command, using symbolic notation.

查看英文版

查看中文版

发表评论
评论列表
共0条
点击加载更多