linux命令,系统安全相关命令--改变文件属性与权限(chgrp,chwon,chmod)

chgrp  改变所属群组

 

  chgrp命令可以变更文件或目录所属群组,当然,要被改变的组名必须要在/etc/group文件内存在才行。

chgrp基本参数:

 1 root@ubuntu:~# chgrp --help
 2 Usage: chgrp [OPTION]... GROUP FILE...
 3   or:  chgrp [OPTION]... --reference=RFILE FILE...
 4 Change the group of each FILE to GROUP.
 5 With --reference, change the group of each FILE to that of RFILE.
 6 
 7   -c, --changes          like verbose but report only when a change is made
 8       --dereference      affect the referent of each symbolic link (this is
 9                          the default), rather than the symbolic link itself
10   -h, --no-dereference   affect each symbolic link instead of any referenced
11                          file (useful only on systems that can change the
12                          ownership of a symlink)
13       --no-preserve-root  do not treat `/' specially (the default)
14       --preserve-root    fail to operate recursively on `/'
15   -f, --silent, --quiet  suppress most error messages
16       --reference=RFILE  use RFILE's group rather than specifying a
17                          GROUP value
18   -R, --recursive        operate on files and directories recursively
19   -v, --verbose          output a diagnostic for every file processed

范例1,新建文件test.txt,并将其所属群组改为gboy:

1 root@ubuntu:~# touch test.txt   <==新建文件test.txt
2 root@ubuntu:~# ls -l
3 total 0
4 -rw-r--r-- 1 root root 0 2015-07-19 02:24 test.txt    <==所属群组为root
5 root@ubuntu:~# chgrp gboy test.txt     
6 root@ubuntu:~# ls -l
7 total 0
8 -rw-r--r-- 1 root gboy 0 2015-07-19 02:24 test.txt    <==所属群组成功改为gboy

*可以发现,test.txt的所属群组成功从root改为gboy(被改变的组名必须要在/etc/group文件中存在,否则会报错)

 

  有时候,我们会需要改变指定目录以及其子目录下的所有文件的群组属性,这个时候就需要加上-R参数,进行递归的持续更改。

范例2,新建文件夹test,在其内新建文件test1.txt,test2.txt,更改其目录以及其子目录下的所有文件的群组属性:

 1 root@ubuntu:~# mkdir test    <==新建文件夹test
 2 root@ubuntu:~# cd test/
 3 root@ubuntu:~/test# touch test1.txt   <==新建文件test1.txt
 4 root@ubuntu:~/test# touch test2.txt
 5 root@ubuntu:~/test# ls -l
 6 total 0
 7 -rw-r--r-- 1 root root 0 2015-07-19 02:42 test1.txt    <== 文件所属群组root
 8 -rw-r--r-- 1 root root 0 2015-07-19 02:42 test2.txt
 9 root@ubuntu:~/test# cd
10 root@ubuntu:~# chgrp -R gboy test    
11 root@ubuntu:~# ls -l
12 total 4
13 drwxr-xr-x 2 root gboy 4096 2015-07-19 02:42 test    <==文件夹test的所属群组成功改为gboy
14 root@ubuntu:~# cd test
15 root@ubuntu:~/test# ls -l
16 total 0
17 -rw-r--r-- 1 root gboy 0 2015-07-19 02:42 test1.txt
18 -rw-r--r-- 1 root gboy 0 2015-07-19 02:42 test2.txt   <==test1.txt和test2.txt所属群组成功改为gboy

 

 

chown  改变文件所有者

 

  chown命令可以将指定文件的所有者改为指定的用户或组,普通用户不能将自己的文件改变成其他的拥有者。其操作权限一般为管理员。

chown基本参数:

 1 root@ubuntu:~# chown --help
 2 Usage: chown [OPTION]... [OWNER][:[GROUP]] FILE...
 3   or:  chown [OPTION]... --reference=RFILE FILE...
 4 Change the owner and/or group of each FILE to OWNER and/or GROUP.
 5 With --reference, change the owner and group of each FILE to those of RFILE.
 6 
 7   -c, --changes          like verbose but report only when a change is made
 8       --dereference      affect the referent of each symbolic link (this is
 9                          the default), rather than the symbolic link itself
10   -h, --no-dereference   affect each symbolic link instead of any referenced
11                          file (useful only on systems that can change the
12                          ownership of a symlink)
13       --from=CURRENT_OWNER:CURRENT_GROUP
14                          change the owner and/or group of each file only if
15                          its current owner and/or group match those specified
16                          here.  Either may be omitted, in which case a match
17                          is not required for the omitted attribute
18       --no-preserve-root  do not treat `/' specially (the default)
19       --preserve-root    fail to operate recursively on `/'
20   -f, --silent, --quiet  suppress most error messages
21       --reference=RFILE  use RFILE's owner and group rather than
22                          specifying OWNER:GROUP values
23   -R, --recursive        operate on files and directories recursively
24   -v, --verbose          output a diagnostic for every file processed

 范例1,改变文件test.txt的拥有者为gboy

1 root@ubuntu:~# touch test.txt   <==新建文件test.txt
2 root@ubuntu:~# ls -l
3 total 0
4 -rw-r--r-- 1 root root 0 2015-07-19 02:24 test.txt    <==拥有者为root
5 root@ubuntu:~# chown gboy test.txt 
6 root@ubuntu:~# ls -l
7 total 0
8 -rw-r--r-- 1 gboy root 0 2015-07-19 02:53 test.txt    <==拥有者变为gboy

 范例2,改变文件test.txt的拥有者改为gboy,群组改为users

1 root@ubuntu:~# touch test.txt
2 root@ubuntu:~# ls -l
3 total 0
4 -rw-r--r-- 1 root root 0 2015-07-19 02:58 test.txt
5 root@ubuntu:~# chown gboy:users test.txt    <==":"前面是拥有者,后面是群组
6 root@ubuntu:~# ls -l
7 total 0
8 -rw-r--r-- 1 gboy users 0 2015-07-19 02:58 test.txt

范例3,将范例2中test.txt的拥有者和群组都改为root

1 root@ubuntu:~# chown root: test.txt 
2 root@ubuntu:~# ls -l
3 total 0
4 -rw-r--r-- 1 root root 0 2015-07-19 02:58 test.txt

 范例4,将范例3中test.txt群组改为users

1 -rw-r--r-- 1 root root 0 2015-07-19 02:58 test.txt
2 root@ubuntu:~# chown :users test.txt
3 root@ubuntu:~# ls -l
4 total 0
5 -rw-r--r-- 1 root users 0 2015-07-19 02:58 test.txt

范例5,改变目录以及其子目录下的所有文件的拥有者和群组 

 1 root@ubuntu:~# mkdir test   <==创建文件夹test
 2 root@ubuntu:~# ls -l
 3 total 4
 4 drwxr-xr-x 2 root root 4096 2015-07-19 03:56 test   <==test文件夹的拥有者和群组都为root
 5 root@ubuntu:~# cd test
 6 root@ubuntu:~/test# touch test1.txt     <== 创建文件test1.txt,test2.txt
 7 root@ubuntu:~/test# touch test2.txt
 8 root@ubuntu:~/test# ls -l
 9 total 0
10 -rw-r--r-- 1 root root 0 2015-07-19 03:56 test1.txt    <== test1.txt和test2.txt的拥有者和群组都为root
11 -rw-r--r-- 1 root root 0 2015-07-19 03:56 test2.txt
12 root@ubuntu:~/test# cd
13 root@ubuntu:~# chown -R -v gboy:users test    <==改变权限的命令
14 changed ownership of `test/test2.txt' to gboy:users
15 changed ownership of `test/test1.txt' to gboy:users
16 changed ownership of `test' to gboy:users
17 root@ubuntu:~# ls -l
18 total 4
19 drwxr-xr-x 2 gboy users 4096 2015-07-19 03:56 test    <==test文件夹的拥有者变为gboy,群组变为users
20 root@ubuntu:~# cd test
21 root@ubuntu:~/test# ls -l
22 total 0
23 -rw-r--r-- 1 gboy users 0 2015-07-19 03:56 test1.txt   <==test1.txt和test2.txt的拥有者变为gboy,群组变为users
24 -rw-r--r-- 1 gboy users 0 2015-07-19 03:56 test2.txt

*chown -R -v gboy:users test中,-R是进行递归的持续更改,-V是显示详细的处理信息,表示将test目录以及其子目录下的test1.txt和test2.txt的拥有者改为gboy,群组改为 users

 

chmod  改变文件权限

   chmod命令用于改变Linux系统文件或目录的访问权限。权限的设置方法有两种,分别可以用数字或者符号进行权限的更改

基本参数:

 1 root@ubuntu:~# chmod --help
 2 Usage: chmod [OPTION]... MODE[,MODE]... FILE...
 3   or:  chmod [OPTION]... OCTAL-MODE FILE...
 4   or:  chmod [OPTION]... --reference=RFILE FILE...
 5 Change the mode of each FILE to MODE.
 6 
 7   -c, --changes           like verbose but report only when a change is made
 8       --no-preserve-root  do not treat `/' specially (the default)
 9       --preserve-root     fail to operate recursively on `/'
10   -f, --silent, --quiet   suppress most error messages
11   -v, --verbose           output a diagnostic for every file processed
12       --reference=RFILE   use RFILE's mode instead of MODE values
13   -R, --recursive         change files and directories recursively
14       --help     display this help and exit
15       --version  output version information and exit
16 
17 Each MODE is of the form `[ugoa]*([-+=]([rwxXst]*|[ugo]))+'.

 

(1)数字类型改变文件权限

  Linux中的文件有9个基本权限,分别是user(拥有者)、group(群组)、others(其他)三种身份,每种身份有各自的r(read)、w(write)、x(executive)三个权限。

  数字与字符对应关系为:r=4,w=2,x=1 (若要rwx属性则4+2+1=7,若要rw-属性则4+2=6,若要r-x属性则4+1=7)

例:当权限为[-rwxr-xr-x]时,user=rwx=4+2+1=7,group=r-x=4+1=5,others=r-x=4+1=5,则文件权限问755

  *r(read):可读取文件的实际内容

       w(write):可以编辑、新增或者修改文件的内容(不包括删除文件)

       x(execute):该文件具有可以被系统执行的权限

范例1,启用test.txt文件的所有权限(即权限为[-rwxrwxrwx]):

1 root@ubuntu:~# touch test.txt
2 root@ubuntu:~# ls -l
3 total 0
4 -rw-r--r-- 1 root root 0 2015-07-19 04:29 test.txt  <==可以发现test.txt权限为[-rw-r--r--],即644
5 root@ubuntu:~# chmod 777 test.txt
6 root@ubuntu:~# ls -l
7 total 0
8 -rwxrwxrwx 1 root root 0 2015-07-19 04:29 test.txt  <==权限改为了[-rwxrwxrwx]

 

(2)数字类型改变文件权限

  由上面的介绍可知,Linux文件有user,group,others三种身份,那么我们可以通过u,g,o来代表三种身份的权限,此外,a代表all,即全部的身份。所以,设置权限也可以用以下方式

 

          chmod

               u

               g

               o

               a

+(加入)

-(除去)

=(设置)

 

文件或目录

范例1,将test.txt文件的权限设置为[-rwxrw-r--]

1 root@ubuntu:~# ls -l
2 total 0
3 -rwxrwxrwx 1 root root 0 2015-07-19 04:29 test.txt
4 root@ubuntu:~# chmod u=rwx,g=rw,o=r test.txt
5 root@ubuntu:~# ls -l
6 total 0
7 -rwxrw-r-- 1 root root 0 2015-07-19 04:29 test.txt

范例2,将test.txt文件的权限设置为[-rwxrw-rw-]

1 root@ubuntu:~# chmod u=rwx,go=rw test.txt
2 root@ubuntu:~# ls -l
3 total 0
4 -rwxrw-rw- 1 root root 0 2015-07-19 04:29 test.txt

范例3,去掉test.txt所以身份的w权限

1 root@ubuntu:~# ls -l
2 total 0
3 -rwxrw-rw- 1 root root 0 2015-07-19 04:29 test.txt
4 root@ubuntu:~# chmod a-w test.txt
5 root@ubuntu:~# ls -l
6 total 0
7 -r-xr--r-- 1 root root 0 2015-07-19 04:29 test.txt

范例4,增加user的w权限,去掉others的r权限

1 root@ubuntu:~# ls -l
2 total 0
3 -r-xr--r-- 1 root root 0 2015-07-19 04:29 test.txt
4 root@ubuntu:~# chmod u+w,o-r test.txt
5 root@ubuntu:~# ls -l
6 total 0
7 -rwxr----- 1 root root 0 2015-07-19 04:29 test.txt

 


 




posted @ 2015-07-19 20:12  webberji  阅读(576)  评论(0编辑  收藏  举报