Published Book on Amazon
All of IOT Starting with the Latest Raspberry Pi from Beginner to Advanced – Volume 1 | |
All of IOT Starting with the Latest Raspberry Pi from Beginner to Advanced – Volume 2 |
출판된 한글판 도서
최신 라즈베리파이(Raspberry Pi)로 시작하는 사물인터넷(IOT)의 모든 것 – 초보에서 고급까지 (상) | |
최신 라즈베리파이(Raspberry Pi)로 시작하는 사물인터넷(IOT)의 모든 것 – 초보에서 고급까지 (하) |
Original Book Contents
13.2.2 Changing Permissions on File
13.2.2.1 Changing Permission with "chmod" Command
To change processing permissions on a file, use the "chmod" command. This command specifies user scope, operation type, and permission type.
[Command Format]
chmod [OPTION]... MODE[,MODE]... FILE... |
[Command Overview]
■ This changes the permission on a file.
■ User privilege -- Super user.
[Detail Description]
■ This command adjusts the processing permission by changing the file mode bit for a specific file.
■ You can use symbolic representation and numeric representation to define the contents of a privilege.
[Main Option]
--help | display this help and exit |
-R, --recursive | operate on files and directories recursively When working on a directory, all of the directorys and files under the directory are changed at once |
13.2.2.2 Changing Permission by Symbol Representation
This command must specify user scope, operation type, and permission type. It can be specified in the following symbolic representation format:
item | parameter | meaning | description |
user scope | u | owner | owner user |
g | group | owner group | |
o | other | other user | |
a | all | all user | |
operation type | + | grand | add permission |
- | deprive | delete permission | |
= | only | set execlusive permission | |
permission type | r | read | read |
w | write | write | |
x | execute | execute |
■ User scope of permission change
It means the range of users whose permissions are changed for a specific file. In other words, when specifying permission for a file, it specifies which permission should be changed among permissions that are classified as owner user, owner group, and other users. Here, paramenter "a" changes permissions for all users, ie, owner user, owner group and other users at the same time.
When you issue a command, you can specify multiple symbols that specify the scope of this user at the same time, allowing you to change multiple user permissions at once. That is, "ug" changes the permission of the owner user and owner group, and "uo" changes the permission of the owner user and other users. Also, "ugo" means owner user, owner group, and other users, and has the same effect as "a".
■ Operation type of permission change
Here, it specifies whether to grant additional authority or deprive existing authority. "+" has the function to grant new permissions, and "-" has the function to remove existing permissions. "=" performs a little special function, which removes all but the authority specified in this operation. For example, if you grant "write" permission with "=" in this operation, "read" and "execute" permissions will be lost. When executing a command, you can specify only one type of operation.
■ Permission type of of permission change
This specifies what permissions you want to change. You can select and specify the permission to change for the file from among "read", "write", and "execute" permission.
When you execute a command, you can specify more than one symbol that corresponds to the permission type at the same time so that you can change multiple permissions at once, or you can specify no symbol, if necessary. In other words, "rw" means to process both "read" and "write" privilege simultaneously, and " " means not to specify any privilege.
[Used Example]
Before you start work, if you look at the detailed information about the directory you are working on, it looks like this. Please check the permissions for "user_guide01.txt" here.
pi@raspberrypi ~ $ ls ./testdata -l |
total 16 drwxr-xr-x 2 root root 4096 Mar 24 02:26 manual01 drwxr-xr-x 2 pi pi 4096 Mar 24 02:26 manual02 -rw-r--r-- 1 pi pi 18 Mar 24 02:10 user_guide01.txt -rw-r--r-- 1 pi pi 18 Mar 24 02:10 user_guide02.txt |
First, we will remove all permissions for "user_guide01.txt". We can use the symbol "a" to work on range of all users. We can use "a-rwx" to remove all privileges, but will use "a =" here. If you view the details of the file again after the operation is completed, you can see that all permissions to "user_guide01.txt" are removed.
pi@raspberrypi ~ $ sudo chmod a= ./testdata/user_guide01.txt |
pi@raspberrypi ~ $ ls ./testdata -l |
total 16 drwxr-xr-x 2 root root 4096 Mar 24 02:26 manual01 drwxr-xr-x 2 pi pi 4096 Mar 24 02:26 manual02 ---------- 1 pi pi 18 Mar 24 02:10 user_guide01.txt -rw-r--r-- 1 pi pi 18 Mar 24 02:10 user_guide02.txt |
Next, we will grant "read", "write", and "execute" permissions to both the owner user and owner group for the same file "user_guide01.txt". To work on owne user and owner group, use the symbol "ug". To grant all permissions, do the following works by using "rwx". If you check the details of the file again after the operation is completed, you can see that the permission for the file "user_guide01.txt" has been changed as follows.
pi@raspberrypi ~ $ sudo chmod ug+rwx ./testdata/user_guide01.txt |
pi@raspberrypi ~ $ ls ./testdata -l |
total 16 drwxr-xr-x 2 root root 4096 Mar 24 02:26 manual01 drwxr-xr-x 2 pi pi 4096 Mar 24 02:26 manual02 -rwxrwx--- 1 pi pi 18 Mar 24 02:10 user_guide01.txt -rw-r--r-- 1 pi pi 18 Mar 24 02:10 user_guide02.txt |
13.2.2.3 Changing Permission by Number Representation
When you change permissions, you can specify a permission type using symbols as before, but there is another way to specify a permission type in the form of numbers rather than symbols. In fact, this was the older way that the original UNIX system has used, followed by the use of symbolic representation characters.
Then, let's see how to express permissions using number. Here, the numbers are assigned in correspondence with permission one by one as follows, and the permission is expressed by using the number corresponding to the type of permission:
■ Read permission -- 4
■ Write permission -- 2
■ Execute permission -- 1
■ No permission -- 0
When expressing the permission for the user, all the numbers corresponding to the "read" permission, "write" permission, and "execution" permission are added together and expressed by a single number:
■ r-- -- 4 + 0 + 0 -- 4 -- Have read permission only
■ rw- -- 4 + 2 + 0 -- 6 -- Have read, write permission
■ rwx -- 4 + 2 + 1 -- 7 -- Have read, write, execute permission
Since the permission to the file is assigned separately to the owner user, owner group, and other users, the permission represented by the number is also assigned separately to each object, and the numbers corresponding to the permission of each object are concatenated and expressed as a single number in the L M N format. The following is a description of the permission type represented by "764" according to the object:
■ L -- Owner user -- Read, write, execute -- 4 + 2 +1 -- 7
■ M -- Owner group -- Read, write -- 4 + 2 -- 6
■ N -- Other user -- Read -- 4 -- 4
[Used Example]
Before you start works, if you look at the detailed information about the directory you are working on, it looks like this. Please check the permissions for "user_guide01.txt" here.
pi@raspberrypi ~ $ ls ./testdata -l |
total 16 drwxr-xr-x 2 root root 4096 Mar 24 02:26 manual01 drwxr-xr-x 2 pi pi 4096 Mar 24 02:26 manual02 -rwxrwx--- 1 pi pi 18 Mar 24 02:10 user_guide01.txt -rw-r--r-- 1 pi pi 18 Mar 24 02:10 user_guide02.txt |
First, let's change the permissions on file "user_guide02.txt". Owner User will be granted "read", "write", and "execute" permission, owner groups will be granted "read" and "execute" permission, and other users will be granted "execute" permission. To do so, specify "7" for owner user, "5" for owner group, and "1" for other user and work as follows. If the detailed information of the file is retrieved again after the operation is completed, you can see that the permissions of "user_guide02.txt" is changed as follows.
pi@raspberrypi ~ $ sudo chmod 751 ./testdata/user_guide02.txt |
pi@raspberrypi ~ $ ls ./testdata -l |
total 16 drwxr-xr-x 2 root root 4096 Mar 24 02:26 manual01 drwxr-xr-x 2 pi pi 4096 Mar 24 02:26 manual02 -rwxrwx--- 1 pi pi 18 Mar 24 02:10 user_guide01.txt -rwxr-x--x 1 pi pi 18 Mar 24 02:10 user_guide02.txt |