1. busybox中chmod
chmod用於改變文件模式。
1.1 chmod模式解讀
int FAST_FUNC bb_parse_mode(const char *s, unsigned current_mode) { static const mode_t who_mask[] = { S_ISUID | S_ISGID | S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO, /* a */ S_ISUID | S_IRWXU, /* u */---------------user的意思,表示當前用戶權限。 S_ISGID | S_IRWXG, /* g */---------------group的意思,表示當前組權限。 S_IRWXO /* o */---------------other的意思,表示其他用戶權限,不屬於本組。 }; static const mode_t perm_mask[] = { S_IRUSR | S_IRGRP | S_IROTH, /* r */ S_IWUSR | S_IWGRP | S_IWOTH, /* w */ S_IXUSR | S_IXGRP | S_IXOTH, /* x */ S_IXUSR | S_IXGRP | S_IXOTH, /* X -- special -- see below */ S_ISUID | S_ISGID, /* s */ S_ISVTX /* t */ }; static const char who_chars[] ALIGN1 = "augo"; static const char perm_chars[] ALIGN1 = "rwxXst"; ... return new_mode; }
通過chmod設置文件權限,一種是數字,一種是字符。
如果通過字符設置權限,可以使用[augo][+-=][rwxst]三種的任一組合。
其中a所有用戶,u當前用戶,g當前所在組,o其他用戶;+表示增加一個權限,-表示刪除一個權限,=表示設置正這個權限;rwx分別表示read、write、execute,s標志set-user-ID、set-group-ID,t表示sticky。
如果使用數字,chmod的參數其實是8進制,最多四位,每位從0-7表示8中狀態。
四位依次表示[sst][u-rwx][g-rwx][o-rwx]。
1.2 其他選項
-c:顯示模式修改內容。
-v:顯示更詳細內容。
2. 各種權限解讀
對權限可以分為四部分,分別是當前用戶、當前文件組、其他用戶以及其他(set-user-ID/set-group-ID/sticky)。
詳細參考:《14.9.5 The Mode Bits for Access Permission》
S_IRUSR/S_IREAD:Read permission bit for the owner of the file. On many systems this bit is 0400. S_IREAD is an obsolete synonym provided for BSD compatibility.
S_IWUSR/S_IWRITE:Write permission bit for the owner of the file. Usually 0200. S_IWRITE is an obsolete synonym provided for BSD compatibility.
S_IXUSR/S_IEXEC:Execute (for ordinary files) or search (for directories) permission bit for the owner of the file. Usually 0100. S_IEXEC is an obsolete synonym provided for BSD compatibility.
S_IRWXU:This is equivalent to ‘(S_IRUSR | S_IWUSR | S_IXUSR)’. Usually 0700.
File: 'file_u_rwx' Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: 811h/2065d Inode: 47864284 Links: 1 Access: (0700/-rwx------) Uid: ( 1000/ al) Gid: ( 1000/ al) Access: 2020-03-20 09:26:26.593237292 +0800 Modify: 2020-03-20 09:26:26.593237292 +0800 Change: 2020-03-20 09:27:10.624795739 +0800 Birth: -
S_IRGRP:Read permission bit for the group owner of the file. Usually 040.
S_IWGRP:Write permission bit for the group owner of the file. Usually 020.
S_IXGRP:Execute or search permission bit for the group owner of the file. Usually 010.
S_IRWXG:This is equivalent to ‘(S_IRGRP | S_IWGRP | S_IXGRP)’. Usually 070.
File: 'file_g_rwx' Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: 811h/2065d Inode: 47864285 Links: 1 Access: (0070/----rwx---) Uid: ( 1000/ al) Gid: ( 1000/ al) Access: 2020-03-20 09:27:39.424512040 +0800 Modify: 2020-03-20 09:27:39.424512040 +0800 Change: 2020-03-20 09:28:01.408298039 +0800 Birth: -
S_IROTH:Read permission bit for other users. Usually 04.
S_IWOTH:Write permission bit for other users. Usually 02.
S_IXOTH:Execute or search permission bit for other users. Usually 01.
S_IRWXO:This is equivalent to ‘(S_IROTH | S_IWOTH | S_IXOTH)’. Usually 07.
File: 'file_o_rwx' Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: 811h/2065d Inode: 47864286 Links: 1 Access: (0007/-------rwx) Uid: ( 1000/ al) Gid: ( 1000/ al) Access: 2020-03-20 09:28:21.112108029 +0800 Modify: 2020-03-20 09:28:21.112108029 +0800 Change: 2020-03-20 09:28:26.336057928 +0800 Birth: -
S_ISUID:This is the set-user-ID on execute bit, usually 04000. See How Change Persona.
S_ISGID:This is the set-group-ID on execute bit, usually 02000. See How Change Persona.
S_ISVTX:This is the sticky bit, usually 01000.
For a directory it gives permission to delete a file in that directory only if you own that file. Ordinarily, a user can either delete all the files in a directory or cannot delete any of them (based on whether the user has write permission for the directory). The same restriction applies—you must have both write permission for the directory and own the file you want to delete. The one exception is that the owner of the directory can delete any file in the directory, no matter who owns it (provided the owner has given himself write permission for the directory). This is commonly used for the /tmp directory, where anyone may create files but not delete files created by other users.
File: 'file_a' Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: 811h/2065d Inode: 47864287 Links: 1 Access: (7000/---S--S--T) Uid: ( 1000/ al) Gid: ( 1000/ al) Access: 2020-03-20 09:28:52.399809634 +0800 Modify: 2020-03-20 09:28:52.399809634 +0800 Change: 2020-03-20 09:58:55.247438435 +0800 Birth: -