First of all, I recommend a video about Linux permissions: Basic permissions of Linux permission management. It is very well explained. After watching it, you will basically understand it.
1. File permissions and ownership
1. Files have three types of permissions. For convenience, you can use numbers instead, so You can use one number to identify the permissions of this file by adding and subtracting numbers. For example, 7=4+2+1 means that it has all three permissions: read, write and execute. 6=4+2 means that it has read and write permissions but not. Execution permissions, etc.
2, rbac permission management of Lenovo web application, etc. There is also user permission management under Linux. Users have user names and user groups. Generally, when creating a user At the same time, a group with the same name will be created to which the user belongs.
First log in with the root account and create a new directory and a file
#新建目录mkdir abc #新建文件touch abc.txt #查看ls -all
When you check it, you will find:
#d开头的为目录,-开头为文件,还有l开头的为软链接等
Look first In the blue part above, the first digit is the identifier. Remove the first digit and separate every three digits thereafter. Take the abc folder as an example: d | rwx | r-x | r-x
2. The role of each file permission
I originally wanted to test and explain, but it’s too troublesome, so let’s just tell you the results. You can create a new user yourself and then modify the permissions to test it yourself. 1. Directory a. Enter the directory, i.e. cd command. The required permission is execution permission (x) b. View the files in the directory, i.e. ls command, the required permission is read permission (r) c. Create and delete folders/files in the directory, that is, mkdir/touch naming, the required permission is write permission (w) By the way, the next directory only affects the next level, not the generation. For example, a directory abc/sub/. If abc does not have w permissions, but sub has w permissions, you can create files in sub. Of course, abc also needs If you have x permissions, otherwise you won't be able to enter, let alone create, but as long as you can enter (by switching root administrators), you will no longer be affected by abc, only sub. Generally, our directories will be given 5 (rx) permissions, which are read and execute permissions. Only directories such as image uploading or caching that need to be created will be given 7 (rwx) permissions2. File a. To open the file, you can use the cat/vim command to open it. The required permission is read permission (r) b. To modify the file, you can use the cat/vim command Open and save, the required permission is write permission (w) c. File execution, you can directly execute ./abc.out, etc., the required permission is execution permission (x) What needs to be explained here is that whether PHP is executed from the command line (similar to running php abc.php) or executed on the web side, it is called execution. It actually reads the file and parses it in the PHP kernel, so as long as you have read permission (r ). Similarly, for example, abc.sh, if you run ./abc.sh directly, you need execution permission (x), but running the sh abc.sh command requires read permission (r). Generally, our files will be given 4(r) permissions, which is read permissions. Only logs, caches, etc. that need to write content to the file will be given 6(rx) permissions The reason why the 755, 777, and 644 permissions are not mentioned above, but only a single permission, is because the permissions of your website directory cannot be guaranteed to be related to the user used during execution, which means that the user during execution may be owner, it may be group or other3. Permissions when php is executed
We connect to linux through ssh ourselves You must have a username to log in. Similarly, if PHP wants to process PHP-related files, it is also operated under a certain user. Where is the user created or defined? It is usually created when installing the PHP environment. For example, apache, nginx and other environments will create users and user groups by default, and this user is used to read php. You can confirm by viewing the configuration file:
#apache在配置文件httpd.conf User www Group www #nginx在配置文件nginx.conf user www www;Or view the process through the command:
#查看apache进程ps -ef|grep httpd #查看nginx进程ps -ef|grep nginx #查看php-pfm进行ps -ef|grep php-pfmTaking apache as an example, it will display:
root 1663 1 0 09:14 ? 00:00:00 /www/wdlinux/apache/bin/httpd//主进程www 1697 1663 0 09:14 ? 00:00:05 /www/wdlinux/apache/bin/httpd//子进程www 1698 1663 0 09:14 ? 00:00:05 /www/wdlinux/apache/bin/httpd
第一列就是显示的哪个用户在执行它,主要看非root下的。上方说明是www用户在运行apache进程来处理php文件。一般来说apache/nginx会以root来启动主线程,然后fork出子线程来处理具体的业务,而子进程在创建时会根据配置文件中的用户名和用户组通过setuid和setgid命令来设置有效用户名和有效用户组。需要注意的是“有效”这两个字,例如,某个用户名为test,其所属组test,而apache中配置文件中设置的用户名为test,但是用户组设置为abc,这时就可能很疑惑了,那组到底是按照用户名所属的组还是配置文件中设置的组呢?答案是设置的,因为通过setgid变更了,具体谷歌百度搜索“有效用户”、“实际用户”、“setuid函数”等关键字。
这里需要注意的是,如果有安装php-pfm,则应该还需要查看php-pfm执行时的用户名及用户组。(没有安装,所以没实践过)
默认的可能是nobody或者apache等其它的用户及用户组,上方是已修改过的。此时应该在网站目录中用ls-all来确认下网站文件是属于哪个用户,分几种情况说明下吧:
a、例如网站所有者是这样:
drwxr-xr-x 2 www www 4096 Jun 6 10:23 system drwxr-xr-x 2 www www 4096 Jun 6 10:23 tmp-rw-r--r-- 1 www www 0 Jun 6 10:23 index.php ...
网站所有者为www,而php执行者也为www,那说明是具有owner权限,上方system文件夹中755中的55根本不起作用,只要是7xx就会以7(rwx)的权限来执行。
b、如果网站所有者是这样:
drwxr-xr-x 2 test www 4096 Jun 6 10:23 system drwxr-xr-x 2 test www 4096 Jun 6 10:23 tmp -rw-r--r-- 1 test www 0 Jun 6 10:23 index.php ...
网站所有者为test,所属组为www,而php执行者为www,执行组为www,那说明是说在同一组中,具有group权限,上方system文件夹中755中的7和5不起作用,只要是x5x就会以5(rx)的权限来执行。
c、如果网站所有者是这样:
drwxr-xr-x 2 test test 4096 Jun 6 10:23 system drwxr-xr-x 2 test test 4096 Jun 6 10:23 tmp -rw-r--r-- 1 test test 0 Jun 6 10:23 index.php ...
网站所有者为test,所属组为test,而php执行者为www,执行组为www,那说明是说根本没什么关系,具有other权限,上方system文件夹中755中的75不起作用,只要是xx5就会以5(rx)的权限来执行。
所以不能简单的说修改权限为755,644什么的,还需要确认程序的执行者和网站的所有者才能确定权限。
目前好多集成环境为了省事(嗯,lanmpv3等),将php的执行权限和网站所在目录都设置为www,此时一般创建完目录后为755,创建文件后为644,当php执行时,起作用的目录权限为7(所有目录拥有创建删除权限)和文件权限6(所有文件具有写权限),这种是不是挺不安全的?正常应该是目录为5,文件为4,当有特殊需求时才将权限设为7。如果出现上方说的这种情况,修改的方法一是修改apache/nginx的用户和用户组,二是修改网站文件的所有者和所有组这两个方向来修改,以确保网站的安全。
以上,只是基础的权限说明。
The above is the detailed content of Linux permission management issues. For more information, please follow other related articles on the PHP Chinese website!
The Continued Use of PHP: Reasons for Its EnduranceApr 19, 2025 am 12:23 AMWhat’s still popular is the ease of use, flexibility and a strong ecosystem. 1) Ease of use and simple syntax make it the first choice for beginners. 2) Closely integrated with web development, excellent interaction with HTTP requests and database. 3) The huge ecosystem provides a wealth of tools and libraries. 4) Active community and open source nature adapts them to new needs and technology trends.
PHP and Python: Exploring Their Similarities and DifferencesApr 19, 2025 am 12:21 AMPHP and Python are both high-level programming languages that are widely used in web development, data processing and automation tasks. 1.PHP is often used to build dynamic websites and content management systems, while Python is often used to build web frameworks and data science. 2.PHP uses echo to output content, Python uses print. 3. Both support object-oriented programming, but the syntax and keywords are different. 4. PHP supports weak type conversion, while Python is more stringent. 5. PHP performance optimization includes using OPcache and asynchronous programming, while Python uses cProfile and asynchronous programming.
PHP and Python: Different Paradigms ExplainedApr 18, 2025 am 12:26 AMPHP is mainly procedural programming, but also supports object-oriented programming (OOP); Python supports a variety of paradigms, including OOP, functional and procedural programming. PHP is suitable for web development, and Python is suitable for a variety of applications such as data analysis and machine learning.
PHP and Python: A Deep Dive into Their HistoryApr 18, 2025 am 12:25 AMPHP originated in 1994 and was developed by RasmusLerdorf. It was originally used to track website visitors and gradually evolved into a server-side scripting language and was widely used in web development. Python was developed by Guidovan Rossum in the late 1980s and was first released in 1991. It emphasizes code readability and simplicity, and is suitable for scientific computing, data analysis and other fields.
Choosing Between PHP and Python: A GuideApr 18, 2025 am 12:24 AMPHP is suitable for web development and rapid prototyping, and Python is suitable for data science and machine learning. 1.PHP is used for dynamic web development, with simple syntax and suitable for rapid development. 2. Python has concise syntax, is suitable for multiple fields, and has a strong library ecosystem.
PHP and Frameworks: Modernizing the LanguageApr 18, 2025 am 12:14 AMPHP remains important in the modernization process because it supports a large number of websites and applications and adapts to development needs through frameworks. 1.PHP7 improves performance and introduces new features. 2. Modern frameworks such as Laravel, Symfony and CodeIgniter simplify development and improve code quality. 3. Performance optimization and best practices further improve application efficiency.
PHP's Impact: Web Development and BeyondApr 18, 2025 am 12:10 AMPHPhassignificantlyimpactedwebdevelopmentandextendsbeyondit.1)ItpowersmajorplatformslikeWordPressandexcelsindatabaseinteractions.2)PHP'sadaptabilityallowsittoscaleforlargeapplicationsusingframeworkslikeLaravel.3)Beyondweb,PHPisusedincommand-linescrip
How does PHP type hinting work, including scalar types, return types, union types, and nullable types?Apr 17, 2025 am 12:25 AMPHP type prompts to improve code quality and readability. 1) Scalar type tips: Since PHP7.0, basic data types are allowed to be specified in function parameters, such as int, float, etc. 2) Return type prompt: Ensure the consistency of the function return value type. 3) Union type prompt: Since PHP8.0, multiple types are allowed to be specified in function parameters or return values. 4) Nullable type prompt: Allows to include null values and handle functions that may return null values.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
SublimeText3 Chinese version
Chinese version, very easy to use
