小工具chmod设置权限解读

1. busybox中chmod

chmod用于改变文件模式。

1.1 chmod模式解读

int FAST_FUNC bb_parse_mode(const char *s, unsigned current_mode)
{
    static const mode_t who_mask[] = {
        S_ISUID | S_ISGID | S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO, /* a */
        S_ISUID | S_IRWXU,           /* u */---------------user的意思，表示当前用户权限。
        S_ISGID | S_IRWXG,           /* g */---------------group的意思，表示当前组权限。
        S_IRWXO                      /* o */---------------other的意思，表示其他用户权限，不属于本组。
    };
    static const mode_t perm_mask[] = {
        S_IRUSR | S_IRGRP | S_IROTH, /* r */
        S_IWUSR | S_IWGRP | S_IWOTH, /* w */
        S_IXUSR | S_IXGRP | S_IXOTH, /* x */
        S_IXUSR | S_IXGRP | S_IXOTH, /* X -- special -- see below */
        S_ISUID | S_ISGID,           /* s */
        S_ISVTX                      /* t */
    };
    static const char who_chars[] ALIGN1 = "augo";
    static const char perm_chars[] ALIGN1 = "rwxXst";
...
    return new_mode;
}

 通过chmod设置文件权限，一种是数字，一种是字符。

如果通过字符设置权限，可以使用[augo][+-=][rwxst]三种的任一组合。

其中a所有用户，u当前用户，g当前所在组，o其他用户；+表示增加一个权限，-表示删除一个权限，=表示设置正这个权限；rwx分别表示read、write、execute，s标志set-user-ID、set-group-ID，t表示sticky。

如果使用数字，chmod的参数其实是8进制，最多四位，每位从0-7表示8中状态。

四位依次表示[sst][u-rwx][g-rwx][o-rwx]。

1.2 其他选项

-c：显示模式修改内容。

-v：显示更详细内容。

2. 各种权限解读

对权限可以分为四部分，分别是当前用户、当前文件组、其他用户以及其他(set-user-ID/set-group-ID/sticky)。

详细参考：《14.9.5 The Mode Bits for Access Permission》

S_IRUSR/S_IREAD:Read permission bit for the owner of the file. On many systems this bit is 0400. S_IREAD is an obsolete synonym provided for BSD compatibility.

S_IWUSR/S_IWRITE:Write permission bit for the owner of the file. Usually 0200. S_IWRITE is an obsolete synonym provided for BSD compatibility.

S_IXUSR/S_IEXEC:Execute (for ordinary files) or search (for directories) permission bit for the owner of the file. Usually 0100. S_IEXEC is an obsolete synonym provided for BSD compatibility.

S_IRWXU:This is equivalent to ‘(S_IRUSR | S_IWUSR | S_IXUSR)’. Usually 0700.

  File: 'file_u_rwx'
  Size: 0             Blocks: 0          IO Block: 4096   regular empty file
Device: 811h/2065d    Inode: 47864284    Links: 1
Access: (0700/-rwx------)  Uid: ( 1000/      al)   Gid: ( 1000/      al)
Access: 2020-03-20 09:26:26.593237292 +0800
Modify: 2020-03-20 09:26:26.593237292 +0800
Change: 2020-03-20 09:27:10.624795739 +0800
 Birth: -

S_IRGRP:Read permission bit for the group owner of the file. Usually 040.

S_IWGRP:Write permission bit for the group owner of the file. Usually 020.

S_IXGRP:Execute or search permission bit for the group owner of the file. Usually 010.

S_IRWXG:This is equivalent to ‘(S_IRGRP | S_IWGRP | S_IXGRP)’. Usually 070.

  File: 'file_g_rwx'
  Size: 0             Blocks: 0          IO Block: 4096   regular empty file
Device: 811h/2065d    Inode: 47864285    Links: 1
Access: (0070/----rwx---)  Uid: ( 1000/      al)   Gid: ( 1000/      al)
Access: 2020-03-20 09:27:39.424512040 +0800
Modify: 2020-03-20 09:27:39.424512040 +0800
Change: 2020-03-20 09:28:01.408298039 +0800
 Birth: -

S_IROTH:Read permission bit for other users. Usually 04.

S_IWOTH:Write permission bit for other users. Usually 02.

S_IXOTH:Execute or search permission bit for other users. Usually 01.

S_IRWXO:This is equivalent to ‘(S_IROTH | S_IWOTH | S_IXOTH)’. Usually 07.

  File: 'file_o_rwx'
  Size: 0             Blocks: 0          IO Block: 4096   regular empty file
Device: 811h/2065d    Inode: 47864286    Links: 1
Access: (0007/-------rwx)  Uid: ( 1000/      al)   Gid: ( 1000/      al)
Access: 2020-03-20 09:28:21.112108029 +0800
Modify: 2020-03-20 09:28:21.112108029 +0800
Change: 2020-03-20 09:28:26.336057928 +0800
 Birth: -

S_ISUID:This is the set-user-ID on execute bit, usually 04000. See How Change Persona.

S_ISGID:This is the set-group-ID on execute bit, usually 02000. See How Change Persona.

S_ISVTX:This is the sticky bit, usually 01000.

    For a directory it gives permission to delete a file in that directory only if you own that file. Ordinarily, a user can either delete all the files in a directory or cannot delete any of them (based on whether the user has write permission for the directory). The same restriction applies—you must have both write permission for the directory and own the file you want to delete. The one exception is that the owner of the directory can delete any file in the directory, no matter who owns it (provided the owner has given himself write permission for the directory). This is commonly used for the /tmp directory, where anyone may create files but not delete files created by other users.

  File: 'file_a'
  Size: 0             Blocks: 0          IO Block: 4096   regular empty file
Device: 811h/2065d    Inode: 47864287    Links: 1
Access: (7000/---S--S--T)  Uid: ( 1000/      al)   Gid: ( 1000/      al)
Access: 2020-03-20 09:28:52.399809634 +0800
Modify: 2020-03-20 09:28:52.399809634 +0800
Change: 2020-03-20 09:58:55.247438435 +0800
 Birth: -