Linux os.MkDir 和 os.MkDirAll 权限值?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14249467/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
os.MkDir and os.MkDirAll permission value?
提问by Script and Compile
I'm trying to create a log file at the start of my program.
我试图在我的程序开始时创建一个日志文件。
I need to check if a "/log" directory exists if it doesn't create the directory then move on to creating the log file.
如果“/log”目录没有创建目录,我需要检查它是否存在,然后继续创建日志文件。
Well I tried to use os.Mkdir(as well as os.MkDirAll), but no matter what value I put into the second parameter I get a locked out folder with no permissions. What value should this be in order to get a read / write for user folder? I thought it would be 0x700 but it doesn't seem to work.
好吧,我尝试使用os.Mkdir(以及os.MkDirAll),但是无论我在第二个参数中输入什么值,我都会得到一个没有权限的锁定文件夹。为了获得用户文件夹的读/写,这应该是什么值?我以为它会是 0x700 但它似乎不起作用。
Thanks!
谢谢!
采纳答案by Shannon Matthews
You can use octal notation directly:
您可以直接使用八进制表示法:
os.Mkdir("dirname", 0700)
Permission Bits
权限位
+-----+---+--------------------------+
| rwx | 7 | Read, write and execute |
| rw- | 6 | Read, write |
| r-x | 5 | Read, and execute |
| r-- | 4 | Read, |
| -wx | 3 | Write and execute |
| -w- | 2 | Write |
| --x | 1 | Execute |
| --- | 0 | no permissions |
+------------------------------------+
+------------+------+-------+
| Permission | Octal| Field |
+------------+------+-------+
| rwx------ | 0700 | User |
| ---rwx--- | 0070 | Group |
| ------rwx | 0007 | Other |
+------------+------+-------+
A Unix Permission Primer
Common Permission Usages
Unix 权限入门
常见权限用法
0755Commonly used on web servers. The owner can read, write, execute. Everyone else can read and execute but not modify the file.
0755常用于网络服务器。所有者可以读、写、执行。其他所有人都可以读取和执行但不能修改文件。
0777Everyone can read write and execute. On a web server, it is not advisable to use ‘777' permission for your files and folders, as it allows anyone to add malicious code to your server.
0777每个人都可以读写和执行。在 Web 服务器上,不建议对您的文件和文件夹使用“777”权限,因为它允许任何人向您的服务器添加恶意代码。
0644Only the owner can read and write. Everyone else can only read. No one can execute the file.
0644只有所有者可以读写。其他人只能阅读。没有人可以执行该文件。
0655Only the owner can read and write, but not execute the file. Everyone else can read and execute, but cannot modify the file.
0655只有所有者可以读写文件,不能执行文件。其他人都可以读取和执行,但不能修改文件。
www.maketecheasier.com/file-permissions-what-does-chmod-777-means/
www.maketecheasier.com/file-permissions-what-does-chmod-777-means/
Directory Permissions on Linux
Linux 上的目录权限
When applying permissions to directories on Linux, the permission bits have different meanings than on regular files. (source)
在 Linux 上对目录应用权限时,权限位与普通文件的含义不同。(来源)
Read bitThe user can read the file names contained in the directory.
Write bitThe user can {add,rename,delete} files names IF the execute bit is set too.
Execute bitThe user can enter the directory and access the files inside.
读取位用户可以读取目录中包含的文件名。
写位如果执行位也被设置,用户可以{添加、重命名、删除}文件名。
执行位用户可以进入目录,访问里面的文件。
https://unix.stackexchange.com/a/21252
https://unix.stackexchange.com/a/21252
Permissions Calculator
权限计算器
A handy permissions calculator.
一个方便的权限计算器。
回答by kostix
@Daniel's statement in his answer is not really correct, and also it talks about a decimal number and then uses an octal one, as @SashaCrofter correctly pointed out in his comment.
@Daniel 在他的回答中的陈述并不完全正确,而且它谈到了一个十进制数,然后使用了一个八进制数,正如@SashaCrofter 在他的评论中正确指出的那样。
In reality, it doesn't matter what formyour permission value is in as long as it represents sensible Unix permissions.
实际上,只要它代表合理的 Unix 权限,您的权限值采用什么形式并不重要。
Since permission bits on POSIX file systems come in triples of bits — three bits for owner, group and others access, plus three bits of modifiers (such as sticky bits), — it's customary to use octal numbers to represent permissions as each digitin an octal number represents a three-bit value.
由于对POSIX文件系统权限位进来位的三元组-所有者,组和其他人访问三位,加上调节剂(如粘滞位)的三位, -这是习惯使用八进制数来表示权限,因为每个数字在八进制数表示三位值。
Hence, when you use 0700 in Go code, the leading 0 is stripped and is only there to tell the parser it sees an octal number literal, and the following three letters stand for the owner, group and others permissions, in this order. Should you, say, want to also set the group sticky bit as well as making the file system object group-readable and executable, you'd specify 02750 and so on.
因此,当您在 Go 代码中使用 0700 时,前导 0 将被去除,仅用于告诉解析器它看到一个八进制数字文字,接下来的三个字母依次代表所有者、组和其他人的权限。假设您还想设置组粘滞位并使文件系统对象组可读和可执行,您可以指定 02750 等。
Note that the actual permissions the file system object acquires is further modulated by the active umaskof the process which creates the object.
请注意,文件系统对象获得的实际权限由umask创建对象的进程的活动进一步调制。
To get more grip on these topics, it's best to read the chmodmanual pages and general literature on Unix-like operating systems.
为了更好地掌握这些主题,最好阅读chmod有关类 Unix 操作系统的手册页和一般文献。
回答by torek
Besides the other answers, remember that on Unix and Linux style operating systems, all programs run with a umasksetting. The umask, which in many cases defaults to 022 or sometimes 002, is the set of permissions that the system will automatically removefrom file and directory creation requests.
除了其他答案,请记住,在 Unix 和 Linux 风格的操作系统上,所有程序都使用umask设置运行。umask 在许多情况下默认为 022 或有时为 002,是系统将自动从文件和目录创建请求中删除的一组权限。
What this means is that most programs–there are several exceptions to this rule—should use mode 0666for creating files and mode 0777for creating directories. The user's configuration, recorded in the running process, says which of these permissions to take away. If the user's setting is 022, and we create a file with mode 0666, the actual setting we get is rw-r--r--: read and write for the user, read-only for the group, and read-only for others.
这意味着大多数程序——这个规则有几个例外——应该使用模式0666来创建文件和模式0777来创建目录。该用户的配置,记录在运行过程中,说要这些权限带走。如果用户的设置是022,并且我们创建了一个带有 mode 的文件,0666我们得到的实际设置是rw-r--r--:用户读写,组只读,其他人只读。
If a user wishes to extend writability to their group, they need only set their umask to 2: now they take away write permission for others, but leave it for their group. New files are now created with mode rw-rw-r--. The programdoes not change: it still uses 0666for its mode. But the filesare created with mode 0664.
如果用户希望将可写性扩展到他们的组,他们只需要将他们的 umask 设置为2:现在他们剥夺了其他人的写权限,但将其留给他们的组。现在使用 mode 创建新文件rw-rw-r--。该计划并没有改变:它仍然使用0666它的方式。但是文件是用 mode 创建的0664。
Similarly, if you call os.Mkdiror os.MkdirAllwith 0777, the umask will take away the unwanted permissions, leaving you with the right permissions.
同样,如果你打电话os.Mkdir或os.MkdirAll使用0777上,umask会带走不需要的权限,让你用正确的权限。
But I mentioned that there are exceptions. These include programs that make copies of sensitive information meant only for the user: these should generally use mode 0700for directories and 0600for files. They mayinclude long-running servers that act as a system user rather than any one individual ... although those servers couldbe run with a correct umask, in which case, 0777or 0666is fine.
但我提到有例外。这些包括制作仅供用户使用的敏感信息副本的程序:这些程序通常应该0700对目录和0600文件使用模式。它们可能包括作为系统用户而不是任何个人的长期运行的服务器......尽管这些服务器可以使用正确的 umask 运行,在这种情况下,0777或者0666很好。
You must apply some judgment here. Programs that are especially security-conscious, such as ssh or similar, may wish to use limited permissions, and may even want to check (with os.Lstator similar) that permissions are appropriately tight on important directories.
你必须在这里应用一些判断。具有特别安全意识的程序,例如 ssh 或类似程序,可能希望使用有限的权限,甚至可能希望(使用os.Lstat或类似方式)检查重要目录的权限是否适当。
(Note that the umask does not applyto os.Chmodcalls. Here youchoose the mode directly.)
(请注意,umask的不适来os.Chmod调用。在这里,你直接选择模式。)
回答by Jossef Harush
You can reset the umask to 0. I would call this as the first thing in my main file
您可以将 umask 重置为 0。我将其称为主文件中的第一件事
syscall.Umask(0)
Example
例子
_ = os.MkdirAll("/tmp/dirs/1", 0664)
syscall.Umask(0)
_ = os.MkdirAll("/tmp/dirs/2", 0664)
Result
结果
/tmp/dirs$ stat -c '%A %a %n' *
drw-r--r-- 644 1
drw-rw-r-- 664 2
