英文:
os.Mkdir and os.MkdirAll permissions
问题
我试图在程序开始时创建一个日志文件。
我需要检查是否存在一个/log目录,如果不存在则创建该目录,然后继续创建日志文件。
我尝试使用os.Mkdir(以及os.MkdirAll),但无论我将什么值放入第二个参数中,都会得到一个没有权限的锁定文件夹。为了获得用户文件夹的读/写权限,该值应该是多少?我以为应该是0x700,但似乎不起作用。
谢谢!
英文:
I'm trying to create a log file at the start of my program.
I need to check if a /log directory exists if it doesn't create the directory then move on to creating the log file.
Well I tried to use os.Mkdir (as well as os.MkdirAll), but no matter what value I put into the second parameter I get a locked out folder with no permissions. What value should this be in order to get a read / write for user folder? I thought it would be 0x700 but it doesn't seem to work.
Thanks!
答案1
得分: 166
你可以直接使用八进制表示法:
os.Mkdir("dirname", 0700)
权限位
+-----+---+--------------------------+
| rwx | 7 | 读、写和执行 |
| rw- | 6 | 读、写 |
| r-x | 5 | 读和执行 |
| r-- | 4 | 读 |
| -wx | 3 | 写和执行 |
| -w- | 2 | 写 |
| --x | 1 | 执行 |
| --- | 0 | 没有权限 |
+------------------------------------+
+------------+------+-------+
| 权限 | 八进制 | 字段 |
+------------+------+-------+
| rwx------ | 0700 | 用户 |
| ---rwx--- | 0070 | 组 |
| ------rwx | 0007 | 其他 |
+------------+------+-------+
常见权限用法
0755 在Web服务器上常用。所有者可以读、写、执行。其他人可以读和执行,但不能修改文件。
0777 所有人都可以读、写和执行。在Web服务器上,不建议为文件和文件夹使用“777”权限,因为它允许任何人向您的服务器添加恶意代码。
0644 只有所有者可以读和写。其他人只能读。没有人可以执行该文件。
0655 只有所有者可以读和写,但不能执行该文件。其他人可以读和执行,但不能修改该文件。
www.maketecheasier.com/file-permissions-what-does-chmod-777-means/
Linux上的目录权限
在Linux上应用目录权限时,权限位的含义与普通文件不同。(来源)
读取位 用户可以读取目录中包含的文件名。
写入位 用户可以添加、重命名、删除文件名,如果执行位也被设置。
执行位 用户可以进入目录并访问其中的文件。
https://unix.stackexchange.com/a/21252
权限计算器
一个方便的权限计算器。
英文:
You can use octal notation directly:
os.Mkdir("dirname", 0700)
<br>
Permission Bits
+-----+---+--------------------------+
| rwx | 7 | Read, write and execute |
| rw- | 6 | Read, write |
| r-x | 5 | Read, and execute |
| r-- | 4 | Read, |
| -wx | 3 | Write and execute |
| -w- | 2 | Write |
| --x | 1 | Execute |
| --- | 0 | no permissions |
+------------------------------------+
+------------+------+-------+
| Permission | Octal| Field |
+------------+------+-------+
| rwx------ | 0700 | User |
| ---rwx--- | 0070 | Group |
| ------rwx | 0007 | Other |
+------------+------+-------+
A Unix Permission Primer
<br>
<br>
<br>
Common Permission Usages
0755 Commonly used on web servers. The owner can read, write, execute. Everyone else can read and execute but not modify the file.
0777 Everyone can read write and execute. On a web server, it is not advisable to use ‘777’ permission for your files and folders, as it allows anyone to add malicious code to your server.
0644 Only the owner can read and write. Everyone else can only read. No one can execute the file.
0655 Only the owner can read and write, but not execute the file. Everyone else can read and execute, but cannot modify the file.
www.maketecheasier.com/file-permissions-what-does-chmod-777-means/
<br>
Directory Permissions on Linux
When applying permissions to directories on Linux, the permission bits have different meanings than on regular files. (source)
Read bit The user can read the file names contained in the directory.<br>
Write bit The user can {add,rename,delete} files names IF the execute bit is set too.<br>
Execute bit The user can enter the directory and access the files inside.<br>
https://unix.stackexchange.com/a/21252
<br>
<br>
Permissions Calculator
A handy permissions calculator.
答案2
得分: 26
@Daniel在他的回答中的陈述并不完全正确,而且他提到了一个十进制数,然后使用了一个八进制数,正如@SashaCrofter在他的评论中正确指出的那样。
实际上,只要表示合理的Unix权限,你的权限值的形式并不重要。
由于POSIX文件系统上的权限位以三位一组的位来表示——三位用于所有者、组和其他人的访问权限,再加上三位修饰符(如粘滞位),因此习惯上使用八进制数来表示权限,因为八进制数中的每个数字表示一个三位值。
因此,当你在Go代码中使用0700时,前导的0会被去掉,只是告诉解析器它看到了一个八进制数字面量,接下来的三个数字代表所有者、组和其他人的权限,按照这个顺序。如果你想设置组粘滞位,并使文件系统对象可读和可执行,你可以指定02750等等。
请注意,文件系统对象实际获得的权限还受创建该对象的进程的活动umask的调节。
要更好地理解这些主题,最好阅读chmod手册页和关于类Unix操作系统的一般文献。
英文:
@Daniel's statement in his answer is not really correct, and also it talks about a decimal number and then uses an octal one, as @SashaCrofter correctly pointed out in his comment.
In reality, it doesn't matter what form your permission value is in as long as it represents sensible Unix permissions.
Since permission bits on POSIX file systems come in triples of bits — three bits for owner, group and others access, plus three bits of modifiers (such as sticky bits), — it's customary to use octal numbers to represent permissions as each digit in an octal number represents a three-bit value.
Hence, when you use 0700 in Go code, the leading 0 is stripped and is only there to tell the parser it sees an octal number literal, and the following three letters stand for the owner, group and others permissions, in this order. Should you, say, want to also set the group sticky bit as well as making the file system object group-readable and executable, you'd specify 02750 and so on.
Note that the actual permissions the file system object acquires is further modulated by the active umask of the process which creates the object.
To get more grip on these topics, it's best to read the chmod manual pages and general literature on Unix-like operating systems.
答案3
得分: 21
你可以将umask重置为0。我会在我的主文件中首先调用这个函数。
syscall.Umask(0)
示例
_ = os.MkdirAll("/tmp/dirs/1", 0664)
syscall.Umask(0)
_ = os.MkdirAll("/tmp/dirs/2", 0664)
结果
/tmp/dirs$ stat -c '%A %a %n' *
drw-r--r-- 644 1
drw-rw-r-- 664 2
英文:
You can reset the umask to 0. I would call this as the first thing in my main file
syscall.Umask(0)
Example
_ = os.MkdirAll("/tmp/dirs/1", 0664)
syscall.Umask(0)
_ = os.MkdirAll("/tmp/dirs/2", 0664)
Result
/tmp/dirs$ stat -c '%A %a %n' *
drw-r--r-- 644 1
drw-rw-r-- 664 2
答案4
得分: 13
除了其他答案之外,请记住在Unix和Linux风格的操作系统上,所有程序都以umask设置运行。umask在许多情况下默认为022或有时为002,它是系统将从文件和目录创建请求中自动删除的权限集。
这意味着大多数程序(有几个例外)应该使用模式0666来创建文件,使用模式0777来创建目录。用户的配置在运行过程中记录,指定了要去除哪些权限。如果用户的设置是022,并且我们使用模式0666创建文件,实际设置将变为rw-r--r--:用户可读写,组只读,其他人只读。
如果用户希望将可写性扩展到他们的组,他们只需要将umask设置为2:现在他们去除了其他人的写权限,但保留了组的写权限。新文件现在以模式rw-rw-r--创建。程序不会改变:它仍然使用0666作为模式。但是文件将以模式0664创建。
类似地,如果您使用os.Mkdir或os.MkdirAll调用0777,umask将去除不需要的权限,使您获得正确的权限。
但是我提到了有例外情况。这些包括仅用于用户的敏感信息副本的程序:这些程序通常应该使用模式0700用于目录和0600用于文件。它们可能包括充当系统用户而不是任何一个个体的长时间运行的服务器...尽管这些服务器可以使用正确的umask运行,在这种情况下,0777或0666都可以。
在这里,您必须进行一些判断。特别注重安全性的程序,例如ssh或类似程序,可能希望使用有限的权限,并且甚至可能希望检查(使用os.Lstat或类似方法)重要目录的权限是否适当严格。
(请注意,umask不适用于os.Chmod调用。在这里,您直接选择模式。)
英文:
Besides the other answers, remember that on Unix and Linux style operating systems, all programs run with a umask setting. The umask, which in many cases defaults to 022 or sometimes 002, is the set of permissions that the system will automatically remove from file and directory creation requests.
What this means is that most programs–there are several exceptions to this rule—should use mode 0666 for creating files and mode 0777 for creating directories. The user's configuration, recorded in the running process, says which of these permissions to take away. If the user's setting is 022, and we create a file with mode 0666, the actual setting we get is rw-r--r--: read and write for the user, read-only for the group, and read-only for others.
If a user wishes to extend writability to their group, they need only set their umask to 2: now they take away write permission for others, but leave it for their group. New files are now created with mode rw-rw-r--. The program does not change: it still uses 0666 for its mode. But the files are created with mode 0664.
Similarly, if you call os.Mkdir or os.MkdirAll with 0777, the umask will take away the unwanted permissions, leaving you with the right permissions.
But I mentioned that there are exceptions. These include programs that make copies of sensitive information meant only for the user: these should generally use mode 0700 for directories and 0600 for files. They may include long-running servers that act as a system user rather than any one individual ... although those servers could be run with a correct umask, in which case, 0777 or 0666 is fine.
You must apply some judgment here. Programs that are especially security-conscious, such as ssh or similar, may wish to use limited permissions, and may even want to check (with os.Lstat or similar) that permissions are appropriately tight on important directories.
(Note that the umask does not apply to os.Chmod calls. Here you choose the mode directly.)
答案5
得分: 4
一种确保您设置所需权限的方法,而无需计算八进制的复杂计算,是使用包os中非常方便的FileMode常量:
https://golang.org/pkg/os/#FileMode
我通常使用os.ModePerm(实际上编码为0777)来完全允许目录,例如缓存或临时文件所需的目录,但您的情况可能有所不同。要设置附加位(粘滞位等),正如@kostix所指出的,必须处理Go中标志的八进制表示问题,您可以始终使用类似以下的代码:
if err := os.MkdirAll("my/tmp/dir", os.ModeSticky|os.ModePerm); err != nil {
... 处理错误 ...
}
与往常一样,值得再次提到,这些权限会受到已设置的umask的影响。
英文:
One way to make sure that you're setting the kind of permissions you want, without figuring out the complex calculations in octal, is to use the very convenient FileMode constants in package os:
https://golang.org/pkg/os/#FileMode
I usually use os.ModePerm (which is actually coded as 0777) for fully permissive directories, such as those required for caches or temporary files, but your mileage may vary. To set the additional bits (sticky, etc.), which, as @kostix has noted, has to deal with the issue of octal representation of flags in Go, you can always use something like:
if err := os.MkdirAll("my/tmp/dir", os.ModeSticky|os.ModePerm); err != nil {
... handle error ...
}
As always, it's worth mentioning again that these permissions are 'filtered' by whatever umask has been set.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论