Golang中与drwxrwxr-x对应的os.FileMode是什么?

huangapple go评论111阅读模式
英文:

Golang os.FileMode corresponding to drwxrwxr-x?

问题

你可以将os.Mkdir的参数设置为0755,这将对应于权限drwxr-xr-x

英文:

Which os.FileMode values should I provide to os.Mkdir as an argument to have a permission corresponding to drwxrwxr-x?

答案1

得分: 4

Daniel Farrell的答案涵盖了模式的字面设置,但如果您在类Unix系统上工作,还有两个其他重要的要点:

  • 对于大多数情况(大多数文件),您应该使用0666
  • 对于大多数其他情况(大多数目录),您应该使用0777

某些Go代码检查器对此提出了抱怨,但它们只是错误的。😄

之所以每次都使用0666rw-rw-rw-)和0777rwxrwxrwx)是因为在类Unix系统上,新创建的文件是在umask设置下创建的。二进制程序请求的保护措施,例如0777总是会减少1 这种减少是基于umask设置的。

最宽松的umask设置是0。最少的是相当难用的0777常见的设置是077007022002

在umask中设置的位在底层文件权限中被清除。因此,umask设置为022意味着无论程序请求什么,文件最终都将不可写给组或其他用户。使用0666模式创建文件的程序最终得到的文件的实际模式是0644,或者rw-r--r--

如果用户希望授予组写权限,可以运行umask 2。现在,只有其他用户的w位将被清除,该文件的模式将为rw-rw-r--

umask设置为077会去除---rwxrwx:也就是说,我的文件和目录现在只对我私有(当然还有超级用户)。027中的一个会去除----w-rwx,因此新创建的文件现在是0640,而新创建的目录(使用0777)现在是0750,或者rwxr-x--

上述规则的一个不太常见的例外是在“未知安全性”区域创建的临时文件(例如os.CreateTemp文件)或包含任何敏感数据的文件,应该使用0600模式创建。然后可以将其写出而不必担心数据泄漏(通常除了超级用户),然后如果它们最终不是敏感的,可以使用正确的权限创建最终文件。

真正棘手的情况是当创建一个未知安全性的临时文件,然后能够将其重命名(而不是复制)为已知较低安全级别的文件时,您希望将文件的os.Chmod为应用用户umask后得到的最终模式。但这种情况非常罕见。


1在umask = 0的特殊情况下,不会删除任何位。因此,结果是原始值。但这正是用户想要的:将减少值为零。我们仍然在减少权限,只是在一个退化的情况下。

英文:

Daniel Farrell's answer covers the literal settings for modes, but if you're working on a Unix-like system, there are two other important points:

  • For most cases (most files), you should just use 0666.
  • For most of the remaining cases (most directories), you should just use 0777.

Certain Go code checkers complain about this, but they're just wrong. 😀

The reason to use 0666 (rw-rw-rw-) and 0777 (rwxrwxrwx) every time is that on Unix-like systems, newly created files are created under a umask setting. The protections that the binary program asks for, such as 0777, are always reduced.<sup>1</sup> The reduction is based on this umask setting.

The most permissive umask setting is 0. The least is the rather unusable 0777. The common settings are 077, 007, 022, and 002.

Bits that are set in the umask get cleared in the underlying file permissions. So a umask setting of 022 means that whatever the program asks for, the file winds up being not writable by Group or Other. A program that creates a file using 0666 mode winds up with a file whose actual mode is 0644, or rw-r--r--.

Should the user wish to grant group write permissions, they can run umask 2. Now only the Other w bit will be cleared and this file will be mode rw-rw-r--.

A umask setting of 077 takes away ---rwxrwx: that is, my files and directories are now private to me only (and the super-user of course). One of 027 takes away ----w-rwx, so that newly created files are now 0640, and newly created directories (that use 0777) are now 0750, or rwxr-x--.

One not-entirely-rare exception to the above rules is that temporary files created in areas of "unknown security" (os.CreateTemp files for instance), or files that contain any sensitive data, should be created with mode 0600. They can then be written out without worrying about the data leaking (except to the super-user as usual), and then if they turn out not to be sensitive after all, the final file can be created with the correct permissions.

The really tricky case is when creating a temporary file of unknown security which you are then able to rename (rather than copying) to a file of known-to-be-lower security level, where you'd like to os.Chmod the file to the final mode that you'd get by applying the user's umask. But that's pretty rare.


<sup>1</sup>In the special case of umask = 0, no bits are removed. So the result is the original value. But that's what the user wanted: to have the reduction be a zero-valued reduction. We're still reducing the permissions, just with a degenerate case.

答案2

得分: 3

drwxrwxr-x 表示文件权限。

每组 rwxr-x 等)在八进制字符串中表示为一个数字,其中 4 = r,2 = w,1 = x。因此,读取和写入组合为 6,读取和执行(例如 /bin 中的可执行文件)为 5,只读为 4。

对于文件,最常见的模式是:

0644 所有者具有读取和写入权限,组和其他用户只有读取权限。

对于目录,典型的模式是:

0755 所有者具有读取、写入(在其中创建文件)和执行(列出内容)权限,组和其他用户只有读取权限。

在你的情况下,你需要将组权限的数字加 2,以允许目录的组中的任何用户也能在该目录中创建文件。

英文:

drwxrwxr-x

each set of rwx (r-x, etc) is represented by one digit in an octal string where 4 = r, 2 = w, and 1=x. So Read and write combine to make 6, read and execute (eg executables in /bin are 5, and read-only is 4.

For files, the most common mode is:

0644 owner gets read and write, group and other get only read

And for directories, typical is:

0755 owner gets read, write (create within) and execute (list contents) , group and other get only read.

In your case, you'd need to add 2 to the Group digit to allow any users in the directory's Group to also create files in that directory.

huangapple
  • 本文由 发表于 2021年11月4日 13:00:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/69834706.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定