File with 000 permission canbe read/ writtenby root.

与000权限的文件可以被读/写的根。

Everybody else cannotread/ write/ executethe file.

其他所有人都无法读取/写入/执行该文件。

root can do everything, others (with userid != 0) can't do anything. But anyone who has write access to the containing folder is allowed to delete the file. The owner can of course always change the flags and regain access anytime.

root 可以做任何事情，其他人（用户 ID ！= 0）不能做任何事情。但是任何对包含文件夹具有写访问权限的人都可以删除该文件。所有者当然可以随时更改标志并重新获得访问权限。

greybox:~ septi$ touch foo
greybox:~ septi$ chmod 000 foo
greybox:~ septi$ ls -l foo
----------  1 septi  staff  0 Apr  8 12:28 foo
greybox:~ septi$ cat foo
cat: foo: Permission denied
greybox:~ septi$ sudo ls -l foo
Password:
----------  1 septi  staff  0 Apr  8 12:28 foo
greybox:~ septi$ 

Permission can be XYZin which first Xis for Owner, second Yis for Group (a group of other users that you set up), third Zis for World (anyone else browsing around on the file system). They can have any of following permissions level:

权限可以是XYZ其中第一个X是所有者，第二个Y是组（您设置的其他用户组），第三个Z是世界（在文件系统上浏览的其他人）。他们可以具有以下任何权限级别：

0 = no permissions whatsoever; this person cannot read, write, or execute the file
1 = execute only
2 = write only
3 = write and execute (1+2)
4 = read only
5 = read and execute (4+1)
6 = read and write (4+2)
7 = read and write and execute (4+2+1)

So in your example: File with 000permission can be accessible [read/write] by root. Other than that no one can access[read/write] it.

所以在你的例子中：具有000权限的文件可以被 root 访问 [读/写]。除此之外，没有人可以访问[读/写]它。

If file/dir has permissions 000, then only root can do any changes to that file. Neither the owner nor others can make any changes. Owner can't even access the file/dir or delete the same.

如果文件/目录的权限为 000，则只有 root 可以对该文件进行任何更改。所有者或其他人都不能进行任何更改。所有者甚至无法访问文件/目录或删除相同的文件/目录。

1. As root, change the permissions of a file to 000. This file and its contents can only be accessed by root.
2. As a user, change the permissions of your own file. The file and its contents cannot be accessed by the user. But the root has full privileges on the file.

1. 作为 root，将文件的权限更改为 000。此文件及其内容只能由 root 访问。
2. 作为用户，更改您自己文件的权限。用户无法访问该文件及其内容。但是 root 对该文件具有完全权限。

Root can do anything but execute the file (outside removing the file if the file-system is mounted read-only or the file has some immutable flag set).

除了执行文件之外，Root 可以做任何事情（如果文件系统以只读方式挂载或文件设置了一些不可变标志，则除了删除文件之外）。

Non root users might change the file permission if they own it. They can still access the file if ACLs are set to allow it.

如果非 root 用户拥有文件权限，他们可能会更改文件权限。如果 ACL 设置为允许，他们仍然可以访问该文件。

Everyone is accurate above unless it is the following command.

除非是下面的命令，否则上面的每个人都是准确的。

    sudo chmod -R 000 /*

At this point, your computer is dead in the water because no commands can be executed since you have removed all RWX from every file. There is no safeguard when running this command. If you are curious run it inside a Vagrant box.

此时，您的计算机已经死在水中，因为您已经从每个文件中删除了所有 RWX，因此无法执行任何命令。运行此命令时没有保护措施。如果你好奇，可以在 Vagrant 盒子里运行它。

I love you all but ...

我爱你们所有人，但...

**root**@bob:~# ls -lah /etc/cron.hourly/                                                                                                                       
total 24K  
drwxr-xr-x   2 root root 4.0K Jun 16 05:23 .  
drwxr-xr-x 110 root root  12K Aug 25 21:26 ..  
**----------   1 root root  228 Aug 25 21:47 gcc.sh**  
-rw-r--r--   1 root root  102 Jun 11  2015 .placeholder  
**root**@bob:~# rm -Rf /etc/cron.hourly/gcc.sh  
**rm: cannot remove ‘/etc/cron.hourly/gcc.sh': Operation not permitted**  

so to remove this file (which is a trojan)
I did :

所以为了删除这个文件（这是一个木马），
我做了：

root@bob:~# lsattr /etc/cron.hourly/gcc.sh  
-----a---------- /etc/cron.hourly/gcc.sh  
root@bob:~# **chattr -a /etc/cron.hourly/gcc.sh**  
root@bob:~# lsattr /etc/cron.hourly/gcc.sh  
---------------- /etc/cron.hourly/gcc.sh  

then

然后

rm -Rf /etc/cron.hourly/gcc.sh  

was working

正在工作