Setting permissions
chmod permission_list target-file
- changes access permissions to files, including directories
user access
- user - or owner of file (real Id)
- group - group assignment of file
- users belong to primary group but can belong to other groups
- other - not owner and not member of assigned group.
- Note - mutually exclusive, file can be readable by others but not owner
file mode
- read - file is readable/copy-able. If binary, still gibberish if viewed.
- write - file can be changed
- executable - regular file, system can attempt to run file.
- executable - directory file, command can find actual location of file
and access it.
- setuid (suid) - allows command to run as if by owner (real-id) even if
run by non-owner (effective Id)
- setgid (sgid) - allows command to run as if by group even if started by
others
- sticky bit - directory, allows only root and creator of a file to delete
or move it.
Used on shared directories such as /tmp or printer spool directories.
- sticky bit - regular file, (obsolete) allowed file to stay in memory
after completion, tsr (terminate and stay resident)
permission type specifiers
- octal
| | u g o
| s g t | r w x r w x r w x 1 is on, 0 is off
| |
| 0 0 0 | 1 1 1 1 0 1 0 0 1 as binary values
| |
| | 7 5 1 as octal value.
chmod 751 target
There is a fourth field to the left of u,g,o that holds SUID, SGID, and
sticky bits. Normally not show, but can be changed.
- symbolically
u, g, o
r, w, x, s, t
+, -, =
These can be combined in various ways.
Numeric, 1 to 4 digts, left padded with zero. So normall,, a 3 oct value.
chmod 751 target-file[s]
sets all permissions for owner, read and execute for group,
execute for others
chmod 4751 target-file[s]
sets permissions as above and also suid bit.
Symbolic,
chmod u=rwx,g=rx,o=x target-file[s]
sets all permissions for owner, read and execute for group,
execute for others
chmod o=x target-file[s]
sets other's permission to execute only. user and group left as is.
chmod u+w target-file[s]
sets user's write permission for user on target. All other permissions
left as is.
chmod g-r target-file[s]
turns off group write access on target. All other permissions left as is.
chmod +r target-file[s]
turns on read permissions for user, group, other. all other permissions
left as is.
umask [octal-mapping]
- without [octal-mapping],
will list current mask.
- with [octal-mapping]
restricts permission on new file. No effect on existing files.
By default, certain types of files are assigned certain permissions.
- regular data files - read, write for all
- compiled executables - read, write, execute for all
- directories - read, write, execute for all
Use chmod to change permission of individual files.
Use umask to set a default maximum initial permission.
Set the bits in the umask to block the permission bits.
- umask 077 - doesn't restrict any user access
but blocks all access to group and other.
- if default of program is rw-rw-rw- then rw-------
- if default of program is rwxrwxrwx then rwx------
- umask 022 - doesn't restrict any user access
but restricts write access to group and other.
- if default of program is rw-rw-rw- then rw-r--r--
- if default of program is rwxrwxrwx then rwxr-xr-x
- can be run at prompt if different mask needed only for a while.
- can be put in .bashrc, so set every time a command shell is run.
umask [symbolic-mapping]
- GNU version of umask supports the symbolic form and behaves more like chmod.
umask u=rwx,g+rx,o-w
sets the umask to allow all permissions for user,
to allow read and execute and leave the write as is,
and to block write permissions for others.