Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
linux_wiki:list_set_and_change_standard_ugo_rwx_permissions [2016/02/28 22:58] billdozor created |
linux_wiki:list_set_and_change_standard_ugo_rwx_permissions [2016/02/29 23:00] billdozor [Setuid, Setgid, sticky bits] |
||
---|---|---|---|
Line 3: | Line 3: | ||
**General Information** | **General Information** | ||
- | About this page/ | + | Ownership and permissions. |
---- | ---- | ||
Line 43: | Line 43: | ||
===== Change Permissions ===== | ===== Change Permissions ===== | ||
- | === Symbolic === | + | ==== Symbolic |
* u => user owner | * u => user owner | ||
Line 67: | Line 67: | ||
* For user owner and group => Adds execute to dir1 and all sub directories, | * For user owner and group => Adds execute to dir1 and all sub directories, | ||
- | === Octal === | + | ---- |
+ | |||
+ | ==== Octal ==== | ||
* 4 => read | * 4 => read | ||
Line 81: | Line 83: | ||
* group => read(4) permissions | * group => read(4) permissions | ||
* others => no(0) permissions | * others => no(0) permissions | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Setuid, Setgid, sticky bits ===== | ||
+ | |||
+ | * Setuid => execute file with owner' | ||
+ | * Setgid => execute file with group' | ||
+ | * Sticky bit => when set on a directory, prevents file deletion unless the user is the owner. (even if they have write permissions) | ||
+ | |||
+ | Add setuid to script1 | ||
+ | <code bash> | ||
+ | chmod u+s script1 | ||
+ | </ | ||
+ | |||
+ | \\ | ||
+ | Same scenario, octal mode | ||
+ | <code bash> | ||
+ | chmod 4740 script1 | ||
+ | </ | ||
+ | |||
+ | When there are four numbers in chmod, the first is for setuid/ | ||
+ | * 4 => setuid | ||
+ | * 2 => setgid | ||
+ | * 1 => sticky bit | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== umask: default file/ | ||
+ | |||
+ | * umask permissions are " | ||
+ | * New files will **not** be created with execute permissions by default. | ||
+ | * New directories **will** be created with execute permissions by default. | ||
+ | |||
+ | View current defaults | ||
+ | <code bash> | ||
+ | umask | ||
+ | 0022 | ||
+ | </ | ||
+ | * Defaults show above are in octal | ||
+ | * Owner => 0 (don't mask any) | ||
+ | * Group => 2 (mask write permissions) | ||
+ | * Others => 2 (mask write permissions) | ||
+ | |||
+ | The above yields a file with the following permissions by default: | ||
+ | <code bash> | ||
+ | -rw-r--r-- | ||
+ | </ | ||
+ | |||
+ | Temporarily change the default for this session only | ||
+ | <code bash> | ||
+ | umask 266 | ||
+ | |||
+ | touch testfile | ||
+ | ls -l | ||
+ | dr-x--x--x | ||
+ | -r-------- | ||
+ | </ | ||
+ | |||
+ | Permanent umask changes (system wide) | ||
+ | <code bash> | ||
+ | vim /etc/bashrc | ||
+ | vim / | ||
+ | |||
+ | if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then | ||
+ | umask 002 | ||
+ | else | ||
+ | umask 022 | ||
+ | fi | ||
+ | </ | ||
+ | * User accounts with a user id greater than 199 and the group name is the same as their username => umask of 002. | ||
+ | * All other users => umask of 022 | ||
+ | * Note: Need to make this change in /etc/bashrc and / | ||
---- | ---- | ||