====== List Set And Change Standard Ugo Rwx Permissions ======
**General Information**
Ownership and permissions.
----
====== Permissions Overview ======
Permissions tools
* chmod => Change permissions for user, group, other, or all
* chown => Change user/group ownership
Chmod Modes
* symbolic => represent permissions via u,g,o,a
* octal => represent permissions with numbers
Change file1 ownership to rjones and group to student
chown rjones:student file1
* You can leave off either the username or group name if only changing one of them, but the colon (:) must remain if only changing the group owner.
----
===== List Permissions =====
ls -l
-rw-r--r--. 2 root root 0 Jun 20 15:11 file1
-rw-r--r--. 2 root root 0 Jun 20 15:11 file2
drwxr-xr-x. 3 root root 17 Jun 20 14:50 newdir
* First column => - (file), d (directory, l (symlink)
* Columns 2-4 => User owner permissions (rwx)
* Columns 5-7 => Group permissions (rwx)
* Columns 8-10 => Other permissions (rwx)
----
===== Change Permissions =====
==== Symbolic ====
* u => user owner
* g => group
* o => other users
* a => all users
Add write permissions to a file for the group
chmod g+w file1
Take away read permissions for others, for all of dir1 directory and its contents
chmod -R o-r dir1
* -R => recursively
Add execute permissions to directories only in a tree
chmod -R ug+X dir1
* For user owner and group => Adds execute to dir1 and all sub directories, not files.
----
==== Octal ====
* 4 => read
* 2 => write
* 1 => execute
* Add together to get permissions
Set file1 permissions using octal notation
chmod 740 file1
* user owner => read(4),write(2),execute(1) permissions (4+2+1=7)
* group => read(4) permissions
* others => no(0) permissions
----
===== Setuid, Setgid, sticky bits =====
* Setuid => execute file with owner's permissions
* Setgid => execute file with group's permissions (most often set on directories to keep files created in that dir owned by the group)
* Sticky bit => when set on a directory, prevents file deletion unless the user is the owner. (even if they have write permissions)
Add setuid to script1
chmod u+s script1
\\
Same scenario, octal mode
chmod 4740 script1
When there are four numbers in chmod, the first is for setuid/gid/stickybit:
* 4 => setuid
* 2 => setgid
* 1 => sticky bit
----
===== umask: default file/directory permissions =====
* umask permissions are "masking" the permissions that we don't want to have.
* New files will **not** be created with execute permissions by default.
* New directories **will** be created with execute permissions by default.
View current defaults
umask
0022
* Defaults show above are in octal
* Owner => 0 (don't mask any)
* Group => 2 (mask write permissions)
* Others => 2 (mask write permissions)
\\
The above yields a file with the following permissions by default:
-rw-r--r-- 1 user user 0 Jun 22 14:01 file1
\\
Temporarily change the default for this session only
umask 266
touch testfile
ls -l
dr-x--x--x 2 user user 4096 Jun 22 14:09 testdir
-r-------- 1 user user 0 Jun 22 14:08 testfile
\\
Permanent umask changes (system wide)
vim /etc/bashrc
vim /etc/profile
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi
* User accounts with a user id greater than 199 and the group name is the same as their username => umask of 002.
* All other users => umask of 022
* Note: Need to make this change in /etc/bashrc and /etc/profile
----