====== List Set And Change Standard Ugo Rwx Permissions ======

**General Information**

Ownership and permissions. 

----

====== Permissions Overview ======

Permissions tools 
  * chmod => Change permissions for user, group, other, or all
  * chown => Change user/group ownership

Chmod Modes
  * symbolic => represent permissions via u,g,o,a
  * octal => represent permissions with numbers

Change file1 ownership to rjones and group to student
<code bash>
chown rjones:student file1
</code>
  * You can leave off either the username or group name if only changing one of them, but the colon (:) must remain if only changing the group owner.

----

===== List Permissions =====

<code bash>
ls -l
-rw-r--r--. 2 root root          0 Jun 20 15:11 file1
-rw-r--r--. 2 root root          0 Jun 20 15:11 file2
drwxr-xr-x. 3 root root         17 Jun 20 14:50 newdir
</code>
  * First column => - (file), d (directory, l (symlink)
  * Columns 2-4 => User owner permissions (rwx)
  * Columns 5-7 => Group permissions (rwx)
  * Columns 8-10 => Other permissions (rwx)


----

===== Change Permissions =====

==== Symbolic ====

  * u => user owner
  * g => group
  * o => other users
  * a => all users

Add write permissions to a file for the group
<code bash>
chmod g+w file1
</code>

Take away read permissions for others, for all of dir1 directory and its contents
<code bash>
chmod -R o-r dir1
</code>
  * -R => recursively

Add execute permissions to directories only in a tree
<code bash>
chmod -R ug+X dir1
</code>
  * For user owner and group => Adds execute to dir1 and all sub directories, not files.

----

==== Octal ====

  * 4 => read
  * 2 => write
  * 1 => execute
  * Add together to get permissions

Set file1 permissions using octal notation
<code bash>
chmod 740 file1
</code>
  * user owner => read(4),write(2),execute(1) permissions (4+2+1=7)
  * group => read(4) permissions
  * others => no(0) permissions

----

===== Setuid, Setgid, sticky bits =====

  * Setuid => execute file with owner's permissions
  * Setgid => execute file with group's permissions (most often set on directories to keep files created in that dir owned by the group)
  * Sticky bit => when set on a directory, prevents file deletion unless the user is the owner. (even if they have write permissions)

Add setuid to script1
<code bash>
chmod u+s script1
</code>

\\
Same scenario, octal mode
<code bash>
chmod 4740 script1
</code>

When there are four numbers in chmod, the first is for setuid/gid/stickybit:
  * 4 => setuid
  * 2 => setgid
  * 1 => sticky bit

----

===== umask: default file/directory permissions =====

  * umask permissions are "masking" the permissions that we don't want to have.
  * New files will **not** be created with execute permissions by default.
  * New directories **will** be created with execute permissions by default.

View current defaults
<code bash>
umask
0022
</code>
  * Defaults show above are in octal
  * Owner => 0 (don't mask any)
  * Group => 2 (mask write permissions)
  * Others => 2 (mask write permissions)

\\
The above yields a file with the following permissions by default:
<code bash>
-rw-r--r--   1 user user    0 Jun 22 14:01 file1
</code>

\\
Temporarily change the default for this session only
<code bash>
umask 266

touch testfile
ls -l
dr-x--x--x   2 user user 4096 Jun 22 14:09 testdir
-r--------   1 user user    0 Jun 22 14:08 testfile
</code>

\\
Permanent umask changes (system wide)
<code bash>
vim /etc/bashrc
vim /etc/profile

if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
       umask 002
    else
       umask 022
fi
</code>
  * User accounts with a user id greater than 199 and the group name is the same as their username => umask of 002.
  * All other users => umask of 022
  * Note: Need to make this change in /etc/bashrc and /etc/profile

----