List Set And Change Standard Ugo Rwx Permissions
General Information
Ownership and permissions.
Permissions Overview
Permissions tools
- chmod ⇒ Change permissions for user, group, other, or all
- chown ⇒ Change user/group ownership
Chmod Modes
- symbolic ⇒ represent permissions via u,g,o,a
- octal ⇒ represent permissions with numbers
Change file1 ownership to rjones and group to student
chown rjones:student file1
- You can leave off either the username or group name if only changing one of them, but the colon (:) must remain if only changing the group owner.
List Permissions
ls -l -rw-r--r--. 2 root root 0 Jun 20 15:11 file1 -rw-r--r--. 2 root root 0 Jun 20 15:11 file2 drwxr-xr-x. 3 root root 17 Jun 20 14:50 newdir
- First column ⇒ - (file), d (directory, l (symlink)
- Columns 2-4 ⇒ User owner permissions (rwx)
- Columns 5-7 ⇒ Group permissions (rwx)
- Columns 8-10 ⇒ Other permissions (rwx)
Change Permissions
Symbolic
- u ⇒ user owner
- g ⇒ group
- o ⇒ other users
- a ⇒ all users
Add write permissions to a file for the group
chmod g+w file1
Take away read permissions for others, for all of dir1 directory and its contents
chmod -R o-r dir1
- -R ⇒ recursively
Add execute permissions to directories only in a tree
chmod -R ug+X dir1
- For user owner and group ⇒ Adds execute to dir1 and all sub directories, not files.
Octal
- 4 ⇒ read
- 2 ⇒ write
- 1 ⇒ execute
- Add together to get permissions
Set file1 permissions using octal notation
chmod 740 file1
- user owner ⇒ read(4),write(2),execute(1) permissions (4+2+1=7)
- group ⇒ read(4) permissions
- others ⇒ no(0) permissions
Setuid, Setgid, sticky bits
- Setuid ⇒ execute file with owner's permissions
- Setgid ⇒ execute file with group's permissions (most often set on directories to keep files created in that dir owned by the group)
- Sticky bit ⇒ when set on a directory, prevents file deletion unless the user is the owner. (even if they have write permissions)
Add setuid to script1
chmod u+s script1
Same scenario, octal mode
chmod 4740 script1
When there are four numbers in chmod, the first is for setuid/gid/stickybit:
- 4 ⇒ setuid
- 2 ⇒ setgid
- 1 ⇒ sticky bit
umask: default file/directory permissions
- umask permissions are “masking” the permissions that we don't want to have.
- New files will not be created with execute permissions by default.
- New directories will be created with execute permissions by default.
View current defaults
umask
0022
- Defaults show above are in octal
- Owner ⇒ 0 (don't mask any)
- Group ⇒ 2 (mask write permissions)
- Others ⇒ 2 (mask write permissions)
The above yields a file with the following permissions by default:
-rw-r--r-- 1 user user 0 Jun 22 14:01 file1
Temporarily change the default for this session only
umask 266 touch testfile ls -l dr-x--x--x 2 user user 4096 Jun 22 14:09 testdir -r-------- 1 user user 0 Jun 22 14:08 testfile
Permanent umask changes (system wide)
vim /etc/bashrc vim /etc/profile if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then umask 002 else umask 022 fi
- User accounts with a user id greater than 199 and the group name is the same as their username ⇒ umask of 002.
- All other users ⇒ umask of 022
- Note: Need to make this change in /etc/bashrc and /etc/profile