Differences
This shows you the differences between two versions of the page.
|
linux_wiki:list_set_and_change_standard_ugo_rwx_permissions [2016/02/29 23:00] billdozor [Setuid, Setgid, sticky bits] |
linux_wiki:list_set_and_change_standard_ugo_rwx_permissions [2019/05/25 23:50] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== List Set And Change Standard Ugo Rwx Permissions ====== | ||
| - | |||
| - | **General Information** | ||
| - | |||
| - | Ownership and permissions. | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ====== Permissions Overview ====== | ||
| - | |||
| - | Permissions tools | ||
| - | * chmod => Change permissions for user, group, other, or all | ||
| - | * chown => Change user/group ownership | ||
| - | |||
| - | Chmod Modes | ||
| - | * symbolic => represent permissions via u,g,o,a | ||
| - | * octal => represent permissions with numbers | ||
| - | |||
| - | Change file1 ownership to rjones and group to student | ||
| - | <code bash> | ||
| - | chown rjones: | ||
| - | </ | ||
| - | * You can leave off either the username or group name if only changing one of them, but the colon (:) must remain if only changing the group owner. | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== List Permissions ===== | ||
| - | |||
| - | <code bash> | ||
| - | ls -l | ||
| - | -rw-r--r--. 2 root root 0 Jun 20 15:11 file1 | ||
| - | -rw-r--r--. 2 root root 0 Jun 20 15:11 file2 | ||
| - | drwxr-xr-x. 3 root root 17 Jun 20 14:50 newdir | ||
| - | </ | ||
| - | * First column => - (file), d (directory, l (symlink) | ||
| - | * Columns 2-4 => User owner permissions (rwx) | ||
| - | * Columns 5-7 => Group permissions (rwx) | ||
| - | * Columns 8-10 => Other permissions (rwx) | ||
| - | |||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Change Permissions ===== | ||
| - | |||
| - | ==== Symbolic ==== | ||
| - | |||
| - | * u => user owner | ||
| - | * g => group | ||
| - | * o => other users | ||
| - | * a => all users | ||
| - | |||
| - | Add write permissions to a file for the group | ||
| - | <code bash> | ||
| - | chmod g+w file1 | ||
| - | </ | ||
| - | |||
| - | Take away read permissions for others, for all of dir1 directory and its contents | ||
| - | <code bash> | ||
| - | chmod -R o-r dir1 | ||
| - | </ | ||
| - | * -R => recursively | ||
| - | |||
| - | Add execute permissions to directories only in a tree | ||
| - | <code bash> | ||
| - | chmod -R ug+X dir1 | ||
| - | </ | ||
| - | * For user owner and group => Adds execute to dir1 and all sub directories, | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ==== Octal ==== | ||
| - | |||
| - | * 4 => read | ||
| - | * 2 => write | ||
| - | * 1 => execute | ||
| - | * Add together to get permissions | ||
| - | |||
| - | Set file1 permissions using octal notation | ||
| - | <code bash> | ||
| - | chmod 740 file1 | ||
| - | </ | ||
| - | * user owner => read(4), | ||
| - | * group => read(4) permissions | ||
| - | * others => no(0) permissions | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Setuid, Setgid, sticky bits ===== | ||
| - | |||
| - | * Setuid => execute file with owner' | ||
| - | * Setgid => execute file with group' | ||
| - | * Sticky bit => when set on a directory, prevents file deletion unless the user is the owner. (even if they have write permissions) | ||
| - | |||
| - | Add setuid to script1 | ||
| - | <code bash> | ||
| - | chmod u+s script1 | ||
| - | </ | ||
| - | |||
| - | \\ | ||
| - | Same scenario, octal mode | ||
| - | <code bash> | ||
| - | chmod 4740 script1 | ||
| - | </ | ||
| - | |||
| - | When there are four numbers in chmod, the first is for setuid/ | ||
| - | * 4 => setuid | ||
| - | * 2 => setgid | ||
| - | * 1 => sticky bit | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== umask: default file/ | ||
| - | |||
| - | * umask permissions are " | ||
| - | * New files will **not** be created with execute permissions by default. | ||
| - | * New directories **will** be created with execute permissions by default. | ||
| - | |||
| - | View current defaults | ||
| - | <code bash> | ||
| - | umask | ||
| - | 0022 | ||
| - | </ | ||
| - | * Defaults show above are in octal | ||
| - | * Owner => 0 (don't mask any) | ||
| - | * Group => 2 (mask write permissions) | ||
| - | * Others => 2 (mask write permissions) | ||
| - | |||
| - | The above yields a file with the following permissions by default: | ||
| - | <code bash> | ||
| - | -rw-r--r-- | ||
| - | </ | ||
| - | |||
| - | Temporarily change the default for this session only | ||
| - | <code bash> | ||
| - | umask 266 | ||
| - | |||
| - | touch testfile | ||
| - | ls -l | ||
| - | dr-x--x--x | ||
| - | -r-------- | ||
| - | </ | ||
| - | |||
| - | Permanent umask changes (system wide) | ||
| - | <code bash> | ||
| - | vim /etc/bashrc | ||
| - | vim / | ||
| - | |||
| - | if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then | ||
| - | umask 002 | ||
| - | else | ||
| - | umask 022 | ||
| - | fi | ||
| - | </ | ||
| - | * User accounts with a user id greater than 199 and the group name is the same as their username => umask of 002. | ||
| - | * All other users => umask of 022 | ||
| - | * Note: Need to make this change in /etc/bashrc and / | ||
| - | |||
| - | ---- | ||