Differences
This shows you the differences between two versions of the page.
linux_wiki:list_set_and_change_standard_ugo_rwx_permissions [2016/02/29 23:00] billdozor [Setuid, Setgid, sticky bits] |
linux_wiki:list_set_and_change_standard_ugo_rwx_permissions [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== List Set And Change Standard Ugo Rwx Permissions ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Ownership and permissions. | ||
- | |||
- | ---- | ||
- | |||
- | ====== Permissions Overview ====== | ||
- | |||
- | Permissions tools | ||
- | * chmod => Change permissions for user, group, other, or all | ||
- | * chown => Change user/group ownership | ||
- | |||
- | Chmod Modes | ||
- | * symbolic => represent permissions via u,g,o,a | ||
- | * octal => represent permissions with numbers | ||
- | |||
- | Change file1 ownership to rjones and group to student | ||
- | <code bash> | ||
- | chown rjones: | ||
- | </ | ||
- | * You can leave off either the username or group name if only changing one of them, but the colon (:) must remain if only changing the group owner. | ||
- | |||
- | ---- | ||
- | |||
- | ===== List Permissions ===== | ||
- | |||
- | <code bash> | ||
- | ls -l | ||
- | -rw-r--r--. 2 root root 0 Jun 20 15:11 file1 | ||
- | -rw-r--r--. 2 root root 0 Jun 20 15:11 file2 | ||
- | drwxr-xr-x. 3 root root 17 Jun 20 14:50 newdir | ||
- | </ | ||
- | * First column => - (file), d (directory, l (symlink) | ||
- | * Columns 2-4 => User owner permissions (rwx) | ||
- | * Columns 5-7 => Group permissions (rwx) | ||
- | * Columns 8-10 => Other permissions (rwx) | ||
- | |||
- | |||
- | ---- | ||
- | |||
- | ===== Change Permissions ===== | ||
- | |||
- | ==== Symbolic ==== | ||
- | |||
- | * u => user owner | ||
- | * g => group | ||
- | * o => other users | ||
- | * a => all users | ||
- | |||
- | Add write permissions to a file for the group | ||
- | <code bash> | ||
- | chmod g+w file1 | ||
- | </ | ||
- | |||
- | Take away read permissions for others, for all of dir1 directory and its contents | ||
- | <code bash> | ||
- | chmod -R o-r dir1 | ||
- | </ | ||
- | * -R => recursively | ||
- | |||
- | Add execute permissions to directories only in a tree | ||
- | <code bash> | ||
- | chmod -R ug+X dir1 | ||
- | </ | ||
- | * For user owner and group => Adds execute to dir1 and all sub directories, | ||
- | |||
- | ---- | ||
- | |||
- | ==== Octal ==== | ||
- | |||
- | * 4 => read | ||
- | * 2 => write | ||
- | * 1 => execute | ||
- | * Add together to get permissions | ||
- | |||
- | Set file1 permissions using octal notation | ||
- | <code bash> | ||
- | chmod 740 file1 | ||
- | </ | ||
- | * user owner => read(4), | ||
- | * group => read(4) permissions | ||
- | * others => no(0) permissions | ||
- | |||
- | ---- | ||
- | |||
- | ===== Setuid, Setgid, sticky bits ===== | ||
- | |||
- | * Setuid => execute file with owner' | ||
- | * Setgid => execute file with group' | ||
- | * Sticky bit => when set on a directory, prevents file deletion unless the user is the owner. (even if they have write permissions) | ||
- | |||
- | Add setuid to script1 | ||
- | <code bash> | ||
- | chmod u+s script1 | ||
- | </ | ||
- | |||
- | \\ | ||
- | Same scenario, octal mode | ||
- | <code bash> | ||
- | chmod 4740 script1 | ||
- | </ | ||
- | |||
- | When there are four numbers in chmod, the first is for setuid/ | ||
- | * 4 => setuid | ||
- | * 2 => setgid | ||
- | * 1 => sticky bit | ||
- | |||
- | ---- | ||
- | |||
- | ===== umask: default file/ | ||
- | |||
- | * umask permissions are " | ||
- | * New files will **not** be created with execute permissions by default. | ||
- | * New directories **will** be created with execute permissions by default. | ||
- | |||
- | View current defaults | ||
- | <code bash> | ||
- | umask | ||
- | 0022 | ||
- | </ | ||
- | * Defaults show above are in octal | ||
- | * Owner => 0 (don't mask any) | ||
- | * Group => 2 (mask write permissions) | ||
- | * Others => 2 (mask write permissions) | ||
- | |||
- | The above yields a file with the following permissions by default: | ||
- | <code bash> | ||
- | -rw-r--r-- | ||
- | </ | ||
- | |||
- | Temporarily change the default for this session only | ||
- | <code bash> | ||
- | umask 266 | ||
- | |||
- | touch testfile | ||
- | ls -l | ||
- | dr-x--x--x | ||
- | -r-------- | ||
- | </ | ||
- | |||
- | Permanent umask changes (system wide) | ||
- | <code bash> | ||
- | vim /etc/bashrc | ||
- | vim / | ||
- | |||
- | if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then | ||
- | umask 002 | ||
- | else | ||
- | umask 022 | ||
- | fi | ||
- | </ | ||
- | * User accounts with a user id greater than 199 and the group name is the same as their username => umask of 002. | ||
- | * All other users => umask of 022 | ||
- | * Note: Need to make this change in /etc/bashrc and / | ||
- | |||
- | ---- | ||