Home COMSC-171 <- Prev Next ->

Permissions

Subject

user
symbol u
if user matches then user rights apply, no other checks performed
group
symbol g
if user does not match and group matches then group rights apply, no other checks performed
other
symbol o
if user does not match and group does not match then other rights apply

Rights

read
symbol r, numeric value 4
for files allows reading contents (cat, cp, open in editor, etc.)
for directories allows reading filenames (ls, etc.)
write
symbol w, numeric value 2
for files allows changing contents (cat >, save from editor, etc.)
for directories allows changing filenames (mv, rm, etc.)
execute
symbol x, numeric value 1
for files allows running contents as a program
for directories allows making working directory (cd, etc.)
not allowed
symbol -, numeric value 0

Examples

long listing output
char 1 is type: - is ordinary file, d is directory, l is symbolic link (shortcut)
chars 2-4 are user permissions
chars 5-7 are group permissions
chars 8-10 are other permissions
remainder is number of hard links (other names), user, group, size, date, name
ls -ld /etc/ ls -ld /etc/passwd ls -ld /etc/os-release

Change Permissions

subject
any combination of u, g, o (or a for all)
action
+ means add specified permissions, leave unspecified permissions unchanged
- means remove specified permissions, leave unspecified permissions unchanged
= means set permissions as specified
rights
any combination of r, w, x (cannot use a here)
# many of these commands are intended to produce permission errors touch file1 file2 # create two files chmod 640 file[12] # set permissions to rw-r----- ls -l file[12] chmod u-r file1 # remove read permission for yourself ls -l file1 cat file1 # you can't read it now chmod u-w file2 # remove write permission for yourself ls -l file2 cat >> file2 # now you can't write to it cat > file3 # create a trivial shell script echo done Ctrl+d ls -l file3 # by default this text file is not executable ./file3 # can't execute chmod a+x file3 # add execute permission ls -l file3 ./file3 # it should execute now (prints done) mkdir dir1 # make a new directory cp file[123] dir1 ls -ld dir1 # dir1 should be rwx for the owner (you) chmod a-r dir1 # remove read permission ls -ld dir1 ls -l dir1 # now you can't read the directory cat dir1/file3 # you can still read a file here if you know its name chmod a+r,a-x dir1 # restore read permission, remove execute permission ls -ld dir1 cd dir1 # now you can't do this chmod a+x,a-w dir1 # restore execute permission, remove write permission ls -ld dir1 rm dir1/file3 # now you can't delete a file here mv dir1/file3 dir1/file4 # you can't rename a file here cat > dir1/file4 # you can't create a new file here cat >> dir1/file3 # but you can still write to an existing file echo really Ctrl+d

Set Default Permissions

new file defaults
ordinary files: 666 (rw-rw-rw-)
directories, compiler output: 777 (rwxrwxrwx)
user mask (shell built-in) removes specified permissions on new files
no effect on existing files
umask # shows current value cat > file1 # create a new file qwerty # type these (or any other) printable characters Ctrl+d # end of input ls -l # notice the permissions of file1 umask 077 # change default permissions cat > file2 # create another new file qwerty Ctrl+d ls -l file[12] # file1 is unchanged, file2 permissions are different

Access Control Lists

ACL entry
type:qualifier:permissions
type
user, group, other names the receiver of the permissions
mask specifies maximum permissions for users and groups
qualifier
a user name or UID for user type
a group name or GID for group type
empty for mask and other types
permissions
r, w, x
# for details run man acl, man getfacl, man setfacl getfacl file1 # shows ACL setfacl -m mask::rwx file1 # modifies ACL entry, sets mask to rwx getfacl file1 setfacl -m user:nobody:--- file1 # user nobody no permissions getfacl file1 setfacl -m group:ftp:r-- file1 # group ftp read only getfacl file1 setfacl -x user:nobody file1 # removes an ACL entry. setfacl -x group:ftp file1 getfacl file1 rm -Rf dir1 file[123] # clean up