linux poison RSS
linux poison Email

File Access Permissions on Linux

File protection with chmod
chmod 400 file    To protect a file against accidental overwriting.
chmod 500 dir     To protect yourself from accidentally removing,  renaming or moving files from this directory.
chmod 600 file    A private file only changeable by the user who entered this command.
chmod 644 file    A publicly readable file that can only be changed by the issuing user.
chmod 660 file    Users belonging to your group can change this files, others don't have any access to it at all.
chmod 700 file    Protects a file against any access from other users, while the issuing user still has full access.
chmod 755 dir     For files that should be readable and executable by others, but only changeable by the issuing user.
chmod 775 file    Standard file sharing mode for a group.
chmod 777 file    Everybody can do everything to this file. 

Special modes sticky bit
         sticky bit
        chmod +t
         when set on
        file:  if sticky bit set, after job execution, the command is kept in memory
        directory: can only change files in this dir when user is owner of the file or has  appropriate permissions see /tmp

Special modes set id
         set user id bit SUID
        chmod u+s
         set group id bit (SGID)
        chmod g+s
         when set on
        binary file: when run it runs with the group and or user of the file not the group/user of the person running it.
        directory: (SGID only) every file created in the directory takes same group as the directory, not the  creator's group. 
            note: existing and copied files keep their group id)

Special modes numeric (octal) representation
0 setuid, setgid, sticky bits are cleared
1 sticky bit is set
2 setgid bit is set
3 setgid and sticky bits are set
4 setuid bit is set
5 setuid and sticky bits are set
6 setuid and setgid bits are set
7 setuid, setgid, sticky bits are set

Special modes textual representation
         SUID: If set, then replaces "x" in the owner permissions to "s", if owner has execute ermissions, or to "S" otherwise. Examples:
-rws------ both owner execute and SUID are set
-r-S------ SUID is set, but owner execute is not set
         SGID: If set, then replaces "x" in the group permissions to "s", if group has execute permissions, or to "S" otherwise. Examples:
-rwxrws--- both group execute and SGID are set
-rwxr-S--- SGID is set, but group execute not set
         Sticky bit: If set, then replaces "x" in the others permissions to "t", if others have execute permissions, or to "T" otherwise. Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set


0 comments:

Post a Comment

Related Posts with Thumbnails