Effects of permissions on files and directories
| permission | effect on files | effect on directories |
|---|---|---|
| r(read) | contents of the file can be read | contents of the directory can by listed |
| w(write) | contents of the file can be changed | any file in the directory may be created or deleted |
| x(exec) | files can be executed as commands | contents of the directory can be accessed |
| special permission | ||
| u+s(suid) | File executes as the user that owns the file, not the user that ran the file. | No effect. |
| g+s(sgid) | File executes as the group that owns the file. | File newly created in the directory have their group owner set to match the group owner of the directory |
| o+t(sticky) | No effect. | Users with write on the directory can only remove files that they own; they cannot remove or force saves to files owned by other user. |
- note that users normally have both read and exec on read-only directories , so that they can list the directory and access its contents.
- If a user only has read access on a directory , the names of the files in it can be listed, but no other information, including permissions or time stamps, are available , nor can they be accessed.
- If a user only has exec access on a directory , they cannot list the names of the files in the directory, but if they already know the name of a file which they have permission to read , then they can access the contents of that file by explicitly specifying the file name.
- A file may be removed by anyone who has write permission to the directory in which the file reside, regardless of the ownership or permissions on the file itself.
- The command ls -l directoryname will show the expanded listing of all of the files that reside inside the directory . To prevent the descent into the directory and see the expanded listing of the directory itself.
Managing File System Permissions from the Command Line
- The command used to change permissions from the command line is chmod, short for "change mode".
- Symbolic method keywords
#chmod whowhatwhich file | directory
who is u, g, o, a(for user, group, other, all)
what is +, -, = (for add, remove, exactly)
which is r, w, x (for read, write, executable) - Numeric method
#chmod XXX file | directory
Each digit represents an access level : user, group, other.
X is sum of r=4, w=2, and x=1.
The chmod commands supports the -R option for recursively setting permissions on an entire directory tree. - File ownership can be changed with the chown command.
The chown command can used with -R option to recursively change the ownership of an entire directory tree.
The chown command can also be used to change group ownership of a file by preceding the group name with a colon(:).
Managing Default Permissions and File Access
Special permissions
- The setuid permission on an executable file means that the command will run as the user(or group)of the file, not as the user that ran the command.
- The sticky bit for a directory sets a special restriction on deletion of files: Only the owner of the file (and root) can delete files within the directory .
- setgid on a directory means that files created in the directory will inherit the group affiliation from the directory , rather than inheriting it from the creating user.
Default file permission
- Every process on the system has a umask, which is an octal bitmask that is used to clear the permissions of new files and directories that are created by the process.
- The umask command without arguments will display the current value of the shell's umask.
- For example, the previous umask, 0002, clears the write bit for other users. The leading zeros indicate the special, user, group permission are not cleared.
沒有留言:
張貼留言