Linux permissions

From Ever changing code
Jump to navigation Jump to search

Permissions

  7      5      1
user   group  others
r+w+x  r+x    x
4+2+1  4+0+1  0+0+1  = 751

The permission mode is computed by adding up the following values for the user, the file group, and for everyone else. The diagram shows how.

Read    r 4 - Allowed to read files
Write   w 2 - Allowed to write/modify files
eXecute x 1 - Read/write/delete/modify/directory

It is easy to think of the permission settings as a series of bits

rwx rwx rwx = 111 111 111        rwx = 111 in binary = 7
rw- rw- rw- = 110 110 110        rw- = 110 in binary = 6
rwx --- --- = 111 000 000        r-x = 101 in binary = 5
                                 r-- = 100 in binary = 4

Special permissions

Sticky bit

Sticky Bit is mainly used on folders in order to avoid deletion of a folder and its content by other users though they having write permissions on the folder contents. If Sticky bit is enabled on a folder, the folder contents are deleted by only owner who created them and the root user. No one else can delete other users data in this folder(Where sticky bit is set). This is a security measure to avoid deletion of critical folders and their content(sub-folders and files), though other users have full permissions.

Set sticky bit
chmod o+t /opt/dump/ or chmod +t /opt/dump/
Set sticky bit numerical way
chmod 1757 /opt/dump/

Here in 1757, 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.

Sticky bit without Executable permissions

After setting Sticky Bit to a file/folder, if you see ‘T’ in the file permission area that indicates the file/folder does not have executable permissions for all users on that particular file/folder. so if you want executable permissions, Apply executable permissions to the file like chmod o+x /opt/dump/

Stickybit-non-executable
Sticky bit with Executable permissions
Stickybit-executable
Find all the Sticky Bit set files in Linux/Unix.
find / -perm +1000

SGID (Set Group ID up on execution)

Continue at http://www.linuxnix.com/2011/12/sgid-set-sgid-linuxunix.html

SUID (Set owner User ID up on execution)

SUID (Set owner User ID up on execution) is a special type of file permissions given to a file. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SUID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file owner rather that the user who is running it. In simple words users will get file owner’s permissions as well as owner UID and GID when executing a file/program/command.

http://www.linuxnix.com/2011/12/suid-set-suid-linuxunix.html