Linux Permission
File | Directory | |
Read (4) | Read | List |
Write (2) | Write ,modify | Create, Delete |
Execute (1) | Run (Can also read it) | cd (Can also read it) |
1) change the file owner
To change the file or directory owner : chown <user>:<group> <file or directory> // <group is optional>
To change the file or directory groups: chgrp <group> <file or directory>
2) change file permission
chmod xyz <filename>
x : owener permisson , it is the sum value of Read , write and Execute (4,2,1)
y: group permission
z: others permission
special chmod +t <directory>
+t is "sticky bit", it means the files in directory and subdirectory cannot be delted by other user unless the owner ; to clear it use chmod -t
bsc@ubuntu:/home/test$ sudo chmod +t account/
bsc@ubuntu:/home/test$ ls -lt
total 52
drwxrwx--T+ 2 root account 4096 Apr 19 13:22 account
3) File Permission example :
-rwxrwxrwx 1 bsc yu 11 Apr 19 05:42 test , the first - indicate it is file or directory, following rwx indictes the permission of read. write, and excute for owner, following rwx indicates the permissions of group, and last rwx indicate the permission for others.
t /user who is the owner can delte the file
4) File access control list
e.g if we want give rw permission to the account group for the dir named linda which belongs to sales group and owner linda
drwxr-xr-x 2 linda sales 4096 Apr 19 06:42 linda
bsc@ubuntu:/home$ sudo setfacl -R -m d:g:account:rx linda/ // -R apply the change to sub-directory, -m for change g:account:rx apply the rx permission to account user group. d flag will apply the permission to future new create file
bsc@ubuntu:/home$ ls -lt
drwxr-xr-x+ 2 linda sales 4096 Apr 19 06:42 linda , // + shows it has ACL applied
getacl <file name> // to check the acl of this file
5) attribute of file
e.g use chattr +i <file name> so that the file will be not changeable
use lsattr <file name> to check the file attribute
to change the file back, use chattr -i <file name>
6) Find file with spefici permission
find <path to search> -perm <+ or - or / or empty><permison numebr e.g 777>
e.g
bsc@ubuntu:/home/linda$ find ./ -perm 770 -exec ls -lt \;
-rwxrwx---+ 1 linda sales 11 Apr 19 07:00 test.txt
- without any + - or / indicate search the mode exactly 770 for user any
-
find . -perm /220
find . -perm /u+w,g+w
find . -perm /u=w,g=wAll three of these commands do the same thing, but the first one uses
the octal representation of the file mode, and the other two use the
symbolic form. These commands all search for files which are writable
by either their owner or their group. The files don't have to be
writable by both the owner and group to be matched; either will do