Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-27 09:59:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/slackbook/html/filesystem-structure-permissions.html
Patrick J Volkerding 75a4a592e5 Slackware 13.37 
Mon Apr 25 13:37:00 UTC 2011
Slackware 13.37 x86_64 stable is released!

Thanks to everyone who pitched in on this release: the Slackware team,
the folks producing upstream code, and linuxquestions.org for providing
a great forum for collaboration and testing.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD.  Please consider supporting the Slackware
project by picking up a copy from store.slackware.com.  We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

As always, thanks to the Slackware community for testing, suggestions,
and feedback.  :-)

Have fun!
2018-05-31 22:45:18 +02:00

314 lines
11 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>Permissions</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="HOME" title="Slackware Linux Essentials" href="index.html" />
<link rel="UP" title="Filesystem Structure" href="filesystem-structure.html" />
<link rel="PREVIOUS" title="Filesystem Structure" href="filesystem-structure.html" />
<link rel="NEXT" title="Links" href="filesystem-structure-links.html" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<th colspan="3" align="center">Slackware Linux Essentials</th>
</tr>
<tr>
<td width="10%" align="left" valign="bottom"><a href="filesystem-structure.html"
accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom">Chapter 9 Filesystem Structure</td>
<td width="10%" align="right" valign="bottom"><a href="filesystem-structure-links.html"
accesskey="N">Next</a></td>
</tr>
</table>
<hr align="LEFT" width="100%" />
</div>
<div class="SECT1">
<h1 class="SECT1"><a id="FILESYSTEM-STRUCTURE-PERMISSIONS"
name="FILESYSTEM-STRUCTURE-PERMISSIONS">9.2 Permissions</a></h1>
<p>Permissions are the other important part of the multiuser aspects of the filesystem.
With these, you can change who can read, write, and execute files.</p>
<p>The permission information is stored as four octal digits, each specifying a different
set of permissions. There are owner permissions, group permissions, and world
permissions. The fourth octal digit is used to store special information such as set user
ID, set group ID, and the sticky bit. The octal values assigned to the permission modes
are (they also have letters associated with them that are displayed by programs such as
<tt class="COMMAND">ls</tt> and can be used by <tt class="COMMAND">chmod</tt>):</p>
<div class="TABLE"><a id="AEN3142" name="AEN3142"></a>
<p><b>Table 9-1. Octal Permission Values</b></p>
<table border="0" frame="void" class="CALSTABLE">
<col width="3*" />
<col width="1*" align="CENTER" />
<col width="1*" align="CENTER" />
<thead>
<tr>
<th>Permission Type</th>
<th>Octal Value</th>
<th>Letter Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>&#8220;sticky&#8221; bit</td>
<td>1</td>
<td>t</td>
</tr>
<tr>
<td>set user ID</td>
<td>4</td>
<td>s</td>
</tr>
<tr>
<td>set group ID</td>
<td>2</td>
<td>s</td>
</tr>
<tr>
<td>read</td>
<td>4</td>
<td>r</td>
</tr>
<tr>
<td>write</td>
<td>2</td>
<td>w</td>
</tr>
<tr>
<td>execute</td>
<td>1</td>
<td>x</td>
</tr>
</tbody>
</table>
</div>
<p>You add the octal values for each permission group. For example, if you want the group
permissions to be &#8220;read&#8221; and &#8220;write&#8221;, you would use
&#8220;6&#8221; in the group portion of the permission information.</p>
<p><tt class="COMMAND">bash</tt>'s default permissions are:</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /bin/bash</kbd>
-rwxr-xr-x 1 root bin 477692 Mar 21 19:57 /bin/bash
</pre>
</td>
</tr>
</table>
<p>The first dash would be replaced with a &#8220;d&#8221; if this was a directory. The
three permission groups (owner, group, and world) are displayed next. We see that the
owner has read, write, and execute permissions (<var class="LITERAL">rwx</var>). The
group has only read and execute (<var class="LITERAL">r-x</var>). And everyone else has
only read and execute (<var class="LITERAL">r-x</var>).</p>
<p>How would we set permissions on another file to resemble <tt
class="COMMAND">bash</tt>'s? First, let's make an example file:</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">touch /tmp/example</kbd>
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/example</kbd>
-rw-rw-r--- 1 david users 0 Apr 19 11:21 /tmp/example
</pre>
</td>
</tr>
</table>
<p>We will use <tt class="COMMAND">chmod</tt>(1) (which means &#8220;change mode&#8221;)
to set the permissions on the example file. Add the octal numbers for the permissions you
want. For the owner to have read, write, and execute, we would have a value of <var
class="LITERAL">7</var>. Read and execute would have <var class="LITERAL">5</var>. Run
those together and pass them to <tt class="COMMAND">chmod</tt> like this:</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod 755 /tmp/example</kbd>
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/example</kbd>
-rwxr-xr-x 1 david users 0 Apr 19 11:21 /tmp/example
</pre>
</td>
</tr>
</table>
<p>Now you may be thinking, &#8220;Why didn't it just create a file with those
permissions in the first place?&#8221; Well the answer is simple. <tt
class="COMMAND">bash</tt> includes a nice little built-in called <tt
class="COMMAND">umask</tt>. This is included with most Unix shells as well, and controls
what file permissions are assigned to newly created files. We discussed <tt
class="COMMAND">bash</tt> built-ins to some degree in <a
href="shell-bash.html#SHELL-BASH-ENVIRONMENT">Section 8.3.1</a>. <tt
class="COMMAND">umask</tt> takes a little getting used to. It works very similar to <tt
class="COMMAND">chmod</tt>, only in reverse. You specify the octal values you do not wish
to have present in newly created files. The default umask value is <var
class="LITERAL">0022</var>.</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">umask</kbd>
0022
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">umask 0077</kbd>
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">touch tempfile</kbd>
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l tempfile</kbd>
-rw-------- 1 david users 0 Apr 19 11:21 tempfile
</pre>
</td>
</tr>
</table>
<p>See the man page for <tt class="COMMAND">bash</tt> for more information.</p>
<p>To set special permissions with <tt class="COMMAND">chmod</tt>, add the numbers
together and place them in the first column. For example, to make it set user ID and set
group ID, we use 6 as the first column:</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod 6755 /tmp/example</kbd>
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/example</kbd>
-rwsr-sr-x 1 david users 0 Apr 19 11:21 /tmp/example
</pre>
</td>
</tr>
</table>
<p>If the octal values confuse you, you can use letters with <tt
class="COMMAND">chmod</tt>. The permission groups are represented as:</p>
<div class="INFORMALTABLE"><a id="AEN3246" name="AEN3246"></a>
<table border="0" frame="void" class="CALSTABLE">
<col />
<col />
<tbody>
<tr>
<td>Owner</td>
<td>u</td>
</tr>
<tr>
<td>Group</td>
<td>g</td>
</tr>
<tr>
<td>World</td>
<td>o</td>
</tr>
<tr>
<td>All of the above</td>
<td>a</td>
</tr>
</tbody>
</table>
</div>
<p>To do the above, we would have to use several command lines:</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod a+rx /tmp/example</kbd>
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod u+w /tmp/example</kbd>
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod ug+s /tmp/example</kbd>
</pre>
</td>
</tr>
</table>
<p>Some people prefer the letters over the numbers. Either way will result in the same
set of permissions.</p>
<p>The octal format is often faster, and the one you see most often used in shell
scripts. Sometimes the letters are more powerful however. For example, there's no easy
way to change one group of permissions while preserving the other groups on files and
directories when using the octal format. This is trivial with the letters.</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/</kbd>
-rwxr-xr-x 1 alan users 0 Apr 19 11:21 /tmp/example0
-rwxr-x--- 1 alan users 0 Apr 19 11:21 /tmp/example1
----r-xr-x 1 alan users 0 Apr 19 11:21 /tmp/example2
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod g-rwx /tmp/example?</kbd>
-rwx---r-x 1 alan users 0 Apr 19 11:21 /tmp/example0
-rwx------ 1 alan users 0 Apr 19 11:21 /tmp/example1
-------r-x 1 alan users 0 Apr 19 11:21 /tmp/example2
</pre>
</td>
</tr>
</table>
<p>We mentioned set user ID and set group ID permissions in several places above. You may
be wondering what this is. Normally when you run a program, it is operating under your
user account. That is, it has all the permissions that you as a user have. The same is
true for the group. When you run a program, it executes under your current group. With
set user ID permissions, you can force the program to always run as the program owner
(such as &#8220;root&#8221;). Set group ID is the same, but for the group.</p>
<p>Be careful with this, set user ID and set group ID programs can open major security
holes on your system. If you frequently set user ID programs that are owned by <tt
class="USERNAME">root</tt>, you are allowing anyone to run that program and run it as <tt
class="USERNAME">root</tt>. Since <tt class="USERNAME">root</tt> has no restrictions on
the system, you can see how this would pose a major security problem. In short, it's not
bad to use set user ID and set group ID permissions, just use common sense.</p>
</div>
<div class="NAVFOOTER">
<hr align="LEFT" width="100%" />
<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td width="33%" align="left" valign="top"><a href="filesystem-structure.html"
accesskey="P">Prev</a></td>
<td width="34%" align="center" valign="top"><a href="index.html"
accesskey="H">Home</a></td>
<td width="33%" align="right" valign="top"><a href="filesystem-structure-links.html"
accesskey="N">Next</a></td>
</tr>
<tr>
<td width="33%" align="left" valign="top">Filesystem Structure</td>
<td width="34%" align="center" valign="top"><a href="filesystem-structure.html"
accesskey="U">Up</a></td>
<td width="33%" align="right" valign="top">Links</td>
</tr>
</table>
</div>
</body>
</html>
Reference in a new issue View git blame Copy permalink