Differences

This shows you the differences between two versions of the page.

--- linux:file_perm [2021/08/17 15:47]
manu [Special permissions]
+++ linux:file_perm [2021/08/17 18:12] (current)
manu
@@ Line 1: / Line 1: @@
 ====== Files/directories permissions and ACL ======
+Do not forget that all permissions are related to user ID and group ID, not name.
 ===== Standard file permissions =====
@@ Line 16: / Line 18: @@
 manu@opensuse:~> ls -l test*
 -rw-r--r-- 1 manu users   0 Aug 17 12:01 test1
+</cli>
+commands that can be used to change permissions...
+<cli>
+chmod 644 <file>
+chmod {ugo}{+,-,=}{rwx} <file>
+chmod <user>{.:}<group> <file>
+chgoup <group> <file>
 </cli>
@@ Line 43: / Line 53: @@
 ==== Sticky bit ====
-Sticky bit: only user of the file or directory is authorized to remove the files inside the folder
+Sticky bit: only user of the file or directory is authorized to remove the files inside the folder. It's used in conjuction with GUID
-  chmod +t mydir/
+<cli prompt='#'>
+# chmod +t mydir/
+# ls -l
+drwxrwsr-t  2 manu users     6 Aug 17 15:50 aaa
+</cli>
+Now it can be useful to remove read access to others
+<cli prompt='#'>
+# chmod o-rx mydir
+# ls -l
+drwxrws--T  2 manu users     6 Aug 17 15:50 aaa
+</cli>
+===== ACL =====
+ACL are enable on most latest newly created filesystems by default, you can check using **tune2fs -l <logical_vol_name>**
+<cli prompt='#'>
+manu-opensuse:~ # tune2fs -l /dev/mapper/libraryvg-uncryptlv
+tune2fs 1.43.8 (1-Jan-2018)
+...
+Default mount options:    user_xattr acl
+</cli>
+<cli prompt='>'>
+manu@opensuse:~> umask
+
+</cli>
+New files will be created with permissions: 0777-0022=**0755 (rwxr-xr-x)**
+First bit is for special permissions
+List ACL on file or folder
+<cli prompt='>'>
+manu@opensuse:~> getfacl aaa
+# file: aaa
+# owner: manu
+# group: users
+# flags: --t
+user::rwx
+group::r-x
+other::r-x
+</cli>
+When are ACL used ?
+<cli prompt='>'>
+manu@opensuse:~> setfacl -R -m g:qemu:rx aaa
+manu@opensuse:~> ls -l
+drwxr-xr-t+  2 manu users     6 Aug 17 15:50 aaa
+</cli>
+If you see the **+** at end of permissions, use **getfacl**, because **ls -l** doesn't knows ACL
+<cli prompt='>'>
+manu@opensuse:~> getfacl aaa
+# file: aaa
+# owner: manu
+# group: users
+# flags: --t
+user::rwx
+group::r-x
+group:qemu:r-x
+mask::r-x
+other::r-x
+</cli>
+If you use an **X** instead of **x**, execute applies only to directories, not for files
+New files doesn't inherit ACL from foder, so add also a default policy **d:**
+<cli prompt='>'>
+manu@opensuse:~> setfacl -R -m d:g:qemu:rx aaa
+manu@opensuse:~> getfacl aaa
+# file: aaa
+# owner: manu
+# group: users
+# flags: --t
+user::rwx
+group::r-x
+group:qemu:r-x
+mask::r-x
+other::r-x
+default:user::rwx
+default:group::r-x
+default:group:qemu:r-x
+default:mask::r-x
+default:other::r-x
+</cli>
+===== User extended attribute =====
+If extended user attribute is enable on a file or folder, you 'll see a dot (.) at end of file proterties
+<cli>
+  -rw-r-----. 1 root root     32 Oct 15  2018 secret.key
+</cli>
+lsattr <file>
+You can change a file to secure delete, immutable... check **chattr** command

wiki

User Tools

Site Tools

Differences

Page Tools