linux:file_perm
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:file_perm [2021/08/17 16:01] manu |
linux:file_perm [2021/08/17 18:12] (current) manu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Files/directories permissions and ACL ====== | ====== Files/directories permissions and ACL ====== | ||
| + | |||
| + | Do not forget that all permissions are related to user ID and group ID, not name. | ||
| ===== Standard file permissions ===== | ===== Standard file permissions ===== | ||
| Line 16: | Line 18: | ||
| manu@opensuse:~> ls -l test* | manu@opensuse:~> ls -l test* | ||
| -rw-r--r-- 1 manu users 0 Aug 17 12:01 test1 | -rw-r--r-- 1 manu users 0 Aug 17 12:01 test1 | ||
| + | </cli> | ||
| + | |||
| + | 3 commands that can be used to change permissions... | ||
| + | <cli> | ||
| + | chmod 644 <file> | ||
| + | chmod {ugo}{+,-,=}{rwx} <file> | ||
| + | chmod <user>{.:}<group> <file> | ||
| + | chgoup <group> <file> | ||
| </cli> | </cli> | ||
| Line 58: | Line 68: | ||
| ===== ACL ===== | ===== ACL ===== | ||
| + | |||
| + | ACL are enable on most latest newly created filesystems by default, you can check using **tune2fs -l <logical_vol_name>** | ||
| + | <cli prompt='#'> | ||
| + | manu-opensuse:~ # tune2fs -l /dev/mapper/libraryvg-uncryptlv | ||
| + | tune2fs 1.43.8 (1-Jan-2018) | ||
| + | ... | ||
| + | Default mount options: user_xattr acl | ||
| + | </cli> | ||
| + | |||
| <cli prompt='>'> | <cli prompt='>'> | ||
| Line 64: | Line 83: | ||
| </cli> | </cli> | ||
| - | New files will be created with permissions: 0777-0022=0755 | + | New files will be created with permissions: 0777-0022=**0755 (rwxr-xr-x)** |
| First bit is for special permissions | First bit is for special permissions | ||
| Line 79: | Line 98: | ||
| other::r-x | other::r-x | ||
| </cli> | </cli> | ||
| + | |||
| + | When are ACL used ? | ||
| + | <cli prompt='>'> | ||
| + | manu@opensuse:~> setfacl -R -m g:qemu:rx aaa | ||
| + | |||
| + | manu@opensuse:~> ls -l | ||
| + | drwxr-xr-t+ 2 manu users 6 Aug 17 15:50 aaa | ||
| + | </cli> | ||
| + | If you see the **+** at end of permissions, use **getfacl**, because **ls -l** doesn't knows ACL | ||
| + | <cli prompt='>'> | ||
| + | manu@opensuse:~> getfacl aaa | ||
| + | # file: aaa | ||
| + | # owner: manu | ||
| + | # group: users | ||
| + | # flags: --t | ||
| + | user::rwx | ||
| + | group::r-x | ||
| + | group:qemu:r-x | ||
| + | mask::r-x | ||
| + | other::r-x | ||
| + | </cli> | ||
| + | |||
| + | If you use an **X** instead of **x**, execute applies only to directories, not for files | ||
| + | |||
| + | New files doesn't inherit ACL from foder, so add also a default policy **d:** | ||
| + | <cli prompt='>'> | ||
| + | manu@opensuse:~> setfacl -R -m d:g:qemu:rx aaa | ||
| + | manu@opensuse:~> getfacl aaa | ||
| + | # file: aaa | ||
| + | # owner: manu | ||
| + | # group: users | ||
| + | # flags: --t | ||
| + | user::rwx | ||
| + | group::r-x | ||
| + | group:qemu:r-x | ||
| + | mask::r-x | ||
| + | other::r-x | ||
| + | default:user::rwx | ||
| + | default:group::r-x | ||
| + | default:group:qemu:r-x | ||
| + | default:mask::r-x | ||
| + | default:other::r-x | ||
| + | </cli> | ||
| + | |||
| + | ===== User extended attribute ===== | ||
| + | |||
| + | If extended user attribute is enable on a file or folder, you 'll see a dot (.) at end of file proterties | ||
| + | <cli> | ||
| + | -rw-r-----. 1 root root 32 Oct 15 2018 secret.key | ||
| + | </cli> | ||
| + | |||
| + | lsattr <file> | ||
| + | |||
| + | You can change a file to secure delete, immutable... check **chattr** command | ||
linux/file_perm.1629208890.txt.gz · Last modified: 2021/08/17 16:01 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
