unix:file_permissions
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
unix:file_permissions [2023/08/17 09:39] manu [UNIX/Linux File Permissions] |
unix:file_permissions [2023/08/17 11:00] (current) manu [Umask: file creation rights] |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| - | ===== UNIX/Linux File Permissions ===== | + | ===== UNIX/Linux standard Permissions ===== |
| When listing a file or folder on UNIX, using detailed view you 'll see the permissions and owner... | When listing a file or folder on UNIX, using detailed view you 'll see the permissions and owner... | ||
| Line 17: | Line 17: | ||
| {{unix:unix_file_permissions02.png?650|}} | {{unix:unix_file_permissions02.png?650|}} | ||
| + | |||
| + | The first character indicates the type of file: | ||
| + | – : represents an ordinary file | ||
| + | d: represents a directory | ||
| + | l: symbolic link | ||
| + | c: represents a character device file | ||
| + | b: represents a block device file | ||
| + | |||
| The table below gives numbers for all permission types of a File/Directory. | The table below gives numbers for all permission types of a File/Directory. | ||
| Line 30: | Line 38: | ||
| 2 ways to change unix permissions: | 2 ways to change unix permissions: | ||
| + | |||
| + | === Adding or remove rights === | ||
| + | |||
| <cli prompt='$'> | <cli prompt='$'> | ||
| $ chmod u-x,g=rx,o+wx testfile | $ chmod u-x,g=rx,o+wx testfile | ||
| $ ls -l testfile | $ ls -l testfile | ||
| -rw-r-xrwx 1 user01 users 1024 Nov 2 00:10 testfile | -rw-r-xrwx 1 user01 users 1024 Nov 2 00:10 testfile | ||
| + | </cli> | ||
| + | |||
| + | === Using absolute permissions (octal) === | ||
| + | |||
| + | <cli prompt='$'> | ||
| + | $ chmod 647 testfile | ||
| + | $ ls -l testfile | ||
| + | -rw-r-xrwx 1 user01 users 1024 Nov 2 00:10 testfile | ||
| + | </cli> | ||
| + | |||
| + | List file properties and octal permissions | ||
| + | <cli prompt='$'> | ||
| + | $ stat testfile | ||
| + | File: testfile | ||
| + | Size: 256 Blocks: 0 IO Block: 4096 directory | ||
| + | Device: 8000002200000007h/9223372182883663879d Inode: 774148 Links: 2 | ||
| + | Access: (0647/-rw-r-xrwx) Uid: ( 1000/ user01) Gid: ( 1001/ mygroup01) | ||
| + | Access: 2023-08-17 09:59:39.000000000 +0200 | ||
| + | Modify: 2022-04-11 11:06:46.000000000 +0200 | ||
| + | Change: 2022-04-11 11:06:46.000000000 +0200 | ||
| + | Birth: - | ||
| </cli> | </cli> | ||
| Line 110: | Line 142: | ||
| drwxr----T 2 oracle dba 256 Apr 11 2022 /opt/admindev/oracle/product/19.5.0.0.191015-171/suptools/release/diag/tfa/tfactl/user_oracle/alert | drwxr----T 2 oracle dba 256 Apr 11 2022 /opt/admindev/oracle/product/19.5.0.0.191015-171/suptools/release/diag/tfa/tfactl/user_oracle/alert | ||
| </cli> | </cli> | ||
| + | |||
| + | ===== Advanced permission: ACL (access control list) ===== | ||
| + | |||
| + | Access Control List are not available on every kind of filesystems ! | ||
| + | ===== Ownership and groups ===== | ||
| + | |||
| + | While creating an account on Unix, it assigns a **owner ID** and a **group ID** to each user. All the permissions mentioned above are also assigned based on the Owner and the Groups. | ||
| + | |||
| + | Changing owner | ||
| + | <cli prompt='$'> | ||
| + | $ chown user02 testfile | ||
| + | $ ls -l testfile | ||
| + | -rw-r-xrwx 1 user02 users 1024 Nov 2 00:10 testfile | ||
| + | </cli> | ||
| + | |||
| + | Changing group | ||
| + | <cli prompt='$'> | ||
| + | $ chgrp mygroup01 testfile | ||
| + | $ ls -l testfile | ||
| + | -rw-r-xrwx 1 user02 mygroup01 1024 Nov 2 00:10 testfile | ||
| + | </cli> | ||
| + | |||
| + | List owner and group of files and folders | ||
| + | <cli prompt='#'> | ||
| + | [root@aix01]/export# ls -lsa | ||
| + | 0 drwxr-xr-x 2 root staff 256 Sep 25 2015 powerlinux | ||
| + | 4 drwxrwxrwx 16 root nobody 4096 Feb 22 2022 rear | ||
| + | </cli> | ||
| + | |||
| + | List userID and groupID of files and folders | ||
| + | <cli prompt='#'> | ||
| + | [root@aix01]/export# ls -n | ||
| + | drwxr-xr-x 2 0 1 256 Sep 25 2015 powerlinux | ||
| + | drwxrwxrwx 16 0 4294967294 4096 Feb 22 2022 rear | ||
| + | </cli> | ||
| + | |||
| + | FIXME Do not forget, UNIX/Linux use IDs, name of user is just a mapping from UserID (based on /etc/passwd) | ||
| + | |||
| + | ==== Umask: file creation rights ==== | ||
| + | |||
| + | When you create a file with a specific user, a umask will defined the base rights on the created file. | ||
| + | <cli prompt='#'> | ||
| + | [lpar2rrd@aix01]/home/lpar2rrd# umask | ||
| + | 022 | ||
| + | [lpar2rrd@aix01]/home/lpar2rrd# touch testfile | ||
| + | [lpar2rrd@aix01]/home/lpar2rrd# ls -lsa | ||
| + | 0 -rw-r--r-- 1 lpar2rrd staff 0 Aug 17 10:16 testfile | ||
| + | </cli> | ||
| + | |||
| + | The flag consists of three octal digits, each representing the permissions masks for the user, the group, and others. The default permissions are determined by subtracting the umask value from ‘777’ for directories and ‘666’ for files. The default value of the umask is ‘022’. | ||
| + | |||
| + | My file is created with permissions **666-022=644** | ||
| + | |||
| + | On **AIX** a umask is specified by default into **/etc/security/user**, you can specify one per user | ||
| + | # chuser umask=022 user01 | ||
| + | | ||
| + | On **linux** the default mask is defined into **/etc/bashrc**, maybe also into **/etc/login.defs**. For custom, you can either add into homedir from every user, or globaly by script, you can add it to /etc/bashrc | ||
| + | <code> | ||
| + | if [ $UID -gt 199 ] && [ $(/usr/bin/id -gn) == $(/usr/bin/id -un) ] | ||
| + | then | ||
| + | umask 444 | ||
| + | else | ||
| + | umask 555 | ||
| + | fi | ||
| + | </code> | ||
| + | |||
unix/file_permissions.1692257945.txt.gz · Last modified: 2023/08/17 09:39 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
