https://www.stationx.net/linux-file-permissions-cheat-sheet/

https://abcofaix.wordpress.com/tag/sticky-bit/

When listing a file or folder on UNIX, using detailed view you 'll see the permissions and owner…

[root@aix01]/root# ls -lsa
   0 drwxr-x---    2 root     system          256 Aug 16 16:56 bar

The first character indicates the type of file:

  – : represents an ordinary file
  d: represents a directory
  l: symbolic link
  c: represents a character device file
  b: represents a block device file

The table below gives numbers for all permission types of a File/Directory.

2 ways to change unix permissions:

$ chmod u-x,g=rx,o+wx testfile
$ ls -l testfile
-rw-r-xrwx  1 user01  users 1024  Nov 2 00:10  testfile

$ chmod 647 testfile
$ ls -l testfile
-rw-r-xrwx  1 user01  users 1024  Nov 2 00:10  testfile

List file properties and octal permissions

$ stat testfile
  File: testfile
  Size: 256             Blocks: 0          IO Block: 4096   directory
Device: 8000002200000007h/9223372182883663879d  Inode: 774148      Links: 2
Access: (0647/-rw-r-xrwx)  Uid: ( 1000/  user01)   Gid: ( 1001/     mygroup01)
Access: 2023-08-17 09:59:39.000000000 +0200
Modify: 2022-04-11 11:06:46.000000000 +0200
Change: 2022-04-11 11:06:46.000000000 +0200
 Birth: -

Setuid, setgid, and the sticky bit can be tough for new and aspiring Linux admins to understand. It's easy enough to do a web search for the basic definitions:

• setuid: a bit that makes an executable run with the privileges of the owner of the file
• setgid: a bit that makes an executable run with the privileges of the group of the file
• sticky bit: a bit set on directories that allows only the owner or root can delete files and subdirectories

setuid example

A non-root user is not able to edit the passwd file, but every user can change his own password. This is due to 
the sticky bit positionned on the executable command **passwd**, Which 'll execute the passwd command as root,
because the sticky bit is positionned on the program

[root@srvadm01]/root# ll /etc/security/passwd
   4 -rw-------    1 root     system         1505 Jun 06 13:42 /etc/security/passwd

[root@srvadm01]/root# ll /usr/bin/passwd
  44 -r-sr-xr-x    1 root     security      44959 Feb 25 2022  /usr/bin/passwd

this special permission has a couple of functions:

• If set on a file, it allows the file to be executed as the group that owns the file (similar to SUID)
• If set on a directory, any files created in the directory will have their group ownership set to that of the directory owner

This permission does not affect individual files. However, at the directory level, it restricts file deletion. Only the owner (and root) of a file can remove the file within that directory.

2 ways to set special permissions:

• To do this using the symbolic method, we do the following:

[root@srvadm01]/root# chmod g+s community_content/

• Using the numerical method, we need to pass a fourth, preceding digit in our chmod command. The digit used is calculated similarly to the standard permission digits:

  Start at 0
  SUID = 4
  SGID = 2
  Sticky = 1

The syntax is:

chmod X### file | directory

Where X is the special permissions digit.

Here is the command to set SGID on community_content using the numerical method:

[root@srvadm01]/root# chmod 2770 community_content/
[root@srvadm01]/root# ls -ld community_content/
drwxrws---. 2 user01  staff 113 Apr  7 11:32 community_content/

[root@srvadm01]/root# find / -perm /6000 -type f

[root@srvadm01]/root# find / -type d -perm -1000 -exec ls -ld {} \;
drwxrwxrwt    1 root     system            7 Aug 16 15:06 /aha
drwxrwxrwt    1 root     system            3 Aug 16 15:06 /aha/mem
drwxr----t    3 oracle   dba             256 Apr 11 2022  /opt/admindev/oracle/product/19.5.0.0.191015-171/suptools/release/diag/tfa/tfactl
drwxr----T    2 oracle   dba             256 Apr 11 2022  /opt/admindev/oracle/product/19.5.0.0.191015-171/suptools/release/diag/tfa/tfactl/user_oracle/alert

Access Control List are not available on every kind of filesystems !

While creating an account on Unix, it assigns a owner ID and a group ID to each user. All the permissions mentioned above are also assigned based on the Owner and the Groups.

Changing owner

$ chown user02 testfile
$ ls -l testfile
-rw-r-xrwx  1 user02  users 1024  Nov 2 00:10  testfile

Changing group

$ chgrp mygroup01 testfile
$ ls -l testfile
-rw-r-xrwx  1 user02  mygroup01 1024  Nov 2 00:10  testfile

List owner and group of files and folders

[root@aix01]/export# ls -lsa
   0 drwxr-xr-x    2 root     staff           256 Sep 25 2015  powerlinux
   4 drwxrwxrwx   16 root     nobody         4096 Feb 22 2022  rear

List userID and groupID of files and folders

[root@aix01]/export# ls -n
drwxr-xr-x    2 0        1                 256 Sep 25 2015  powerlinux
drwxrwxrwx   16 0        4294967294       4096 Feb 22 2022  rear

Do not forget, UNIX/Linux use IDs, name of user is just a mapping from UserID (based on /etc/passwd)

When you create a file with a specific user, a umask will defined the base rights on the created file.

[lpar2rrd@aix01]/home/lpar2rrd# umask
022
[lpar2rrd@aix01]/home/lpar2rrd# touch testfile
[lpar2rrd@aix01]/home/lpar2rrd# ls -lsa
   0 -rw-r--r--    1 lpar2rrd staff             0 Aug 17 10:16 testfile

The flag consists of three octal digits, each representing the permissions masks for the user, the group, and others. The default permissions are determined by subtracting the umask value from ‘777’ for directories and ‘666’ for files. The default value of the umask is ‘022’.

My file is created with permissions 666-022=644

On AIX a umask is specified by default into /etc/security/user, you can specify one per user

# chuser umask=022 user01

On linux the default mask is defined into /etc/bashrc, maybe also into /etc/login.defs. For custom, you can either add into homedir from every user, or globaly by script, you can add it to /etc/bashrc

if [ $UID -gt 199 ] && [ $(/usr/bin/id -gn) == $(/usr/bin/id -un) ]
then
  umask 444
else
  umask 555
fi