wiki

User Tools

Site Tools

Trace:
linux:file_perm

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux:file_perm [2021/08/17 15:56]
manu 		linux:file_perm [2021/08/17 18:12] (current)
manu
Line 1: Line 1:
 ====== Files/​directories permissions and ACL ====== ====== Files/​directories permissions and ACL ======
 +
 +Do not forget that all permissions are related to user ID and group ID, not name.
  
 ===== Standard file permissions ===== ===== Standard file permissions =====
Line 16: Line 18:
 manu@opensuse:​~>​ ls -l test* manu@opensuse:​~>​ ls -l test*
 -rw-r--r-- 1 manu users   0 Aug 17 12:01 test1 -rw-r--r-- 1 manu users   0 Aug 17 12:01 test1
 +</​cli>​
 +
 +3 commands that can be used to change permissions...
 +<cli>
 +chmod 644 <​file>​
 +chmod {ugo}{+,​-,​=}{rwx} <​file>​
 +chmod <​user>​{.:​}<​group>​ <​file>​
 +chgoup <​group>​ <​file>​
 </​cli>​ </​cli>​
  
Line 56: Line 66:
 drwxrws--T ​ 2 manu users     6 Aug 17 15:50 aaa drwxrws--T ​ 2 manu users     6 Aug 17 15:50 aaa
 </​cli>​ </​cli>​
 +
 +===== ACL =====
 +
 +ACL are enable on most latest newly created filesystems by default, you can check using **tune2fs -l <​logical_vol_name>​**
 +<cli prompt='#'>​
 +manu-opensuse:​~ # tune2fs -l /​dev/​mapper/​libraryvg-uncryptlv
 +tune2fs 1.43.8 (1-Jan-2018)
 +...
 +Default mount options: ​   user_xattr acl
 +</​cli>​
 +
 +
 +<cli prompt='>'>​
 +manu@opensuse:​~>​ umask
 +0022
 +</​cli>​
 +
 +New files will be created with permissions:​ 0777-0022=**0755 (rwxr-xr-x)**
 +
 +First bit is for special permissions
 +
 +List ACL on file or folder
 +<cli prompt='>'>​
 +manu@opensuse:​~>​ getfacl aaa
 +# file: aaa
 +# owner: manu
 +# group: users
 +# flags: --t
 +user::rwx
 +group::r-x
 +other::r-x
 +</​cli>​
 +
 +When are ACL used ?
 +<cli prompt='>'>​
 +manu@opensuse:​~>​ setfacl -R -m g:qemu:rx aaa
 +
 +manu@opensuse:​~>​ ls -l 
 +drwxr-xr-t+ ​ 2 manu users     6 Aug 17 15:50 aaa
 +</​cli>​
 +If you see the **+** at end of permissions,​ use **getfacl**,​ because **ls -l** doesn'​t knows ACL
 +<cli prompt='>'>​
 +manu@opensuse:​~>​ getfacl aaa
 +# file: aaa
 +# owner: manu
 +# group: users
 +# flags: --t
 +user::rwx
 +group::r-x
 +group:​qemu:​r-x
 +mask::r-x
 +other::r-x
 +</​cli>​
 +
 +If you use an **X** instead of **x**, execute applies only to directories,​ not for files 
 +
 +New files doesn'​t inherit ACL from foder, so add also a default policy **d:**
 +<cli prompt='>'>​
 +manu@opensuse:​~>​ setfacl -R -m d:g:qemu:rx aaa
 +manu@opensuse:​~>​ getfacl aaa
 +# file: aaa
 +# owner: manu
 +# group: users
 +# flags: --t
 +user::rwx
 +group::r-x
 +group:​qemu:​r-x
 +mask::r-x
 +other::r-x
 +default:​user::​rwx
 +default:​group::​r-x
 +default:​group:​qemu:​r-x
 +default:​mask::​r-x
 +default:​other::​r-x
 +</​cli>​
 +
 +===== User extended attribute =====
 +
 +If extended user attribute is enable on a file or folder, you 'll see a dot (.) at end of file proterties
 +<cli>
 +  -rw-r-----. 1 root root     32 Oct 15  2018 secret.key
 +</​cli>​
 +
 +lsattr <​file>​
 +
 +You can change a file to secure delete, immutable... check **chattr** command
linux/file_perm.1629208567.txt.gz ยท Last modified: 2021/08/17 15:56 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki