Last updated
To modify the ownership of (file/folder) use :
chown <user>:<group> </filename>
chgrp to change the group owner only.
After using these commands, use ls -l to ensure the changes.
Lets understand what are the permissions and what is their affect on files and directories.
Now after understanding the permissions lets learn how to give permissions to files and directories using the chmod command.
chmod 770 <f/d_name> -> we gave full permissions to user and group and nothing to others. 7 = 4+2+1 = rwx.
chmod u=rwx, g=rwx, o=r <f/d_name> -> Same thing but in another format and we gave the "others" read permission.
chmod a+x <f/d_name> -> we gave the execution permission for all.
chmod -R 750 <PATH> -> The "-R" option will grant the given permission recursively.
chmod ug+rw <filename> -> we gave user and group owner the rw perm.
lets make it simple and define umask in simpe english, umask is used to set the file permissions for newly created file.
Default file permissions is : 666
Default directory permissions is : 777
umask 052 -> as we've said above the file default permissions is 666 so if we run this command the file permissions for the newly created file will be 614 (666-022) same thing for directories, the new permission will set 725 (777-052).
using umask command is temporary, to make it persistent edit the umask in this files :
vim ~/.bashrc
vim ~/.bash_profile -> to change umask for a specific user.
vim /etc/profile -> to change umask for all users.
vim /etc/login.defs -as a root user.
add umask.sh under /etc/profile.d.
The utility of special permissions is very simple lemme explain it for you.
Just to make it more simpler, adding the Set-User-ID will permit you to run the file with the owner permission.
Now that we understand the special permissions lets learn how to use them.
chmod u+s <filename> | chmod 4750 <filename> -> adding SUID permission.
chmod g+s <f/d_name> | chmod 2750 <filename> -> adding SGID permission.
chmod +t <dirname> | chmod 1750 <dirname> -> adding the Sticky bit permission.
Access Control List is used to give a specific permission to a specific user or group or others.
Use :
getfacl <f/d_name> -> to get the file access control list of <filename>.
setfacl -R -m d g:redhat:rw- </webapp/myapp> -> -R refers to recursively, -m refers to modify, d refers to default. this command will give the redhat group the rw permissions recursively and by default for </webapp/myapp>.
File attributes are extra features you can use to tune a given file.
lsattr <filename> -> to list the attributes of the <filename>.
chattr <filename> -> to change the attributes of the <filename>.
Below is a summary of the most common attributes:
A -> When the file is accessed the atime is not update. Good for minimizing disk I/O on a laptop.
a -> When this file is opened, it is opened in append only mode for writing.
c -> This file is automatically compressed on the disk by the kernel.
i -> This file cannot be modified, renamed or deleted.
Now after we are done with explanation. lets do a small lab. -) as a root user create a file with name script under directory redhat. -) make redhat the group owner of this directory and chxmxii the owner. -)the owner of Redhat directory will have full permission while the group owner will have read and write only, others will have nothing. Also ensure that only the owner can delete the script file . -)the group students will have the read and write permission on this file. -)change the attributes so the script file cannot be modified, renamed or deleted.
Read (4)
Read
List
Write (2)
Modify
Delete/create
Execute (1)
Run
CD
SUID (4)
Run as owner
N/A
SGID(2)
Run as group owner
inherit directory
group owner
Sticky bit (1)
N/A
Delete only if owner
Learn how to modify a file ownership and permissions.