r (read) : list directory contents w (write) : add or remove files to/from directory x (execute): search for a known file in directory. WB4 Ch4: Directory Ownerships & Permissions In RHEL, a users home directory:
is protected from searching by other users has default permissions rwx------. WB4 Ch4: Directory Ownerships & Permissions A ~/pub directory:
overcomes limitations of /tmp files removed if not accessed for 10 days is a permanent publicly accessible location requires granting x permission to ~ WB4 Ch4: Directory Ownerships & Permissions Remember to protect your Homes other subdirectories:
Ex: chmod o-rx ~/mail
Without a directorys r permission, users can NOT ls the directorys contents. But, users can still guess the contents, if they have the x permission for the directory. WB4 Ch5: chmod Revisited: Octal Notation Whats the effect of:
chmod ug=rx foo
user and group owner permissions set to rx if user and group owner had w, it is removed others permissions remain as is. WB4 Ch5: chmod Revisited: Octal Notation When using octal notation with chmod, use a 3 digit octal number, 1 digit for each of the 3 access classes.
Ex: chmod 664 myFile user owner group owner other Permission Binary Value Octal Value r 100 4 w 010 2 x 001 1 - 000 0 WB4 Ch5: chmod Revisited: Octal Notation Permissions have corresponding octal & binary values. Permissions for an access class Binary Octal --- 000 0 = 0 + 0 + 0 --x 001 1 = 0 + 0 + 1 -w- 010 2 = 0 + 2 + 0 -wx 011 3 = 0 + 2 + 1 r-- 100 4 = 4 + 0 + 0 r-x 101 5 = 4 + 0 + 1 rw- 110 6 = 4 + 2 + 0 rwx 111 7 = 4 + 2 + 1 WB4 Ch5: chmod Revisited: Octal Notation Each digit in the 3 digit octal number indicates which permissions are to be granted a particular access class. Example #1: Command Line foos Resulting Permissions chmod 662 foo rw-rw--w- WB4 Ch5: chmod Revisited: Octal Notation 6 = 4 + 2 + 0 = rw- for (u)ser owner 6 = 4 + 2 + 0 = rw- for (g)roup owner 2 = 0 + 2 + 0 = -w- for (o)ther Example #2: (allowing others to search a home directory to access a publicly accessible subdirectory) Command Line pubs Resulting Permissions chmod 701 ~ rwx-----x WB4 Ch5: chmod Revisited: Octal Notation 7 = 4 + 2 + 1 = rwx for (u)ser owner 0 = 0 + 0 + 0 = --- for (g)roup owner 1 = 0 + 0 + 1 = --x for (o)ther Example #3: (assigning default directory permissions) Command Line foos Resulting Permissions chmod 775 foo rwxrwxr-x WB4 Ch5: chmod Revisited: Octal Notation 7 = 4 + 2 + 1 = rwx for (u)ser owner 7 = 4 + 2 + 1 = rwx for (g)roup owner 5 = 4 + 0 + 1 = r-x for (o)ther WB4 Ch6: Controlling Default Permissions: umask When a new file is created in Linux, the kernel assigns it a set of default permissions: Directory file Ordinary file Kernel default permissions rwxrwxrwx rw-rw-rw- WB4 Ch6: Controlling Default Permissions: umask Directory file Kernel default permissions Default umask -------------------------------------- Effective default permissions rwxrwxrwx 777 w 002 ------------------------------ rwxrwxrx 775 Since we often want a different set of permissions than the kernels default set, we can apply a umask value (default is 002 for ordinary users): WB4 Ch6: Controlling Default Permissions: umask Ordinary file Kernel default permissions Default umask -------------------------------------- Effective default permissions rwrwrw 666 w 002 ------------------------------ rwrwr 664 Since we often want a different set of permissions than the kernels default set, we can apply a umask value (default is 002 for ordinary users): WB4 Ch6: Controlling Default Permissions: umask To determine your shells current umask value:
umask
To change your shells umask value for the duration that the shell is open: umask NNN (where NNN is an octal number)
To automatically change the bash shells umask value upon login: add umask NNN to ~/.bashrc