The following information may have errors; It is not permissible to be read by anyone who has ever met a lawyer. Use is confined to Engineers with more than 370 course hours of electronic engineering for theoretical studies.

ph +1(785) 841 3089 Email inform@xtronics.com

From Transwiki

This is not well spelled out anywhere so I'm making my own. Each file or directory contains 12 settable permission bits, which means there are 2**12 or 4096 possible permission settings! Actually the permissions are a combination of the directory bits and the file bits which ends up as 2**24 permutations - not that all are useful. But going one step further - the state of file owner ship is another bit as is the state of directory ownership - and membership of the group - so that brings us to 2**28 states - that is 268,435,456 possible permutations.

Contents 1 Read 2 Write 3 Execute 4 SUID/SGUI (s) 5 Sticky Bit (t) 6 Unexpected Behaviors 7 Tricks 8 stat.h 9 Further Reading

[edit] Read

Allows one to read the names of the files in the directory.

[edit] Write

Allows one to modify and create files. The group ownership is that of the user in most situations, but mounted shares can be setup to change this.

[edit] Execute

Execute allows one to use the stat() system call on files within that directory - this enables one to:

• Allows one to cd into the directory
• Allows one to execute programs in a directory

Because of its role in file access the execute bit on a directory is sometimes called search permission.

[edit] SUID/SGUI (s)

The SGID bit on a directory causes any new files or directories created within to inherit the group identity of that directory rather than that of the user. Also, new sub-directories will inherit the SGID bit as well.

In the out put of ls -l small 's' is if the SUID and execut bit are both set - Capital 'S' is when only the SUID bit is set

[edit] Sticky Bit (t)

If the sticky bit is also set on the directory, only the owner of a file or the owner of the directory (and the super-user of course) will be able to delete that file.

In the out put of ls -l small 't' is when the sticky bit and the execution bit are set - Capital 'T' means only the sticky bit is set

[edit] Unexpected Behaviors

• When using nfs to see changes from editing the exports file one has to do the following in the exact order:

root@host$ umount /share
root@ server exprotfs -r
root@host$ mount /share

• With execute but not read permission on a directory, users cannot list the contents of the directory but can access files within it if they know about them!

• To delete a file requires only -wx on a directory! A user does not need any permissions or ownership on a file to delete it!

• To put or create a file in a directory requires both w and x permissions.

• samba mounts will create files with the group of the directory with out the SUID directory bit being set - similar to windows.

• nfs shares can have root_squash or all_squash and then set the user and group ID - providing for security and sometimes causing confusion.

[edit] Tricks

Recursively chmod directories only

find . -type d -exec chmod 2770 {} \; sgid

This will recursively search your directory tree (starting at dir ‘dot’) and set all directories to suid

Similarly, the following will chmod all files to 644only (and ignore the directories):

find . -type f -exec chmod 775 {} \;   #other lacks write

[edit] stat.h

#define S_IFMT  00170000  # bit mask for the file type bit fields
#define S_IFSOCK 0140000  # Socket
#define S_IFLNK  0120000  # symbolic link
#define S_IFREG  0100000  # regular file
#define S_IFBLK  0060000  # Block device
#define S_IFDIR  0040000  # directory   
#define S_IFCHR  0020000  # character-oriented device file.   
#define S_IFIFO  0010000  # FIFO or pipe. 
#define S_ISUID  0004000  # Set User ID 
#define S_ISGID  0002000  # Set Group ID
#define S_ISVTX  0001000  # sTicky bit



#define S_ISLNK(m)      (((m) & S_IFMT) == S_IFLNK)
#define S_ISREG(m)      (((m) & S_IFMT) == S_IFREG)
#define S_ISDIR(m)      (((m) & S_IFMT) == S_IFDIR)
#define S_ISCHR(m)      (((m) & S_IFMT) == S_IFCHR)
#define S_ISBLK(m)      (((m) & S_IFMT) == S_IFBLK)
#define S_ISFIFO(m)     (((m) & S_IFMT) == S_IFIFO)
#define S_ISSOCK(m)     (((m) & S_IFMT) == S_IFSOCK)

#define S_IRWXU 00700 
#define S_IRUSR 00400 # Read
#define S_IWUSR 00200 # Write
#define S_IXUSR 00100 # execute 

#define S_IRWXG 00070
#define S_IRGRP 00040
#define S_IWGRP 00020
#define S_IXGRP 00010

#define S_IRWXO 00007
#define S_IROTH 00004
#define S_IWOTH 00002
#define S_IXOTH 00001

[edit] Further Reading

• http://content.hccfl.edu/pollock/AUnix1/FilePermissions.htm