6
|
I have a directory that has the following permissions set:
On the desktop, I access this folder and right click to create a new file call
foo.txt . Then using the terminal, I created another file using the command $ touch bar.txt .
When I check the permissions for these files, I have:
I was expecting
-rw-r-----. user group . How did the extra write permission for group and read permission for others come about? | ||
add a comment
|
6
| setguid
There are 2 forces here at work. The first is the setgid bit that's enabled on the folder,
folder .
That's the
s in the pack of characters at the beginning of this line. They're grouped thusly:
The
r-s means that any files or directories created inside this folder will have the group automatically set to the group group .
That's what caused the files
foo.txt and bar.txt to be created like so:
permissions & umask
The permissions you're seeing are another matter. These are governed by the settings for your
umask . You can see what your umask is set to with the command umask :
NOTE: these bits are also called "mode" bits.
It's a mask so it will disable any of the bits related to permissions which are enabled. In this example the only bit I want off is the write permissions for other.
The representation of the "bits" in this command are in decimal form. So a 2 equates to 010 in binary form, which is the write bit. A 4 (100) would mean you want read disabled. A 7 (111) means you want read/write/execute all disabled. Building it up from here:
Would disable the read/write/execute bits for other users.
So then what about your files?
Well the
umask governs the permissions that will get set when a new file is created. So if we had the following umask set:
And started touching new files, we'd see them created like so:
If we changed it to something else, say this:
It won't have any impact on files that we've already created though. See here:
So then what's going on with the file browser?
The
umask is what I'd called a "soft" setting. It is by no means absolute and can be by-passed fairly easily in Unix in a number of ways. Many of the tools take switches which allow you to specify the permissions as part of their operation.
Take
mkdir for example:
With the
-m switch we can override umask . The touch command doesn't have this facility so you have to get creative. See this U&L Q&A titled: Can files be created with permissions set on the command line? for just such methods.
Other ways? Just override
umask . The file browser is most likely either doing this or just completely ignoring the umask and laying down the file using whatever permissions it's configured to do as.
=====================================
Command line method:
Just run:
Note that
chmod does also have some more advanced options. It accepts three groups of options, represented as --- --- --- . The first set of --- is User. The second is Group and the last is Other (everyone else).r stands for Read, w for Write and x for eXecute.
To allow everyone to read it, but only Group to execute and User to read and write it would be
-rw- rx- r-- . This would be added to the command as:
chmod also can do this in numbers. It is based on binary.
So there are these numbers:
Execute by user is
100 . Execute by group is 010 . Execute by other is 001
Write by user is
200 . Write by group is 020 . Write by other is 002 .
Read by user is
400 . Read by group is 040 . Read by other is 004 .
Then you add these together to get the desired combination.
So to allow everyone to read it, but only Group to execute and User to write it would be
400 + 040 + 004 and 010 and 200
That adds up to
600 + 050 + 004 = 654 .
You could then run the command.
to set it. So to set all permissions you can run:
or
Finally, you can do:
To take all permissions away from everyone.
And:
To add read and write for the user, without affecting any other permissions (e.g. Execute permissions).
This website has a very useful little tool, whereby you can tick the options you want and it gives you the command:
However, not all the possible combinations are sensible to use; the main ones that are used are the following:
And, if you're using non-trivial user groups:
777 and 666 are rarely used, except in
/tmp . |
No comments:
Post a Comment