Directory Permissions
There are two special bits in the permissions field of directories. They are:- s - Set group ID
- t - Save text attribute (sticky bit) - The user may delete or modify only those files in the directory that they own or have write permission for.
Save text attribute
The /tmp directory is typically world-writable and looks like this in a listing:drwxrwxrwt 13 root root 4096 Apr 15 08:05 tmp
Everyone can read, write, and access the directory. The "t'' indicates
that only the user (and root, of course) that created a file in this
directory can delete that file. To set the sticky bit in a directory, do the following:
chmod +t data
This option should be used carefully. A possible alternative to this is
- Create a directory in the user's home directory to which he or she can write temporary files.
- Set the TMPDIR environment variable using each user's login script.
- Programs using the tempnam(3) function will look for the TMPDIR variable and use it, instead of writing to the /tmp directory.
Directory Set Group ID
If the setgid bit on a directory entry is set, files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file.This attribute is helpful when several users need access to certain files. If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group. For example, the administrator can create a group called spcprj and add the users Kathy and Mark to the group spcprj. The directory spcprjdir can be created with the set GID bit set and Kathy and Mark although in different primary groups can work in the directory and have full access to all files in that directory, but still not be able to access files in each other's primary group.
The following command will set the GID bit on a directory:
chmod g+s spcprjdir
The directory listing of the directory "spcprjdir":
drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir
The "s'' in place of the execute bit in the group permissions causes all
files written to the directory "spcprjdir" to belong to the group
"spcprj" .
Examples
| chmod u+x myfile | Gives the user execute permission on myfile. |
| chmod +x myfile | Gives everyone execute permission on myfile. |
| chmod ugo+x myfile | Same as the above command, but specifically specifies user, group and other. |
| chmod 400 myfile | Gives the user read permission, and removes all other permission. These permissions are specified in octal, the first char is for the user, second for the group and the third is for other. The high bit (4) is for read access, the middle bit (2) os for write access, and the low bit (1) is for execute access. |
| chmod 764 myfile | Gives user full access, group read and write access, and other read access. |
| chmod 751 myfile | Gives user full access, group read and execute permission, and other, execute permission. |
| chmod +s myfile | Set the setuid bit. |
| chmod go=rx myfile | Remove read and execute permissions for the group and other. |
| chown mark test1 | Changes the owner of the file test1 to the user Mark. |
| chgrp mark test1 | Changes the file test1 to belong to the group "mark". |
Note: Linux files were displayed with a default tab value of 8 in older
Linux versions. That means that file names longer than 8 may not be
displayed fully if you are using an old Linux distribution. There is an
option associated with the ls command that solves this problem. It is
"-T". Ex: "ls al -T 30" to make the tab length 30.
Umask Settings
The umask command is used to set and determine the default file creation
permissions on the system. It is the octal complement of the desired
file mode for the specific file type. Default permissions are:
- 777 - Executable files
- 666 - Text files
The permission for the creation of new executable files is calculated by subtracting the umask value from the default permission value for the file type being created. An example for a text file is shown below with a umask value of 022:
666 Default Permission for text file
-022 Minus the umask value
-----
644 Allowed Permissions
Therefore the umask value is an expression of the permissions the user,
group and world will not have as a default with regard to reading,
writing, or executing the file. The umask value here means the group
the file belongs to and users other than the owner will not be able to
write to the file. In this case, when a new text file is created it
will have a file permission value of 644, which means the owner can read
and write the file, but members of the group the file belongs to, and
all others can only read the file. A long directory listing of a file
with these permissions set is shown below.
-rw-r--r-- 1 root workgrp 14233 Apr 24 10:32 textfile.txt
A example command to set the umask is:
umask 022
The most common umask setting is 022. The /etc/profile script is where the umask command is usually set for all users. Red Hat Linux has a user and group ID creation scheme where there is a group for each user and only that user belongs to that group. If you use this scheme consistently you only need to use 002 for your umask value with normal users.
Nenhum comentário:
Postar um comentário