Monday, November 21, 2005

Permission samples

Each permission setting can be represented by a numerical value:
r = 4
w = 2
x = 1
- = 0

(rw- ) (rw-) (r--)
     |       |      |
4+2+0 4+2+0 4+0+0
Here's a list of some common settings, numerical values and their meanings:

-rw------- (600) -- Only the user has read and write permissions.

-rw-r--r-- (644) -- Only user has read and write permissions; the group and others can read only.
-rwx------ (700) -- Only the user has read, write and execute permissions.

-rwxr-xr-x (755) -- The user has read, write and execute; the group and others can only read and execute.
-rwx--x--x (711) -- The user has read, write and execute permissions; the group and others can only execute.

-rw-rw-rw- (666) -- Everyone can read and write to the file. Bad idea.
-rwxrwxrwx (777) -- Everyone can read, write and execute. Another bad idea.

Here are a couple common settings for directories:
drwx------ (700) -- Only the user can read, write in this directory.
drwxr-xr-x (755) -- Everyone can read the directory, but its contents can only be changed by the user.


# relative method of chmod command:
chmod g+rw filename - adds read and write permission to group
chmod u+x filename - adds execute permission to user
chmod g-w filename - takes away write permission from goup
chmod a-w filename - takes away write from user, group, and other
chmod o=rx filename - sets read and execute permission for other
chmod go=r * - sets read permission only for group and other, for all non-hidden files in the current directory

To see the ACL of a file use getfacl.

Before using setfacl, getfacl would have returned something like:

# file: file.txt
# owner: root
# group: root
user::rwx
group::---
other::---

more in chapter 24 of the manual