r = 4
w = 2
x = 1
- = 0
(rw- ) (rw-) (r--)
| | |Here's a list of some common settings, numerical values and their meanings:
4+2+0 4+2+0 4+0+0
-rw------- (600) -- Only the user has read and write permissions.
-rw-r--r-- (644) -- Only user has read and write permissions; the group and others can read only.
-rwx------ (700) -- Only the user has read, write and execute permissions.
-rwxr-xr-x (755) -- The user has read, write and execute; the group and others can only read and execute.
-rwx--x--x (711) -- The user has read, write and execute permissions; the group and others can only execute.
-rw-rw-rw- (666) -- Everyone can read and write to the file. Bad idea.
-rwxrwxrwx (777) -- Everyone can read, write and execute. Another bad idea.
Here are a couple common settings for directories:
drwx------ (700) -- Only the user can read, write in this directory.
drwxr-xr-x (755) -- Everyone can read the directory, but its contents can only be changed by the user.
# relative method of chmod command:
chmod g+rw filename - adds read and write permission to group
chmod u+x filename - adds execute permission to user
chmod g-w filename - takes away write permission from goup
chmod a-w filename - takes away write from user, group, and other
chmod o=rx filename - sets read and execute permission for other
chmod go=r * - sets read permission only for group and other, for all non-hidden files in the current directory
To see the ACL of a file use getfacl.
Before using setfacl, getfacl would have returned something like:
# file: file.txt
# owner: root
# group: root
user::rwx
group::---
other::---
more in chapter 24 of the manual
