User Rights letters to numbers
I am having Problems converting user rights. I want to assign the following rights to certain files/folders but dont know hat to translate them into a format which chmod will work with like chmod 755
.
-rwxrwxrwx
will be?
And
drwxr-xr-x
will be?
And finally
-rw-r--r--
will be?
Solution 1:
Short version:
Permissions can include: read(r), write(w), execute(x)
Therefore, permissions are expressed in a row of three characters, for example rwx (to give all permissions)
When a permission is denied, a "-" is placed, for example:
r--
to give only read permission.-
because there are three types of users, we will need 3 x 3 characters:
owner | owner group | others
for example
rwx
rwx
rwx
gives all types of users all permissions. -
these permissions can be expressed in octal numbering, where:
read = 4 write = 2 execute = 1 so: r-- = 4 rw- = 6 rwx = 7
-
example:
rw- r-- r--
gives everyone read permission, only user can write. In octal:
644
(4+2+0 | 4+0+0 | 4+0+0 )
Your example:
-rwxrwxrwx
is probably the output of ls -l
, where the preceding -
means it is a file. In your second example:
drwxr-xr-x
the item is a directory (d
)
About the s
flag
from Wikipedia:
setuid and setgid (short for "set user ID upon execution" and "set group ID upon execution", respectively)1 are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group respectively and to change behaviour in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task.
An example is passwd
(-rwsr-xr-x
) which can change write-protected files on behalf of a user.
A pretty good description is to be found here on Wikipedia.
The t
flag (sticky bit)
(Again) from Wikipedia:
When a directory's sticky bit is set, the filesystem treats the files in such directories in a special way so only the file's owner, the directory's owner, or root user can rename or delete the file. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of the file's owner.
On Linux systems, the t
flag is ignored when used on files.
See also here on Wikipedia.
Solution 2:
You don't need to convert them to numbers. chmod
understands symbols just fine, if you split them into user, group and other fields. The following are equivalent:
chmod 755
chmod u=rwx,g=rx,o=rx
So given a set of permissions like, split them like so:
-rwxrwxrwx == - rwx rwx rwx
drwxr-xr-x == d rwx r-x r-x
-rw-r--r-- == - rw- r-- r--
And then assign the first triplet to u
, the second to g
and the third to o
, skipping the hyphens:
chmod u=rwx,g=rwx,o=rwx
chmod u=rwx,g=rx,o=rx
chmod u=rw,g=r,o=r
When two fields are the same, you can combine them. The last chmod
would be the same as:
chmod u=rw,go=r
And you can use a
(all) to assign to u
,g
and o
at once, so the first is equivalent to:
chmod a=rwx
Now, there are a few special permission bits: s
(setuid/setgid) and t
(sticky bit).
These are shown over the field where x
is normally seen, so if a directory has the sticky bit for others, you'd see a t
(if execute permissions are present) or a T
(if execute permissions are not present) . For example, the permissions of /tmp
:
drwxrwxrwt
In such cases, you need to write t
as xt
, and s
as rwxs
:
chmod u=rwx,g=rwx,o=rwxt
-
The setuid bit means that when this file is executed, it runs as the user who owns the file, not as the user executing it. Consider
passwd
(used for changing the password):# stat `which passwd` Access: (4755/-rwsr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
If I (user
muru
) runpasswd
, the process that is started runs withroot
's permissions, not with mine. It is usually seen on binaries which need to be root for performing some action (passwd
edits/etc/shadow
, for example). The setgid bit on a directory means that any newly created files or directories in it inherit the group ownership. It is usually seen on directories used for web or FTP servers, etc.
The sticky bit means that even if an user has write permissions on the directory, they cannot move or rename another user's files. It is usually seen on shared directories, like
/tmp
.