File Attributes
#/$ ls -l /tmp drwxr-xr-x 4 vijay wheel 10 Apr 16 2010 testFolder -rw-r--r-- 2 vijay wheel 368884 Feb 13 2012 news.txt -rwx------ 2 vijay wheel 2687 Feb 13 2012 secret.txt -rwxr-xr-x 2 vijay wheel 11762 Nov 10 2011 code.c
Symbolic permissions
Option | Letter | Represents |
(who) | u | User |
(who) | g | Group owner |
(who) | o | Other |
(who) | a | All (“world”) |
(action) | + | Adding permissions |
(action) | - | Removing permissions |
(action) | = | Explicitly set permissions |
(permissions) | r | Read |
(permissions) | w | Write |
(permissions) | x | Execute |
(permissions) | t | Sticky bit |
(permissions) | s | Set UID or GID |
To modify the access rights, modify the file attributes.
# chmod 777 testfile | Allows access by File Owner, Group Members, and All-other-users. |
# chmod –R 755 /tmp/test/ | -R affects access rights all the files and sub-folders in /tmp/test/ |
# chmod go= testfile | Symbolic permission (who) (action) (permissions) |
# chmod go-w,a+x testfile |
Extended file attributes
# getfacl testfile # setfacl -k testfile # setfacl -m u:trhodes:rwx,group:web:r--,o::--- testfile
setuid (4), setgid (2), and sticky (1) permissions
# chmod 4755 testfile=> File will always use permissions and the same user ID of who assigned it)
-rwsr-xr-x (x of owner is replaced with s)
# chmod 2755 testfile
=> File will always use permissions of the group (of the group to assigner belongs)
-rwxr-sr-x (x of group is replaced with s)
# chmod 1777 testdir
=> Allows file deletion only by the owner (make sense for directories)
drwxrwxrwt (x of all-users is replaced with t)
File flags (FreeBSD specific)
File flags are used to prevent accidental editing/removal of files (non-directory) by the root and/or the file owners in FreeBSD.To view them:
# ls -lo /etc | grep rc.conf -rw-r--r-- 1 root wheel schg 1897 Mar 1 2012 rc.conf
In the above case, the secret tool 'schg' makes the file rc.conf unmodifiable even by the superuser (root) without removing the flag. This feature provides one additional level of protection for important files from accidental modifications by the system administrator(s).
Super user (root) only assignable flags
- sappnd, sappend : sets the system append-only flag (by super-user only)
- sunlnk, sunlink : sets the system undeletable flag (by super-user only)
- schg, schange, simmutable : sets the system immutable flag (by super-user only)
Normal user assignable flags
- uappnd, uappend : sets the user append-only flag (by owner or super-user only)
- uunlnk, uunlink : sets the user undeletable flag (by owner or super-user only)
- uchg, uchange, uimmutable : sets the user immutable flag (by owner or super-user only)
To edit these flags chflags command is used. For example:
# chflags sunlink testfile => Undeletable # chflags nosunlink testfile # chflags schg httpd.conf => System immutable (no change) flag # chflags noschg httpd.conf
File Ownership
To change the file ownership:# chown –R vijay:wheel *
Note: Unix commands and file locations used here have been tested on FreeBSD systems.
No comments:
Post a Comment