Linux/UNIX Permissions

[top] Example 

A) ---------- : file with all access denied
B) drwxrwxrwx : directory with all access allowed
C) ----------
   1234567890
Example A shows a file's permissions with all access denied.
Example B shows a directory's permission with all access allowed
Example C lays out each bit with a number underneath for reference in the following descriptions.


[top] File type codes (bit 1) 

- - normal file
d - directory
l - symbolic link
p - named pipe
s - socket
b - block device
c - character device
The first permission bit of a file is represented with one of the above characters and designates the inode type.  


[top] Permission codes (bits 2-10) 

r =  4 (read)
w = 2 (write)
x = 1 (execute)
- = 0 (no permissions)
Each permission type is assigned a value 4, 2, 1 or 0


[top] Permission groupings 

user  : -rwx------ (bits 2-4)
group : ----rwx--- (bits 5-7)
other : -------rwx (bits 8-10)
The first permission bit (indicated by 1) is represented with one of the above characters and designates the inode type.  


[top] SUID (bit 4) 

s - suid code w/ user execute permissions
-rwsrwxrwx

S - suid code w/o user execute permissions			
-rwSrwxrwx
Sometimes it necessary to run a program as the owner of the program.  Setting the SUID gives the ability to setup a program to be run as if the owner were running it.  A lower case "s" indicates that the owner has executable permissions as well.   An uppercase "S" implies the the user does not have executable permissions.


[top] SGID (bit 7) 

s - sgid code w/ group execute permissions
-rwxrwsrwx

S - sgid code w/o group execute permissions			
-rwxrwSrwx
Sometimes it necessary to run a program as the group who owns the program.  Setting the SGID gives the ability to setup a program to be run as if the group owner were running it.  A lower case "s" indicates that the group has executable permissions as well.   An uppercase "S" implies the the group does not have executable permissions.


[top] Sticky Bit (bit 10) 

t/T - sticky bit
-rwxrwxrwt
-rwxrwxrwT
The first permission bit (indicated by 1) is represented with one of the above characters and designates the inode type.  


[top] Permission assignments (bits 2-10) 

r = 4 (read)
w = 2 (write)
x = 1 (execute)
- = 0 (no permissions)
Each permission type is assigned a value 4, 2, 1 or 0


[top] Change permissions 

chmod 777 file1 OR chmod ugo+rwx file1
Here are two different ways to perform the same permission change. 

find ./ -user steved -type f -print | xargs chmod 666
find ./ -user steved -type d -print -exec chmod 666 {} \;
These commands find all of the files, in the present working directory, owned by steved and changes their permissions to 666.  Both commands do the same thing. 

find ./ -user steved -type d -print | xargs chmod 777
find ./ -user steved -type d -print -exec chmod 777 {} \;
These commands find all of the directories, in the present working directory, owned by steved and changes their permissions to 777.  Both commands do the same thing.


[top] Change ownership 

chown steved file1
This command changes ownership of the file "file1" to steved. 

find ./ -user root | xargs chown steved
This command finds all of the nodes, in the present working directory, owned by root and changes their ownership to the user steved.