summaryrefslogtreecommitdiff
path: root/misc/slackbook/html/filesystem-structure-permissions.html
diff options
context:
space:
mode:
Diffstat (limited to 'misc/slackbook/html/filesystem-structure-permissions.html')
-rw-r--r--misc/slackbook/html/filesystem-structure-permissions.html314
1 files changed, 314 insertions, 0 deletions
diff --git a/misc/slackbook/html/filesystem-structure-permissions.html b/misc/slackbook/html/filesystem-structure-permissions.html
new file mode 100644
index 00000000..0f951e77
--- /dev/null
+++ b/misc/slackbook/html/filesystem-structure-permissions.html
@@ -0,0 +1,314 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content="HTML Tidy, see www.w3.org" />
+<title>Permissions</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
+<link rel="HOME" title="Slackware Linux Essentials" href="index.html" />
+<link rel="UP" title="Filesystem Structure" href="filesystem-structure.html" />
+<link rel="PREVIOUS" title="Filesystem Structure" href="filesystem-structure.html" />
+<link rel="NEXT" title="Links" href="filesystem-structure-links.html" />
+<link rel="STYLESHEET" type="text/css" href="docbook.css" />
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+</head>
+<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
+alink="#0000FF">
+<div class="NAVHEADER">
+<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
+cellspacing="0">
+<tr>
+<th colspan="3" align="center">Slackware Linux Essentials</th>
+</tr>
+
+<tr>
+<td width="10%" align="left" valign="bottom"><a href="filesystem-structure.html"
+accesskey="P">Prev</a></td>
+<td width="80%" align="center" valign="bottom">Chapter 9 Filesystem Structure</td>
+<td width="10%" align="right" valign="bottom"><a href="filesystem-structure-links.html"
+accesskey="N">Next</a></td>
+</tr>
+</table>
+
+<hr align="LEFT" width="100%" />
+</div>
+
+<div class="SECT1">
+<h1 class="SECT1"><a id="FILESYSTEM-STRUCTURE-PERMISSIONS"
+name="FILESYSTEM-STRUCTURE-PERMISSIONS">9.2 Permissions</a></h1>
+
+<p>Permissions are the other important part of the multiuser aspects of the filesystem.
+With these, you can change who can read, write, and execute files.</p>
+
+<p>The permission information is stored as four octal digits, each specifying a different
+set of permissions. There are owner permissions, group permissions, and world
+permissions. The fourth octal digit is used to store special information such as set user
+ID, set group ID, and the sticky bit. The octal values assigned to the permission modes
+are (they also have letters associated with them that are displayed by programs such as
+<tt class="COMMAND">ls</tt> and can be used by <tt class="COMMAND">chmod</tt>):</p>
+
+<div class="TABLE"><a id="AEN3142" name="AEN3142"></a>
+<p><b>Table 9-1. Octal Permission Values</b></p>
+
+<table border="0" frame="void" class="CALSTABLE">
+<col width="3*" />
+<col width="1*" align="CENTER" />
+<col width="1*" align="CENTER" />
+<thead>
+<tr>
+<th>Permission Type</th>
+<th>Octal Value</th>
+<th>Letter Value</th>
+</tr>
+</thead>
+
+<tbody>
+<tr>
+<td>&#8220;sticky&#8221; bit</td>
+<td>1</td>
+<td>t</td>
+</tr>
+
+<tr>
+<td>set user ID</td>
+<td>4</td>
+<td>s</td>
+</tr>
+
+<tr>
+<td>set group ID</td>
+<td>2</td>
+<td>s</td>
+</tr>
+
+<tr>
+<td>read</td>
+<td>4</td>
+<td>r</td>
+</tr>
+
+<tr>
+<td>write</td>
+<td>2</td>
+<td>w</td>
+</tr>
+
+<tr>
+<td>execute</td>
+<td>1</td>
+<td>x</td>
+</tr>
+</tbody>
+</table>
+</div>
+
+<p>You add the octal values for each permission group. For example, if you want the group
+permissions to be &#8220;read&#8221; and &#8220;write&#8221;, you would use
+&#8220;6&#8221; in the group portion of the permission information.</p>
+
+<p><tt class="COMMAND">bash</tt>'s default permissions are:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /bin/bash</kbd>
+-rwxr-xr-x 1 root bin 477692 Mar 21 19:57 /bin/bash
+</pre>
+</td>
+</tr>
+</table>
+
+<p>The first dash would be replaced with a &#8220;d&#8221; if this was a directory. The
+three permission groups (owner, group, and world) are displayed next. We see that the
+owner has read, write, and execute permissions (<var class="LITERAL">rwx</var>). The
+group has only read and execute (<var class="LITERAL">r-x</var>). And everyone else has
+only read and execute (<var class="LITERAL">r-x</var>).</p>
+
+<p>How would we set permissions on another file to resemble <tt
+class="COMMAND">bash</tt>'s? First, let's make an example file:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">touch /tmp/example</kbd>
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/example</kbd>
+-rw-rw-r--- 1 david users 0 Apr 19 11:21 /tmp/example
+</pre>
+</td>
+</tr>
+</table>
+
+<p>We will use <tt class="COMMAND">chmod</tt>(1) (which means &#8220;change mode&#8221;)
+to set the permissions on the example file. Add the octal numbers for the permissions you
+want. For the owner to have read, write, and execute, we would have a value of <var
+class="LITERAL">7</var>. Read and execute would have <var class="LITERAL">5</var>. Run
+those together and pass them to <tt class="COMMAND">chmod</tt> like this:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod 755 /tmp/example</kbd>
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/example</kbd>
+-rwxr-xr-x 1 david users 0 Apr 19 11:21 /tmp/example
+</pre>
+</td>
+</tr>
+</table>
+
+<p>Now you may be thinking, &#8220;Why didn't it just create a file with those
+permissions in the first place?&#8221; Well the answer is simple. <tt
+class="COMMAND">bash</tt> includes a nice little built-in called <tt
+class="COMMAND">umask</tt>. This is included with most Unix shells as well, and controls
+what file permissions are assigned to newly created files. We discussed <tt
+class="COMMAND">bash</tt> built-ins to some degree in <a
+href="shell-bash.html#SHELL-BASH-ENVIRONMENT">Section 8.3.1</a>. <tt
+class="COMMAND">umask</tt> takes a little getting used to. It works very similar to <tt
+class="COMMAND">chmod</tt>, only in reverse. You specify the octal values you do not wish
+to have present in newly created files. The default umask value is <var
+class="LITERAL">0022</var>.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">umask</kbd>
+0022
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">umask 0077</kbd>
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">touch tempfile</kbd>
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l tempfile</kbd>
+-rw-------- 1 david users 0 Apr 19 11:21 tempfile
+</pre>
+</td>
+</tr>
+</table>
+
+<p>See the man page for <tt class="COMMAND">bash</tt> for more information.</p>
+
+<p>To set special permissions with <tt class="COMMAND">chmod</tt>, add the numbers
+together and place them in the first column. For example, to make it set user ID and set
+group ID, we use 6 as the first column:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod 6755 /tmp/example</kbd>
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/example</kbd>
+-rwsr-sr-x 1 david users 0 Apr 19 11:21 /tmp/example
+</pre>
+</td>
+</tr>
+</table>
+
+<p>If the octal values confuse you, you can use letters with <tt
+class="COMMAND">chmod</tt>. The permission groups are represented as:</p>
+
+<div class="INFORMALTABLE"><a id="AEN3246" name="AEN3246"></a>
+<table border="0" frame="void" class="CALSTABLE">
+<col />
+<col />
+<tbody>
+<tr>
+<td>Owner</td>
+<td>u</td>
+</tr>
+
+<tr>
+<td>Group</td>
+<td>g</td>
+</tr>
+
+<tr>
+<td>World</td>
+<td>o</td>
+</tr>
+
+<tr>
+<td>All of the above</td>
+<td>a</td>
+</tr>
+</tbody>
+</table>
+</div>
+
+<p>To do the above, we would have to use several command lines:</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod a+rx /tmp/example</kbd>
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod u+w /tmp/example</kbd>
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod ug+s /tmp/example</kbd>
+</pre>
+</td>
+</tr>
+</table>
+
+<p>Some people prefer the letters over the numbers. Either way will result in the same
+set of permissions.</p>
+
+<p>The octal format is often faster, and the one you see most often used in shell
+scripts. Sometimes the letters are more powerful however. For example, there's no easy
+way to change one group of permissions while preserving the other groups on files and
+directories when using the octal format. This is trivial with the letters.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/</kbd>
+-rwxr-xr-x 1 alan users 0 Apr 19 11:21 /tmp/example0
+-rwxr-x--- 1 alan users 0 Apr 19 11:21 /tmp/example1
+----r-xr-x 1 alan users 0 Apr 19 11:21 /tmp/example2
+<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod g-rwx /tmp/example?</kbd>
+-rwx---r-x 1 alan users 0 Apr 19 11:21 /tmp/example0
+-rwx------ 1 alan users 0 Apr 19 11:21 /tmp/example1
+-------r-x 1 alan users 0 Apr 19 11:21 /tmp/example2
+</pre>
+</td>
+</tr>
+</table>
+
+<p>We mentioned set user ID and set group ID permissions in several places above. You may
+be wondering what this is. Normally when you run a program, it is operating under your
+user account. That is, it has all the permissions that you as a user have. The same is
+true for the group. When you run a program, it executes under your current group. With
+set user ID permissions, you can force the program to always run as the program owner
+(such as &#8220;root&#8221;). Set group ID is the same, but for the group.</p>
+
+<p>Be careful with this, set user ID and set group ID programs can open major security
+holes on your system. If you frequently set user ID programs that are owned by <tt
+class="USERNAME">root</tt>, you are allowing anyone to run that program and run it as <tt
+class="USERNAME">root</tt>. Since <tt class="USERNAME">root</tt> has no restrictions on
+the system, you can see how this would pose a major security problem. In short, it's not
+bad to use set user ID and set group ID permissions, just use common sense.</p>
+</div>
+
+<div class="NAVFOOTER">
+<hr align="LEFT" width="100%" />
+<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
+cellspacing="0">
+<tr>
+<td width="33%" align="left" valign="top"><a href="filesystem-structure.html"
+accesskey="P">Prev</a></td>
+<td width="34%" align="center" valign="top"><a href="index.html"
+accesskey="H">Home</a></td>
+<td width="33%" align="right" valign="top"><a href="filesystem-structure-links.html"
+accesskey="N">Next</a></td>
+</tr>
+
+<tr>
+<td width="33%" align="left" valign="top">Filesystem Structure</td>
+<td width="34%" align="center" valign="top"><a href="filesystem-structure.html"
+accesskey="U">Up</a></td>
+<td width="33%" align="right" valign="top">Links</td>
+</tr>
+</table>
+</div>
+</body>
+</html>
+