chmod [a]bcd
| a |
|
sticky:1, setgid:2, setuid:4 (optional, default: 0) |
| b |
owner |
x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7 |
| c |
group |
x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7 |
| d |
everyone |
x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7 |
- Note: only file/dir owner can chmod it
- Note: scripts need both
x and r permissions to execute (that’s because scripts are read into interpreter)
(only r is enough if ran via ruby script.rb, sh script.sh)
files
| sticky on files |
no effect |
| setgid on execable binaries |
no matter who executes, process runs as file’s group |
| setuid on execable binaries |
no matter who executes, process runs as file’s owner |
| setuid/setgid on scripts |
ignored due to security issues |
| setuid/setgid on non-execables |
no effect |
Warning: setuid is dangerous
directories
| x on dirs |
cd, stat (e.g. ls -l), inode lookup (access files) |
| w on dirs |
add/delete/rename files (requires x for inode lookup) |
| r on dirs |
ls |
- Note: having
xw on a dir is enough to delete any file in it (unless it has sticky bit)
sticky on dirs
- only used when writable by group/everyone
- files in dir can only be edited/deleted by their owner (think
/tmp)
- symlinks only work if target is within this dir
setgid on dirs
- all files/subdirs created by anyone in this dir inherit its group
- all subdirs inherit this bit when created
setuid on dirs
sources
