I am having Problems converting user rights. I want to assign the following rights to certain files/folders but dont know hat to translate them into a format which chmod will work with like chmod 755.
-rwxrwxrwx
will be?
And
drwxr-xr-x
will be?
And finally
-rw-r--r--
will be?
Short version:
Permissions can include: read(r), write(w), execute(x)
Therefore, permissions are expressed in a row of three characters, for example rwx (to give all permissions)
When a permission is denied, a "-" is placed, for example: r-- to give only read permission.
because there are three types of users, we will need 3 x 3 characters:
owner | owner group | others
for example rwx rwx rwx gives all types of users all permissions.
these permissions can be expressed in octal numbering, where:
read = 4
write = 2
execute = 1
so:
r-- = 4
rw- = 6
rwx = 7
example:
rw- r-- r--
gives everyone read permission, only user can write. In octal:
644
(4+2+0 | 4+0+0 | 4+0+0 )
Your example:
-rwxrwxrwx
is probably the output of ls -l, where the preceding - means it is a file. In your second example:
drwxr-xr-x
the item is a directory (d)
s flagFrom the Wikipedia article on setuid:
setuid and setgid (short for "set user ID upon execution" and "set group ID upon execution", respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group respectively and to change behaviour in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task.
An example is passwd (-rwsr-xr-x) which can change write-protected files on behalf of a user.
A pretty good description is to be found here on Wikipedia.
t flag (sticky bit)(Again) from the Wikipedia article on Sticky bit:
When a directory's sticky bit is set, the filesystem treats the files in such directories in a special way so only the file's owner, the directory's owner, or root user can rename or delete the file. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of the file's owner.
On Linux systems, the t flag is ignored when used on files.
Numerically, the sticky bit, the setuid bit and setgid bit are set using the first digit of a 4-digit octal value. From man 1 chmod:
A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 4, 2, and 1. Omitted digits are assumed to be leading zeros. The first digit selects the set user ID (4) and set group ID (2) and restricted deletion or sticky (1) attributes. The second digit selects permissions for the user who owns the file: read (4), write (2), and execute (1); the third selects permissions for other users in the file's group, with the same values; and the fourth for other users not in the file's group, with the same values.
So:
rwsr-xr-x would be 4755, using the conversion for rwxr-xr-x to get 755 we saw earlier, and 4 for the setuid bit as mentioned here.rwxrwsrwt would be 3777, using the conversion for rwxr-xr-x to get 777, and the leading 3 from the setgid bit (2) and sticky bit (1).
d is not a permission flag (and maybe a link to the "s" and "t" flags for the experts) and it will be perfect!
– Rmano
Nov 18 '14 at 09:42
You don't need to convert them to numbers. chmod understands symbols just fine, if you split them into user, group and other fields. The following are equivalent:
chmod 755
chmod u=rwx,g=rx,o=rx
So given a set of permissions like, split them like so:
-rwxrwxrwx == - rwx rwx rwx
drwxr-xr-x == d rwx r-x r-x
-rw-r--r-- == - rw- r-- r--
And then assign the first triplet to u, the second to g and the third to o, skipping the hyphens:
chmod u=rwx,g=rwx,o=rwx
chmod u=rwx,g=rx,o=rx
chmod u=rw,g=r,o=r
When two fields are the same, you can combine them. The last chmod would be the same as:
chmod u=rw,go=r
And you can use a (all) to assign to u,g and o at once, so the first is equivalent to:
chmod a=rwx
Now, there are a few special permission bits: s (setuid/setgid) and t (sticky bit).
These are shown over the field where x is normally seen, so if a directory has the sticky bit for others, you'd see a t (if execute permissions are present) or a T (if execute permissions are not present) . For example, the permissions of /tmp:
drwxrwxrwt
In such cases, you need to write t as xt, and s as rwxs:
chmod u=rwx,g=rwx,o=rwxt
The setuid bit means that when this file is executed, it runs as the user who owns the file, not as the user executing it. Consider passwd (used for changing the password):
# stat `which passwd`
Access: (4755/-rwsr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
If I (user muru) run passwd, the process that is started runs with root's permissions, not with mine. It is usually seen on binaries which need to be root for performing some action (passwd edits /etc/shadow, for example).
The setgid bit on a directory means that any newly created files or directories in it inherit the group ownership. It is usually seen on directories used for web or FTP servers, etc.
The sticky bit means that even if an user has write permissions on the directory, they cannot move or rename another user's files. It is usually seen on shared directories, like /tmp.