Firstly, I will start by the basic.
The first character will indicate if it is a regular file (-), directory (d), block (b), character (c), socket (s) or symbolic link (l)
# ls -l file
-rw-r--r-- 1 root system 0 Sep 09 13:26 file
# ls -ld directory
drwxr-xr-x 2 preciado usr 256 Sep 09 13:29 directory
# ls -l symbolic_link
lrwxrwxrwx 1 preciado usr 4 Sep 09 13:30 symbolic_link -> file
The rest of the characters will indicate the type of permissions by the users of the system.
Permissions
The three firsts are referred to the owner of the file (in this case root), in this case he will have read and write permissions.
# ls -l file-rw-r--r-- 1 root system 0 Sep 09 13:26 file
The three seconds are for the group owner (system), it will have read permissions
# ls -l file
-rw-r--r-- 1 root system 0 Sep 09 13:26 file
The three lasts are for other (rest of users), they will have read permissions.
# ls -l file
-rw-r--r-- 1 root system 0 Sep 09 13:26 file
Permission can also be represented in octal format where
r = 4
w = 2
x = 1
So, in our example we have a file that would be
owner = 6 (42-)
group = 4 (4--)
other = 4 (4--)
and if we take a look at the directory, it would be
owner = 7 (421)
group = 5 (4-1)
other = 5 (4-1)
Permissions for file are highly transparent, r (you can read file), w ( write and delete), x (execute)
For directories,
it is useful to make some clarifications, you will need r (read) and x
(execute) to be able to do things in that directory. You can do the test
and try operations in a directory where you don't have execute
permissions. For instance, try "cd" into that directory.
Write permissions let you write and delete files in that directory, even if you are not the owner of the file.
Note: root is special, it is always granted rwx to all directories and rw to all files. If any of the x of the file is set, root has also execute permission.
Setuid and sgid
They are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group respectively
They are represented with an "s" in the position of the executable bit# ls -l setuid
-rwsr-sr-- 1 preciado usr 0 Sep 09 16:46 setuid
This means that everyone who runs this file, it will run it as user preciado.
Note: Due to potential security issues, many operating systems ignore the setuid attribute when applied to executable shell scripts. If you need to skip this, take a look at the first link in the reference section
When the setgid is set in a directory has a different meaning.
# ls -l sgid
dr-xr-sr-- 1 preciado usr 0 Sep 10 09:54 sgid
Setting the setgid permission on a directory causes new files and subdirectories created within it to inherit directory's group ID instead of the primary group ID of the user who created the file
Note: The setuid permission set on a directory is ignored.
You could find an S (capital s) that means that file has the setuid/sgid but it does not have the executable bit, what it doesn't make much sense
Sticky bit
It is set on a directory. If so, you have to be the owner of the file in order to be able to delete files. A good example is /tmp directory.It is represented with a "t"
# ls -ld /tmp
drwxrwxrwt 41 bin bin 28672 Sep 10 10:18 /tmp
Umask
It is a command that determines the permissions that a file or folder will have when they are created. The best way to understand this it is by applying the following equation.Permissions of a folder = 777 - umask
Permissions of a file = 666 - umask
In this case, if we use the equation above, we have 777 - 022 (umask) = 755 ( Permissions of umask_dir)
# umask
022
# mkdir umask_dir
# ls -ld umask_dir
drwxr-xr-x 2 preciado usr 256 Sep 10 12:08 umask_dir
For a file, if we use the equation above, we have 666 - 022 (umask) = 644 ( Permissions of umask_file)
# umask
022
# touch umask_file
# ls -l umask_file
-rw-r--r-- 1 preciado usr 0 Sep 10 12:05 umask_file
This is in this way because many operating systems do not allow a file to be created with execute permissions
Chmod
It is the command which change the access permissions to files and directories. Only the owner of a file or root can change the permissions. If you change the permissions on a symbolic link, you will change the target file.The easiest way to use this command is with digits, as I stated above 4 means read permissions, 2 write and 1 execute, so if you want to give rwx for the owner that will be 7, if you want to give rx for the group that will be 5 and if you want to give r permissions for other that will be 4, so the command will be
# chmod 754 file
# ls -l file
-rwxr-xr-- 1 root system 0 Sep 09 13:58 file
You also have to use chmod to grant setuid, sgid and sticky bit. There are a couple of ways to do this but I will explain it in the octal way.
You have to add a new bitfield:
4 to set setuid
2 to set sgid
1 to set sticky bit
Let's go with some examples:
# chmod 4754 file
# ls -l file
-rwsr-xr-- 1 root system 0 Sep 09 13:58 file
# chmod 5754 file
# ls -l file
-rwsr-xr-T 1 root system 0 Sep 09 13:58 file (remember: capital T is because the x bit is not set for other)
# chmod 3755 file
# ls -l file
-rwxr-sr-t 1 root system 0 Sep 09 13:58 file (now we have added execute permissions for other and the sticky bit, so we see t in lower case)
Chown
It is a command used to change the owner of a file or folder. Only root or users with root permissions can use it although you are the owner of the file.What you can use it is the command chgrp to change the owner group of the file
