{"id":217,"date":"2015-05-18T11:18:42","date_gmt":"2015-05-18T10:18:42","guid":{"rendered":"http:\/\/www.troliver.com\/?p=217"},"modified":"2023-07-30T12:42:16","modified_gmt":"2023-07-30T11:42:16","slug":"a-brief-summary-on-unix-permissions","status":"publish","type":"post","link":"https:\/\/www.troliver.com\/?p=217","title":{"rendered":"A summary of Unix permissions"},"content":{"rendered":"<p>Here&#8217;s a quick overview of Unix permissions:<\/p>\n<ul>\n<li>A file, or directory, has associated permissions for an <strong>owner<\/strong>, a <strong>group<\/strong> and for <strong>all other users<\/strong>.<\/li>\n<li>Each of those three categories, owner, group or world, can have permissions for being able to&nbsp;<strong>read,&nbsp;<\/strong><strong>write,&nbsp;<\/strong>and&nbsp;<strong>execute<\/strong> a file or directory on the system. Each is set to either 1 (true, able to do so) or 0 (false, not able to do so)<\/li>\n<li>The state of these permissions are represented by a single number, which, viewed in binary, correlates to each of the three permissions. Your final permission is represented by <strong>adding together<\/strong> all of the bits for each user.&nbsp;With all three bits set to true, the number would be 7; with none set, the number is 0.<\/li>\n<li>In total, there are <strong>9 possible permissions<\/strong> that can be set; the read, write and execture ability for the owner, a group and all other users in relation to a file or&nbsp;directory.<\/li>\n<\/ul>\n<p>If you look at the diagram below, permissions can be added up in each of the columns to give you the final permission for that particular&nbsp;category.<\/p>\n<p><a href=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/fileperm3.png\"><img decoding=\"async\" loading=\"lazy\" class=\" size-full wp-image-215 aligncenter\" src=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/fileperm3.png\" alt=\"fileperm3\" width=\"266\" height=\"70\"><\/a><\/p>\n<p>So a permission of 6&nbsp;doesn&#8217;t&nbsp;necessarily grant any more than than a permission of 5 would; it is simply a combination of different&nbsp;permissions; a 6&nbsp;means you can write to a file or directory instead of execute it, which 5 would allow you to do. The next example might explain that further;<\/p>\n<p><a href=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/fileperm2.png\"><img decoding=\"async\" loading=\"lazy\" class=\" wp-image-207 size-full aligncenter\" src=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/fileperm2-e1431941735502.png\" alt=\"fileperm2\" width=\"707\" height=\"218\" srcset=\"https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/fileperm2-e1431941735502.png 707w, https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/fileperm2-e1431941735502-300x93.png 300w\" sizes=\"(max-width: 707px) 100vw, 707px\" \/><\/a><\/p>\n<p>This example of permissions set to <em>766<\/em>&nbsp;allows everybody to do anything, but only the owner can execute files. It is probably best advised that you only allow the owner and the group to have the write bit set, unless you want anyone at all to be able to change files!<\/p>\n<p>If you want to set the permissions to a file or folder in Linux, you can type the following, which will set the new permissions for a file or directory;<\/p>\n<pre class=\"lang:sh decode:true\">chmod 766 filename<\/pre>\n<p>To see the permissions of any files, you can list the files in a directory with the switch -l<\/p>\n<p><a href=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/test4.png\"><img decoding=\"async\" loading=\"lazy\" class=\" size-full wp-image-218 aligncenter\" src=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/test4.png\" alt=\"test4\" width=\"534\" height=\"66\" srcset=\"https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/test4.png 534w, https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/test4-300x37.png 300w\" sizes=\"(max-width: 534px) 100vw, 534px\" \/><\/a><\/p>\n<p>Here you can see that the file&nbsp;<em>hello.txt<\/em> can be read and written only by the owner, but everyone else can still read it. Similarly, both the owner and group of the&nbsp;<em>public-resources<\/em> folder can read, write and execute it, but anyone else can only view and execute it. You can also see the group and owner association of the file or directory.<\/p>\n<p>Note also that there is an additional bit at the start, which sometimes says &#8220;<em>d<\/em>&#8221; &#8211; this indicates that it is a directory. It is important to&nbsp;mention is that in order to browse a directory, to &#8220;open&#8221; it, you have to execute it. In this way, you can allow or deny access to being able to view the contents of a directory by removing the execute bit. It is probably advisable, if you want folders.<\/p>\n<h2>Default permissions; Umask, Fmask and Dmask<\/h2>\n<p>One addition to the above post is&nbsp;<em>masks<\/em>. What are the default permissions for files and folders?<\/p>\n<ul>\n<li>Fmask is the&nbsp;<strong>f<\/strong>ile mask. This is 666 by default.<\/li>\n<li>Dmask is the&nbsp;<strong>d<\/strong>irectory mask. This is 777 by default.<\/li>\n<li>The Umask is what will restrict these two masks simultaneously, by binary&nbsp;<em>AND<\/em> logic (in other words, subtracting itself from the other two masks)<\/li>\n<\/ul>\n<p>Notice that, although the&nbsp;<em>dmask<\/em> is not restricted in any way, the&nbsp;<em>fmask<\/em> doesn&#8217;t allow execution by default. You can manually make the file executable with&nbsp;<em>chmod<\/em>&nbsp;<em>+x,&nbsp;<\/em>however. To display your current mask (per user), simply type in&nbsp;<em>umask<\/em> &#8211; it will likely be 0002 or 0022 &#8211; meaning that groups and other users have their write permission disabled by default. You can set it by typing the new mask you want in, e.g.&nbsp;<em>umask 0062<\/em>, which will now restrict group members from being able to do anything (there are times this might be useful!).<\/p>\n<p>As for why you can&#8217;t have execute set on files by default? Security I guess; to stop people accidentally creating executable files that should just be text. <a href=\"http:\/\/unix.stackexchange.com\/questions\/102075\/why-are-666-the-default-file-creation-permissions\">Here&#8217;s a good look<\/a> at what actually happens when a file is created; its apparent that this limit is hard coded (so even Linux caters for users who might accidentally mess things up!).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here&#8217;s a quick overview of Unix permissions: A file, or directory, has associated permissions for an owner, a group and for all other users. Each of those three categories, owner, group or world, can have permissions for being able to&nbsp;read,&nbsp;write,&nbsp;and&nbsp;execute a file or directory on the system. Each is set to either 1 (true, able [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[21],"tags":[20,44,43],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6PQZ3-3v","_links":{"self":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/217"}],"collection":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=217"}],"version-history":[{"count":5,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/217\/revisions"}],"predecessor-version":[{"id":685,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/217\/revisions\/685"}],"wp:attachment":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}