Recently when I was surfing around the /var/log directory I've noticed some directory has a '+' symbol in the file permission column while other have a '.' (dot) in their file permission column. Does anyone know what the '.' (dot) or '+' means in the file permission?
Quoted from man acl:
• For files that have a default ACL or an access ACL that contains more than the three required ACL entries, the ls(1) utility in the long form produced by ls -l displays a plus sign (+) after the permission string.
i.e. it means Access Control Lists in effect.
Related
I stumbled upon this construction:
((($(stat -c '0%#a' "$FILE_PATH") & $(stat -c '0%#a' "${FILE_PATH%/*}") & 0007) == 0))
I understand that first parenthesis part returns file permission bits in octal, and second path returns file's folder (everything in Linux is a file) permissions. But what is the last bitwise operation for? Is it check for some vulnerability?
I see that first stat -c "0%#a" file returns 00640 and stat -c "0%#a" file_path returns 00640, with 0007 the whole expression 00640 & 00640 & 0007 = 0, but what does it mean concerning to Linux file permissions?
stat -c '0%#a' "$FILE_PATH" gets the permissions of your file itself, with a leading 0 to ensure that they're interpreted in octal.
stat -c '0%#a' "${FILE_PATH%/*}" gets the permission of the directory that contains that file.
ORing together the above results us tells us which permissions either of the above have, whereas ANDing them tells us which permissions both have. The above logic does a bitwise AND, but it would be safer / more secure if it did a bitwise OR.
0007 looks only at "other" permissions: Whether users who are neither the owner nor in the group have any read, write or execute. ANDing with this set tells us if the result of the above operation includes any permissions applicable to users who neither own or share a group with the file or directory.
As currently written, by ANDing together the directory and file permissions, and then ANDing that with 0007, we check if both the file and directory are readable, writable, or executable by users who don't have any ownership interest; but we miss cases where the directory is readable/writable/executable but not the file, or the file but not the directory.
If this were fixed, by ORing together the file and directory permissions and then ANDing the result with 0007, the net effect is to check whether the file or its containing directory can be read, written, or executed (for the directory, cd'd into) by users who neither own nor are in the group that owns that filesystem object.
I have set the following permission using nfs4_sefacl
$ sudo nfs4_setfacl -a A:g:foo-group#mydomain.com:rwx /mnt/shared
$ sudo nfs4_getfacl /mnt/shared
# file: /mnt/shared
A:g:foo-group#mydomain.com:rwx
A::OWNER#:rwaDxtTnNcCy
A:g:GROUP#:rwaDxtTnNcy
A::EVERYONE#:rxtncy
Interestingly, the users of foo-group are able to create only files under /mnt/shared, but they are unable to create any directories under the folder.
I am new to nfs4_setfacl, may I know what am I missing?
The volume is mounted as NFS4 volume correctly.
The permissions for the foo-group group need to be inherited. ACE (entry) for foo-group doesn't have the d and f flags.
Granted, the other ACEs also don't have these flags, but the NFS' file creation rules cover that case. On Linux, file creation would usually set the mode and not the ACL, and the mode would have reasonable behavior for the 3 regular principals - owner, group, and other.
I have a directory with drwxrwxr-x+ permissions. I want to change this permission to drwxr-xr-x
Please suggest the command to change the above permissions.
Let's analyze the desired result:
drwxr-xr-x
d just means this is a directory, we can ignore it:
rwxr-xr-x
translate it to binary code:
11110101 (0 is equivalent to -).
Translate each 3 digits to a decimal number:
755: 111 → 7, 101 → 5
Eventually just type this:
chmod 755 <dirname>
This will work:
chmod g-w <dirName>
'chmod' command can be used to change permissions for 'user', 'group', and 'others'. You can use the shorthand notation "u/g/o" in combination or individually, along with "+/-" and "r/w/x" to control the permissions.
Permissions look like this "drwxrwxrwx":
u - user's permissions (Represtend by first three characters after d
in permissions)
g - group's permissions(Represtend by next three characters
after user's permissions)
o - others permissions (Represtend by next three characters
after group's permissions)
'+/-' : Choose either to remove or add permission
'r/w/x' : Types of permisson r-read, w-write, x-execute
Here is what I have to do
“ Make a script to find all old, unused files, larger than 1 megabyte, starting at a directory supplied by the user (default: /tmp). Make “old” be more than a month by default, but allow the user to change it. Similarly make the size be one megabyte by default, but allow the user to change it.”
I have attempted several scripts but can’t seem to get this right. Here is what I wrote:
#!/bin/bash
find /home/usr/local/temp -atime +31 –size +1M
# Then to allow permission for everyone
chmod u+x Filename
In –size you seem to be using the Unicode en dash instead of an ASCII hyphen. Otherwise your command is fine.
Consider adding type -f to find only files, not directories.
find /home/usr/local/temp -atime +31 -size +1M -type f
Also, by "allow the user to change it", I think it means allow the user to change the parameters, like 10 days and 5 MB, not giving the user write permission.
I ran ls -l on my centOS 6.10 on a specific file.
My question is what is the meaning of this dot(.) before 1?
-rw-r--r--. 1 root root 575 Oct 23
It means that the file has an SELinux context. Use ls -Z to see the actual SElinux context values. It's documented on the "info" file for GNU Coreutils: What-information-is-listed.
The relevant quote:
Following the file mode bits is a single character that specifies
whether an alternate access method such as an access control list
applies to the file. When the character following the file mode
bits is a space, there is no alternate access method. When it is a
printing character, then there is such a method.
GNU ‘ls’ uses a ‘.’ character to indicate a file with a security
context, but no other alternate access method.
A file with any other combination of alternate access methods is
marked with a ‘+’ character.
Follow the link for more details