I have a directory with drwxrwxr-x+ permissions. I want to change this permission to drwxr-xr-x
Please suggest the command to change the above permissions.
Let's analyze the desired result:
drwxr-xr-x
d just means this is a directory, we can ignore it:
rwxr-xr-x
translate it to binary code:
11110101 (0 is equivalent to -).
Translate each 3 digits to a decimal number:
755: 111 → 7, 101 → 5
Eventually just type this:
chmod 755 <dirname>
This will work:
chmod g-w <dirName>
'chmod' command can be used to change permissions for 'user', 'group', and 'others'. You can use the shorthand notation "u/g/o" in combination or individually, along with "+/-" and "r/w/x" to control the permissions.
Permissions look like this "drwxrwxrwx":
u - user's permissions (Represtend by first three characters after d
in permissions)
g - group's permissions(Represtend by next three characters
after user's permissions)
o - others permissions (Represtend by next three characters
after group's permissions)
'+/-' : Choose either to remove or add permission
'r/w/x' : Types of permisson r-read, w-write, x-execute
Related
Recently when I was surfing around the /var/log directory I've noticed some directory has a '+' symbol in the file permission column while other have a '.' (dot) in their file permission column. Does anyone know what the '.' (dot) or '+' means in the file permission?
Quoted from man acl:
• For files that have a default ACL or an access ACL that contains more than the three required ACL entries, the ls(1) utility in the long form produced by ls -l displays a plus sign (+) after the permission string.
i.e. it means Access Control Lists in effect.
Here is what I have to do
“ Make a script to find all old, unused files, larger than 1 megabyte, starting at a directory supplied by the user (default: /tmp). Make “old” be more than a month by default, but allow the user to change it. Similarly make the size be one megabyte by default, but allow the user to change it.”
I have attempted several scripts but can’t seem to get this right. Here is what I wrote:
#!/bin/bash
find /home/usr/local/temp -atime +31 –size +1M
# Then to allow permission for everyone
chmod u+x Filename
In –size you seem to be using the Unicode en dash instead of an ASCII hyphen. Otherwise your command is fine.
Consider adding type -f to find only files, not directories.
find /home/usr/local/temp -atime +31 -size +1M -type f
Also, by "allow the user to change it", I think it means allow the user to change the parameters, like 10 days and 5 MB, not giving the user write permission.
What do these file permissions mean? I am unable to understand them i tried looking at the 0-7 meanings but im unsure when they are together.
-r-------x
----rw----
-rwx--x--x
File permissions
Linux uses the same permissions scheme as Unix. Each file and directory on your system is assigned access rights for the owner of the file, the members of a group of related users, and everybody else. Rights can be assigned to read a file, to write a file, and to execute a file (i.e., run the file as a program).
To see the permission settings for a file, we can use the ls command as follows:
[me#linuxbox me]$ ls -l /bin/bash
-rwxr-xr-x 1 root root 316848 Feb 27 2000 /bin/bash
CHMOD
The chmod command is used to change the permissions of a file or directory. To use it, you specify the desired permission settings and the file or files that you wish to modify. There are two ways to specify the permissions, but I am only going to teach one way.
It is easy to think of the permission settings as a series of bits (which is how the computer thinks about them). Here's how it works:
rwx rwx rwx = 111 111 111
rw- rw- rw- = 110 110 110
rwx --- --- = 111 000 000
and so on...
rwx = 111 in binary = 7
rw- = 110 in binary = 6
r-x = 101 in binary = 5
r-- = 100 in binary = 4
Here is a table of numbers that covers all the common settings. The ones beginning with "7" are used with programs (since they enable execution) and the rest are for other kinds of files.
Directory permissions
The chmod command can also be used to control the access permissions for directories. In most ways, the permissions scheme for directories works the same way as they do with files. However, the execution permission is used in a different way. It provides control for access to file listing and other things. Here are some useful settings for directories:
Permissions as numbers are 3 octal numbers. 555, for example, when converted to 3 binary numbers is 101 101 101 which would correspond to r-x r-x r-x. The first set is owner, second set is group, third set is everyone else.
r = read
w = write
x = execute
If any of those are missing (-), then that set does not have those permissions.
From left to right, linux filesystem permissions are flags grouped in 3s
User (owner), Group, All
rwx------ = User can Read, Write, Execute
---rwx--- = Group can Read, Write, Execute
------rwx = All can Read Write, Execute
(I did not mention the flags for directory or setuid, on purpose)
etc
Next, you do not need to memorize numeric values for doing the setting
Use chmod with mnemonics
chmod a+r set the file such that All can Read
chmod g+r set the file such that Group can Read
chmod u+x set the file such that User can Execute
It's also
owner|group|all
-r-------x
owner can read, group can do nothing, others can excecute
----rw----
owner can do nothing, group can read and write, others can do nothing
-rwx--x--x
owner has full permission, group can execute, others can execute.
the first - is for special permissions such as sticky bit.
Here's a site that may help you.
I just changed my file permissions using $ sudo chmod g+s filename and my file permissions turned from drwxr-xr-x to drwxr-sr-x. How do I remove it?
Change the + for adding a permission into a - to remove it:
sudo chmod g-s filename
If you want to do this programatically, you’ll need to use some bitwise operators. Normally it’s
mode_without_suid = bitwise_and(existing_mode, bitwise_not(S_ISUID))
where S_ISUID is 0o4000, a constant that uses mode bits above the typical rwx ones of something like 0644.
For example, in python
import os
import stat
def mode_details(m):
return f"mode={oct(m)} = {stat.filemode(m)}"
mode = os.stat('foo').st_mode
print("old mode", mode_details(mode))
new_mode = mode & ~stat.S_ISUID
os.chmod('foo', new_mode)
print("new mode", mode_details(new_mode))
which prints
old mode mode=0o104654 = -rwSr-xr--
new mode mode=0o100654 = -rw-r-xr--
To remove setgid the numerical way the command is
sudo chmod 0664 $filename
The assumption here is the permission on file is 664 and we are not changing it. The left most bit in the above command represents setuid(4),setgid(2) and sticky(1). Now to represent these symbolically setuid is u+s, setgid is g+s and sticky is o+t
Example 1:-chmod u+s filename
This will setuid for the filename mentioned that is rwsr_xr_x
Example 2: chmod 2770 directory
This will set gid for the directory mentioned that is rwxr_sr_x
Regarding: "you can set (but not clear) the bits with a numeric mode"
On RHEL 7 chmod 0644 $filename did not remove the setuid(4),setgid(2) or sticky(1).
However precedeing with an extra 0 did the trick:
chmod 00644 $filename
Well would just like to add few points to clarify the approach of working with the numerical way for both files and directories.
Adding individual special permissions for either user/group/others.
chmod "X"755 file
Where X is the specific octal numeric mode for special permissions.
If you want to add multiple special permissions at a time, e.g. for both suid(4) and sgid(2) i.e. 4+2=6.
chmod "6"755 file
for suid(4), sgid(2) and sticky bit(1), i.e. 4+2+1=7
chmod "7"755 file
Deleting all special permissions (only applicable for a file)
chmod 00"0"755 file
Well, the trailing zeros before 4 digits doesn't add any values while changing the permission for a file but it does add values while changing permission for a directory.
The above numeric code will change the permission to 755 from 7755 only for a file but if you do the same for a directory it will be 6755 as it will only remove the sticky bit for others.
To remove all the special permissions for a directory.
chmod "000"755 file
Similarly, to remove suid permission and having sgid(2) and sticky bit(1) i.e. 2+1=3.
chmod 00"3"755 file
And solution using letters(r,w,x,X,s,,t) and operators(+/-) were already discussed and approved in the earlier answers.
sgid with number
#chmod 2(permission) (directory name) = for adding
#chmod 0(permission) (directory name) = for removing
sgid with word
#chmod g+s directory name = for adding
#chmod g-s directory name = for removing
I want to check whether a file on Linux has permission 555, but the file has a 755 permission instead.
So I do a boolean AND in my program:
if ((perm_of_file && perm_required) == 555)
i.e. (755 && 555 == 555)
Should this evaluate to true?
I know this is not intuitive from a programming prospective and the real background question is:
Is 755 considered as a "member" of the 555 permission group?
What I tried:
I use find -perm 555 on Linux and it doesn't list those files who has 755 permission, so I am guessing the answer to the question is NO?
If somebody can help me answer or rephrase this question, that would be very helpful.
Thanks in advance!
((file_mode && some_bits) == some_bits) # is logical and, you need bitwise and
((file_mode & some_bits) == some_bits) # is bitwise and
file modes are (still) expressed in octal notation, in most C-like languages you'll need to add a leading zero to indicate octal mode
command-line programs (such as chmod or find) don't need the leading zero, they expect the numerical mode-string to be octal
find . -mode xxx # finds files with exactly the mode xxx
find . -mode -xxx # finds files with at least the mode bits xxx set
The answer is no.
Because in 755 the owner of the file has write permission and in 555 owner has no write permission. (Although owner can change it with chmod because he's the owner!).
As I see you want to check whether one permission is inclusive in another one. If you somehow have the permissions of the files, then simply check:
if (perm_of_file >= perm_required)