While assigning permissions to a file with the command:
$ chmod +rwx file1.txt
Why is it that read and execute permissions are assigned to everybody, but write permission is only assigned to the user?
yes it depends on the umask of your system u might be having 0022 as your umask
chmord +rwx file.txt ---- 777
the resulting permission 777-022=755
chmod(1)
A combination of the letters ugoa controls which users' access to the file will be changed: the user who owns it (u), other users in the file's group (g), other users not in the file's group (o), or all users (a). If none of these are given, the effect is as if (a) were given, but bits that are set in the umask are not affected.
This is pretty clear. You have to check your umask value:
$ umask
0002
$ touch xyz
$ ls -l xyz
-rw-rw-r-- 1 user user 0 Sep 6 22:56 xyz
$ chmod +rwx xyz
$ ls -l xyz
-rwxrwxr-x 1 user user 0 Sep 6 22:56 xyz
$ chmod a+rwx xyz
$ ls -l xyz
-rwxrwxrwx 1 user user 0 Sep 6 22:56 xyz
Have a look at this page: Default File Permissions: umask
Related
I can't change a directory's owner even if I'm root.
I want to build a NAS by using raspberry 3B+.
So I have created a user named dorm.
Then I changed sshd_file in order to restrict SFTP users(dorm) to
only visit his home directories
Now the user(dorm) doesn't have the write permission. So After I
google it,I should mkdir a 777 directory at /home/dorm/ .So I made it by root.
Then I wanna change its owner by chown -R dorm:dorm
/home/dorm/Documents. I failed.
Maybe its best to remove the user and try again, this is what I did to make it work.
log into newly setup raspberry pi as pi user, only default logins exist.
pi#raspberrypi:~ $ whoami
pi
pi#raspberrypi:~ $ lslogins -u
UID USER PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
0 root 84 root
1000 pi 5 15:31 ,,,
add new user dorm
$ sudo adduser dorm
Adding user `dorm' ...
Adding new group `dorm' (1001) ...
Adding new user `dorm' (1001) with group `dorm' ...
Creating home directory `/home/dorm' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for dorm
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
pi#raspberrypi:~ $ lslogins -u
UID USER PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
0 root 87 root
1000 pi 5 15:31 ,,,
1001 dorm 0 ,,,
make a backup and edit your sshd_config file,
pi#raspberrypi:~ $ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config-bak
pi#raspberrypi:~ $ sudo vim /etc/ssh/sshd_config
pi#raspberrypi:~ $ diff /etc/ssh/sshd_config /etc/ssh/sshd_config-bak
122,128d121
<
< Match User dorm
< X11Forwarding no
< AllowTcpForwarding no
< PermitTTY no
< ForceCommand internal-sftp
< ChrootDirectory /home/dorm
restart ssh service with sudo service sshd restart
change the ownership of the dorm home directory to root.
$ sudo chown root:root /home/dorm
$ sudo chmod 755 /home/dorm
from the dorm user's directory use sudo as the pi user to create the Documents folder and give ownership to the dorm user
pi#raspberrypi:/home/dorm $ ls
pi#raspberrypi:/home/dorm $ mkdir Documents
mkdir: cannot create directory ‘Documents’: Permission denied
pi#raspberrypi:/home/dorm $ sudo mkdir Documents
pi#raspberrypi:/home/dorm $ ls -l
total 4
drwxr-xr-x 2 root root 4096 Feb 8 18:15 Documents
pi#raspberrypi:/home/dorm $ sudo chown -R dorm:dorm Documents
pi#raspberrypi:/home/dorm $ ls -l
total 4
drwxr-xr-x 2 dorm dorm 4096 Feb 8 18:15 Documents
test the connection etc. using your IP address from your host computer (ssh should reply No route to host)
$ sftp dorm#<IP>
dorm#<IP>'s password:
Connected to dorm#<IP>.
sftp>
you can see the created Documents folder and the user number that owns it (dorm's number)
sftp> ls -ltr
drwxr-xr-x 2 1001 1001 4096 Feb 8 18:15 Documents
you can't move out of the base directory
sftp> pwd
Remote working directory: /
sftp> cd ..
sftp> pwd
Remote working directory: /
you can't put files in the base directory as dorm doesn't have permissions. (file path will need to be altered for your system)
sftp> put /Users/<USER>/tmp
Uploading /Users/<USER>/tmp to /tmp
remote open("/tmp"): Permission denied
if you move into Documents then you can then upload files
sftp> cd Documents
sftp> put /Users/<USER>/tmp
Uploading /Users/<USER>/tmp to /Documents/tmp
/Users/<USER>/tmp 100% 0 0.0KB/s 00:00
So my home dir is set as:
drwxr--r-- 16 me users 4096 Jan 15 09:17 me
I want to copy my files from using admin user which belongs to the same group(users):
drwxr-xr-x 2 otickadm users 4096 Jan 15 08:59 common
However I can't:
$ cd /jhome/jyun1
-bash: cd: /jhome/jyun1: Permission denied
$ cp /jhome/jyun1/gitworkspace/taq_scripts/sanity_check.py .
cp: cannot stat ‘/jhome/jyun1/gitworkspace/taq_scripts/sanity_check.py’: Permission denied
Wondering if anything else is taking control of this permission.
cd (and read files) requires execute (x) perms on the directory; try 75x to allow others in your group to cd to your directory and/or read your files
I have an application. The processes for the application have cacheusr as user. When I create files in the application I get the following ownership and permission:
aless80> ls -FGlAhpa test.xml
-rwxrw-r-- 1 cacheusr 1.6K Oct 19 16:41 test.xml
My question is: how to make sure the created files have permission 777 by default? I just added aless80 to the cacheusr group, but that does not help.
aless80> groups aless80
aless80 : aless80 adm cdrom sudo dip plugdev staff lpadmin sambashare cacheusr vboxusers
aless80> id aless80
uid=1000(aless80) gid=1000(aless80) groups=1000(aless80),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),50(staff),108(lpadmin),110(sambashare),1001(cacheusr),999(vboxusers)
aless80> groups cacheusr
cacheusr : cacheusr root
aless80> id cacheusr
uid=1001(cacheusr) gid=1001(cacheusr) groups=1001(cacheusr),0(root)
you can control the permissions of newly created files with the umask command:
$ umask u+rwx,g+rwx,o+rwx
$ touch foo; mkdir bar
$ ls -ld foo bar
-rw-rw-rw- 1 user user 0 Oct 20 00:00 foo
drwxrwxrwx 2 user user 1024 Oct 20 00:00 bar
$
I have this old Perl script. This script is working from cron on CentOS 6.4. It creates a temporary directory and is trying to unzip files there.
This is a piece of code:
$lg->li("Creating Directory... \n\t$unzip_dir");
mkdir ($unzip_dir, 0777) or my_die("mkdir $unzip_dir failed") unless (-e $unzip_dir && -d $unzip_dir);
However after execution the directory has weird permissions:
drwxrwsr-x 42 buser agroup 12K Dec 30 09:18 .
drwxrwsr-x 4 buser agroup 4.0K Apr 6 2012 ..
drw-rwSr-- 2 auser agroup 4.0K Dec 28 11:51 tm_unpack_dir_1388412502.20184
The umask for user auser is a 0002.
Why the new directory has no execution permission? Any idea, how this can happen?
The weird permissions are caused by the setgid bit on the parent directory in combination with an unusual umask:
Look at the permissions of the parent directory, the first line:
drwxrwsr-x 42 buser agroup 12K Dec 30 09:18 .
drw-rwSr-- 2 auser agroup 4.0K Dec 28 11:51 tm_unpack_dir_1388412502.20184
Notice it has rwxrwsr-x which means that the setgid bit is set. The setgid bit on a directory causes new files in the directory to be created with the same group as the directory. New directories inherit the setgid bit from their parent.
A umask of 0113 will cause the strange permissions you're seeing. That is an unusual umask, the default is 0022. The umask is set in the environment executing the script, or directly in the script itself.
Don't worry about 0777 after mkdir in your script: mkdir $dir, 0777 means "create $dir without interfering with the present umask". 0777 is the default and can be safely omitted.
Try setting the umask directly in your script:
umask 0022;
$lg->li("Creating Directory... \n\t$unzip_dir");
mkdir ($unzip_dir) or my_die("mkdir $unzip_dir failed") unless (-e $unzip_dir && -d $unzip_dir);
should cause:
drwxrwsr-x 42 buser agroup 12K Dec 30 09:18 .
drwxr-sr-x 2 auser agroup 4.0K Dec 28 11:51 tm_unpack_dir_1388412502.20184
New directory permissions are rwxr-sr-x which is more normal. Notice that the setgid bit is still set because of the parent directory.
Oh, you might wonder why the setgid bit is sometimes lowercase 's' and sometimes uppercase 'S'. That depends on the executable bit. Lowercase s means the executable bit is set, uppercase means it's not set:
$ mkdir foo
$ ls -l
drwxr-xr-x 2 johan johan 4096 Dec 30 17:22 foo
$ chmod g+s foo
$ ls -l
drwxr-sr-x 2 johan johan 4096 Dec 30 17:22 foo
$ chmod g-x foo
$ ls -l
drwxr-Sr-x 2 johan johan 4096 Dec 30 17:22 foo
Your code looks correct to me.
Confirming on my system:
perl -e 'mkdir("foo", 0777);'
drwxr-xr-x 2 user user 512 Dec 30 10:48 foo
mkdir is affected by your umask. A funky umask can do funky things.
What does this yield for you?
perl -e 'printf("%04o\n", umask());'
I get this:
0022
Which is why my folder is created 0755 when I ask for 0777.
I've debugged script and found source of the problem.
The problem caused by tar.gz archive sent to us by one of our submitters. These tar files having directory without execution permission set. I have no idea how they achieve such result.
One more problem - the Gnu Tar have no key to prevent restoring files and directories permissions.
So after extracting archive with wrong permissions I have to recursively set right permissions on the all files and directories in the archive.
Thank you everybody.
It means that the setuid and setgid bits have been set.
The setuid (set user id) is a permission bit, that allows the users to exec a program with the permissions of its owner.
The setgid (set group id) is a bit that allows the user to exec a program with the permissions of the group owner.
http://linuxg.net/how-to-set-the-setuid-and-setgid-bit-for-files-in-linux-and-unix/
I am currently messing around on my linux system and now I have the following situation.
The directory /srv/http has the following permissions set:
drwxrwxr-x 2 root httpdev 80 Jun 13 11:48 ./
drwxr-xr-x 6 root root 152 Mar 26 13:56 ../
-rwxrwxr-x 1 root httpdev 8 Jun 13 11:48 index.html*
I have created the group httpdev before with the command:
groupadd httpdev
and added my user sighter with:
gpasswd -a sighter httpdev
Then I have set the permissions as above using the chown and chmod commands.
But now I am not allowed to modify the index.html file or create a new file, as user sighter ,with touch like that:
<sighter [bassment] ~http> touch hallo.php
touch: cannot touch `hallo.php': Permission denied
What do I understand wrong. I was expecting that I can do what I want there then the group has all the rights.
The following Output is for your information.
<sighter [bassment] ~http> cat /etc/group | grep sighter
...
httpdev:x:1000:sighter
...
The used linux-distro is archlinux.
Adding a user to a group does not affect currently running sessions. So you have to logout and login again or use su - sighter to login.
After this you should be able to do what you want to do.
You're not in the right group. You need to log out and back in again. Also, superuser.