In Linux, It is easy to display file permissions for directories and files for the currently logged-in user from the console.
But can I display the permissions for another user, and any user and any group?
Like something similar to what in Windows is displayed in the "Security" tab in the property window for a file or directory, i.e. it is listing each user which has any rights to that file and what rights he has or doesn't have:
Example of what could be desired output:
/etc/multifile
-rwx------- admin1
-rwx------- admin2
-r--------- john
I have been searching in vain for something like that in Linux. Can you even assign rights to multiple users?
Or does that then exceed the abilities of the "Unix permissions" and it's time to go into ACLs and this sort of thing?
display files with its permissions
stat -c '%a - %n' directory/*
The permissions you see would be the same thing visible to all users.
And the file's permissions are also dependent on the parent directory's permissions.
You can list a file only if the parent directory has both read and execute permission bits for your user or group.
You can view the file only if the parent directory has a write permission bit for your user or group.
And yes the permission bit in others apply to all users.
If you can reorganize your users and groups correctly, you should be able to achieve most of the file permission and access control that you're looking for.
Read more about each of the permission bits here: http://www.tuxfiles.org/linuxhelp/filepermissions.html
Normally there no other permissions to see than the ones you see with
ls -l .
However in some special cases there might be some extra information not shown with the
ls command.
If ls -l shows a plus after the attributes like this:
-rw-r--r--+ 1 tusk tusk 202 2012-03-04 19:31 sfc.txt
Then try getfacl <file> to see the rest of the permission.
Related
On my school directory when I ls -l (running Fedora) I see that I have a ton of files and directories owned by me, but one specific directory is owned by someone else. I recall a few months ago I tried copying that directory to my own as it had 744 privileges by that user. For some reason that user owns the directory in my home directory with 700 privileges so I cannot delete the directory. My home directory has 700 privileges.
Anyone know why something like this could have happened and how I can prevent it form happening in the future? Also, how should I go about deleting these files in my home directory? If needed I can contact IT but I want to see if there is anything I can do without contacting them.
Yellow is my user, red is the foreign user
Two possible options IMHO:
Check the permissions of your /home/YELLOW folder, if it
has o+w, or g+w, someone (the user
listed as the owner of the directory) may have created it there.
root did it. It doesn't make much sense for you, so probably if he/she did, it was by mistake (for example, performing some backup-and-restore administration and so on).
Normally permission for deletion of things in unix filesytems are grabbed from
the parent folder, so, you need to have "write permission" in a folder
to create or remove files (unless there is sticky bit in action);
directories are just special type of files so the rules still applies.
If the directory is empty, a simple rmdir p2Testing or rm -rf p2Testing would be enough. But, if the directory has files and
sub-directories, you won't have permissions to modify or delete them
(look at the drwx------), and only someone with more powers will be
able to do it for you (e.g. root, or the owner if he still have +w in
/home/YELLOW).
When I install Cygwin, the default location is c:\cygwin and after I open a Cygwin terminal, it creates my home folder in C:\cygwin\home\ which the Everyone group has read access to by default. So, if I create a diary in vim and save it to my profile, all users of the computer I'm logged on to can read my diary. Obviously this is not the default option for normal Windows profiles, so I'm wondering what the logic is behind Cygwin's default home directory permissions, so I can use it the way it is meant to be used. Thanks!
There are differences between the permission structures of windows and cygwin.
You can protect your diary by specifying its permission in windows using right click.
You can then check its permissions in cygwin using:
ls -l diary.txt
chmod 0600 diary.txt
ls -l diary.txt
Then login the same machine as a different (test) user and see if you read the file under windows, and in cygwin.
For people interested in this topic, it probably goes back to a setting called UMASK on linux, which specifies default permissions for new files. The default value of "022" means "take away no permissions from the owner, and take away write permissions from the group and the rest of the world" which means that file owners have full access, everyone else has read access.
They say it's to make it easier to share files with other users. I say it's obvious that this logic predates times when we had web browsers and other tools capable of saving passwords to disk.
Have a folder and files as follows:
Folder:
drwxrwxrwx 3 me 153157 8 Aug 17 14:17 Nugget
File within Nugget:
...
-rw-rw-r-- 1 web web 24 Aug 17 14:17 nugget.php
I need to change permissions on nugget.php to 777 as per the documentation.
$ chmod 777 nugget.php
chmod: nugget.php: Operation not permitted
Suggestions?
You could do this as root but I suggest to sit back and think about it for a moment. Anyone with access to your computer will be able to change this file in any way. Crackers get paid money to find files like that and abuse them.
Usually, your problem is that the web app needs to read the file and some user needs to be able to write it. In this case, chown the file to the user and leave the group as web and set the permissions to 640 (local user can read+write, web can only read).
Unless you are in group web, you do not have permissions to write that file. If you own the system, you can use sudo to accomplish what you need. However, if you had sudo access, you probably wouldn't be asking.
Since you own the directory, you can delete the file. So one workaround would be: save the text of the file somewhere else (in another window). Delete the file. Recreate the file in an editor, pasting in the text. Save. That should do it. However, it's possible since this is a script that doing this would break the script (it might need to run as user 'web').
The safest alternative is to ask the system administrator to add you to the group "web", or else to have him or her change the group of the file to a group that you are in.
Your account (the one you logged in as) does not seem to have permissions on that file.
It's owned by "web", and you're not logged in as that user or that group. The permissions on that file for accounts that are not the owner or that do not belong to the web group are listed as "r--", which means the account that you logged in as can only read it.
So, login as root or "web" and perform the same operations.
sudo chmod 777 nugget.php ??
I want to share a folder among all users of a group : dev. So that all files are regardless of the owner can be edited by anyone in the group.
I have created the shared folder and set the respective permissions to the folder.
When a user creates a new file in that folder it belongs to owner:dev
But the permission for the files are rw-r--r--
So other users who belong the same group are not able to edit the files.
Like default group become "dev" how can I set the default permission for the files created in that directory.
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
This really belongs on serverfault and I already mentioned there's almost an exact duplicate there, but anyway there's a nice little solution you can use, which is the FUSE bindfs module (there's a package in ubuntu). You use it to mount one directory onto another mountpoint and can set things such as the default permissions of any files created here, their owner, group and the permissions of files already in the directory (which is what you seem to want).
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
That's the only way to do it, unless those "other tools" are themselves able to adjust permissions.
If you have root access, you can set the default umask for everyone to 002 from /etc/bashrc (assuming bash the default shell for the users in question).
A hack (and this is less preferable to umask) is to setup a cron job that will run every minute and do a chmod -R g+w <dir>.
I am a bit lost with Linux file and directory permissions. What I would like to do is have one user be able to create, delete, and rename directories, while other users are not able to do so, but they should be able to read and write to the directories as well as traverse them.
So group 'storage' has access to directory /workspace, those are the users which are not supposed to be able to create, delete, or rename directories. Group 'storageAdmin' also has access to directory /workspace, but is able to create, delete, or rename directories within.
Whenever 'storageAdmin' creates a new directory it should automatically be accessible to 'storage' such that they can read and write files within it.
Am I correct in that /workspace needs to be owned by 'storageAdmin' and be set to chmod 775 for this to work properly?
The correct permissions are 2775, setting the set gid bit too. This causes new files and directories to inherit the parent's permissions, owner and group.
Be aware though, that the standard unix permissions do not allow you to restrict access to the directory to the storage group after chgrping it to storageAdmin. Everyone has access now according to the other permission set.
Use Posix ACLs or SE Linux if you really need more fine grained access controls.