[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
slackbook:filesystem_permissions [2012/09/12 21:31 (UTC)] – updated code block to syntax highlighting mfillpotslackbook:filesystem_permissions [2012/10/15 22:28 (UTC)] (current) – [SUID, SGID, and the Sticky Bit] gerardo.zamudio
Line 12: Line 12:
  
  
-<code bash>+<code>
 darkstar:~$ ls -l /bin/ls darkstar:~$ ls -l /bin/ls
 -rwxr-xr-x 1 root root 81820 2007-06-08 21:12 /bin/ls -rwxr-xr-x 1 root root 81820 2007-06-08 21:12 /bin/ls
Line 23: Line 23:
 case, the permissions are rwxr-xr-x, the user is root and the group is case, the permissions are rwxr-xr-x, the user is root and the group is
 also root. The permissions section, while grouped together, is really also root. The permissions section, while grouped together, is really
-three seperate pieces. The first set of three letters are the+three separate pieces. The first set of three letters are the
 permissions granted to the user that owns the file. The second set of permissions granted to the user that owns the file. The second set of
 three are those granted to the group owner, and the final three are three are those granted to the group owner, and the final three are
Line 36: Line 36:
 |Others |r-x |Everyone else may read and execute| |Others |r-x |Everyone else may read and execute|
  
-he permissions are pretty self explainatory of course, at least for+The permissions are pretty self explanatory of course, at least for
 files. Read, write, and execute allow you to read a file, write to it, files. Read, write, and execute allow you to read a file, write to it,
 or execute it. But what do these permissions mean for directories? or execute it. But what do these permissions mean for directories?
Line 51: Line 51:
  
  
-<code bash>+<code>
 darkstar:~$ ls -ld /home/alan darkstar:~$ ls -ld /home/alan
 drwxr-x--- 60 alan users 3040 2008-06-06 17:14 /home/alan/ drwxr-x--- 60 alan users 3040 2008-06-06 17:14 /home/alan/
Line 76: Line 76:
  
  
-<code bash>+<code>
 darkstar:~# ls -l /tmp/foo darkstar:~# ls -l /tmp/foo
 total 0 total 0
Line 93: Line 93:
  
  
-<code bash>+<code>
 darkstar:~# chown root:root /tmp/foo/b darkstar:~# chown root:root /tmp/foo/b
 darkstar:~#  ls -l /tmp/foo darkstar:~#  ls -l /tmp/foo
Line 108: Line 108:
  
  
-<code bash>+<code>
 darkstar:~# chown -R root:root /tmp/foo/b</code> darkstar:~# chown -R root:root /tmp/foo/b</code>
  
Line 116: Line 116:
  
  
-<code bash>+<code>
 darkstar:~# chown :wheel /tmp/foo/a darkstar:~# chown :wheel /tmp/foo/a
 darkstar:~# ls -l /tmp/foo darkstar:~# ls -l /tmp/foo
Line 166: Line 166:
 By adding these values together, we can reach any number between 0 and By adding these values together, we can reach any number between 0 and
 7 and specify all possible permission combinations. For example, to 7 and specify all possible permission combinations. For example, to
-grant both read and write privilages while denying execute, we would+grant both read and write privileges while denying execute, we would
 use the number 6. The number 3 would grant write and execute use the number 6. The number 3 would grant write and execute
 permissions, but deny the ability to read the file. We must specify a permissions, but deny the ability to read the file. We must specify a
Line 174: Line 174:
  
  
-<code bash>+<code>
 darkstar:~# ls -l /tmp/foo/a darkstar:~# ls -l /tmp/foo/a
 -rw-r--r-- 1 root root  0 2008-06-06 22:29 a -rw-r--r-- 1 root root  0 2008-06-06 22:29 a
Line 205: Line 205:
 group, and //"o"// for all others. You must also specify whether you are group, and //"o"// for all others. You must also specify whether you are
 adding or removing permissions with the //"+"// and //"-"// signs. Multiple adding or removing permissions with the //"+"// and //"-"// signs. Multiple
-sets can be changed at once by seperating each with a comma.+sets can be changed at once by separating each with a comma.
  
  
-<code bash>+<code>
 darkstar:/tmp/foo# ls -l darkstar:/tmp/foo# ls -l
 total 0 total 0
Line 224: Line 224:
 -rwxr-x--- 1 alan users 0 2008-06-06 23:37 c* -rwxr-x--- 1 alan users 0 2008-06-06 23:37 c*
 -r-xr----- 1 alan users 0 2008-06-06 23:37 d* -r-xr----- 1 alan users 0 2008-06-06 23:37 d*
-</code bash>+</code>
  
  
Line 250: Line 250:
  
  
-<code bash>+<code>
 darkstar:~# ls -l /usr/bin/passwd \ darkstar:~# ls -l /usr/bin/passwd \
   /etc/passwd \   /etc/passwd \
Line 268: Line 268:
 soon as you look at the two files it modifies. Neither soon as you look at the two files it modifies. Neither
 ''/etc/passwd'' nor ''/etc/shadow'' ''/etc/passwd'' nor ''/etc/shadow''
-are writeable by anyone other than root. Since users need to change+are writable by anyone other than root. Since users need to change
 their personal information, **//passwd//** must be their personal information, **//passwd//** must be
 run as root in order to modify those files. run as root in order to modify those files.
Line 282: Line 282:
  
  
-<code bash>+<code>
 darkstar:~# ls -ld /tmp darkstar:~# ls -ld /tmp
 drwxrwxrwt 1 root root   34844 2008-03-24 16:11 /tmp drwxrwxrwt 1 root root   34844 2008-03-24 16:11 /tmp
Line 288: Line 288:
  
  
-Naturally, being a directory for the storage of temporary files sytem +Naturally, being a directory for the storage of temporary files system 
-wide, ''/tmp'' needs to be readable, writeable, and+wide, ''/tmp'' needs to be readable, writable, and
 executable by anyone and everyone. Since any user is likely to have a executable by anyone and everyone. Since any user is likely to have a
 file or two stored here at any time, it only makes good sense to file or two stored here at any time, it only makes good sense to
Line 298: Line 298:
  
 **Table 10.5. SUID, SGID, and "Sticky" Permissions** **Table 10.5. SUID, SGID, and "Sticky" Permissions**
-^Permission ^Type ^Octal Value ^Letter Value|+^Permission Type ^Octal Value ^Letter Value|
 |SUID |4 |s| |SUID |4 |s|
 |SGID |2 |s| |SGID |2 |s|
Line 311: Line 311:
  
  
-<code bash>+<code>
 darkstar:~# chmod 1777 /tmp darkstar:~# chmod 1777 /tmp
 darkstar:~# chmod 4711 /usr/bin/passwd darkstar:~# chmod 4711 /usr/bin/passwd
Line 322: Line 322:
  
  
-<code bash>+<code>
 darkstar:~# chmod ug+rwx,o+rwt /tmp darkstar:~# chmod ug+rwx,o+rwt /tmp
 darkstar:~# chmod u+rws,go+x /usr/bin/passwd darkstar:~# chmod u+rws,go+x /usr/bin/passwd
Line 337: Line 337:
 <!-- Authors are allowed to give credit to themselves! --> <!-- Authors are allowed to give credit to themselves! -->
   * Originally written by Alan Hicks, Chris Lumens, David Cantrell, Logan Johnson   * Originally written by Alan Hicks, Chris Lumens, David Cantrell, Logan Johnson
-<!-- * Contrbutions by [[wiki:user:yyy | User Y]] -->+<!-- * Contributions by [[wiki:user:yyy | User Y]] -->
  
 <!-- Please do not modify anything below, except adding new tags.--> <!-- Please do not modify anything below, except adding new tags.-->
 <!-- You must also remove the tag-word "template" below. Otherwise your page will not show up in the Table of Contents --> <!-- You must also remove the tag-word "template" below. Otherwise your page will not show up in the Table of Contents -->
 {{tag>slackbook filesystem permissions suid sgid sticky_bit chmod chown chgrp}} {{tag>slackbook filesystem permissions suid sgid sticky_bit chmod chown chgrp}}
 slackbook:filesystem_permissions ()