Thursday, October 27, 2005

Computer Security: CHMOD reference and examples

chmod (change modifications) is an important utility. Unfortunately many Linux users don't take the time to fully understand chmod



Three Types of files:



d — a directory
- (dash) — a regular file (rather than directory or link)
l — a symbolic link to another program or file elsewhere on the system


Permission "modes"



r — file can be read
w — file can be written to
x — file can be executed (if it is a program)
- (dash) — specific permission has not been assigned


give others write permission


chmod o+w sneakers.txt


remove read and write permissions for the group and for others


chmod go-rw computers.txt


Permission Identities


u — the user who owns the file (that is, the owner)
g — the group to which the user belongs
o — others (not the owner or the owner's group)
a — everyone or all (u, g, and o)


Permission Actions



+ — adds the permission
- — removes the permission
= — makes it the only permission


Remove all permissions


chmod a-rwx halloween.txt



chmod common usage



g+w — adds write access for the group
o-rwx — removes all permissions for others
u+x — allows the file owner to execute the file
a+rw — allows everyone to read and write to the file
ug+r — allows the owner and group to read the file
g=rx — allows only the group to read and execute (not write)



Perform action recursively


chmod -R ....




Numeric Permissions



# read + write = 4+2 = 6
r = 4
w = 2
x = 1
- = 0


Common Numeric Values



-rw------- (600) — Only the owner has read and write permissions.
-rw-r--r-- (644) — Only the owner has read and write permissions; the group and others have read only.
-rwx------ (700) — Only the owner has read, write, and execute permissions.
-rwxr-xr-x (755) — The owner has read, write, and execute permissions; the group and others have only read and execute.
-rwx--x--x (711) — The owner has read, write, and execute permissions; the group and others have only execute.
-rw-rw-rw- (666) — Everyone can read and write to the file. (Be careful with these permissions.)
-rwxrwxrwx (777) — Everyone can read, write, and execute. (Again, this permissions setting can be hazardous.)


Common directory settings



drwx------ (700) — Only the user can read, write in this directory.
drwxr-xr-x (755) — Everyone can read the directory; users and groups have read and execute permissions.



I hope this reference from RHEL SAG3 is useful. You can post a comment, read entries on my blog, or read more Computers and Internet blogs.

by Frank @ 2:09 PM   0 comments

0 Comments:

Post a Comment

<< Home