summaryrefslogtreecommitdiff
path: root/doc/perm.texi
blob: 6b301b82109662596822e6f0851ad58314d37467 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
Each file has a set of @dfn{permissions} that control the kinds of
access that users have to that file.  The permissions for a file are
also called its @dfn{access mode}.  They can be represented either in
symbolic form or as an octal number.

@menu
* Mode Structure::              Structure of file permissions.
* Symbolic Modes::              Mnemonic permissions representation.
* Numeric Modes::               Permissions as octal numbers.
@end menu

@node Mode Structure
@section Structure of File Permissions

There are three kinds of permissions that a user can have for a file:

@enumerate
@item
@cindex read permission
permission to read the file.  For directories, this means permission to
list the contents of the directory.
@item
@cindex write permission
permission to write to (change) the file.  For directories, this means
permission to create and remove files in the directory.
@item
@cindex execute permission
permission to execute the file (run it as a program).  For directories,
this means permission to access files in the directory.
@end enumerate

There are three categories of users who may have different permissions
to perform any of the above operations on a file:

@enumerate
@item
the file's owner;
@item
other users who are in the file's group;
@item
everyone else.
@end enumerate

@cindex owner, default
@cindex group owner, default
Files are given an owner and group when they are created.  Usually the
owner is the current user and the group is the group of the directory
the file is in, but this varies with the operating system, the
file system the file is created on, and the way the file is created.  You
can change the owner and group of a file by using the @command{chown} and
@command{chgrp} commands.

In addition to the three sets of three permissions listed above, a
file's permissions have three special components, which affect only
executable files (programs) and, on some systems, directories:

@enumerate
@item
@cindex setuid
set the process's effective user ID to that of the file upon execution
(called the @dfn{setuid bit}).  No effect on directories.
@item
@cindex setgid
set the process's effective group ID to that of the file upon execution
(called the @dfn{setgid bit}).  For directories on some systems, put
files created in the directory into the same group as the directory, no
matter what group the user who creates them is in.
@item
@cindex sticky
@cindex swap space, saving text image in
@cindex text image, saving in swap space
@cindex restricted deletion flag
save the program's text image on the swap device so it will load more
quickly when run (called the @dfn{sticky bit}).  For directories on some
systems, prevent users from removing or renaming a file in a directory
unless they own the file or the directory; this is called the
@dfn{restricted deletion flag} for the directory.
@end enumerate

In addition to the permissions listed above, there may be file attributes
specific to the file system, e.g: access control lists (ACLs), whether a
file is compressed, whether a file can be modified (immutability), whether
a file can be dumped.  These are usually set using programs
specific to the file system.  For example:
@c should probably say a lot more about ACLs... someday

@table @asis
@item ext2
On GNU and Linux/GNU the file permissions (``attributes'') specific to
the ext2 file system are set using @command{chattr}.

@item FFS
On FreeBSD the file permissions (``flags'') specific to the FFS
file system are set using @command{chrflags}.
@end table

Although a file's permission ``bits'' allow an operation on that file,
that operation may still fail, because:

@itemize
@item
the file-system-specific permissions do not permit it;

@item
the file system is mounted as read-only.
@end itemize

For example, if the immutable attribute is set on a file,
it cannot be modified, regardless of the fact that you
may have just run @code{chmod a+w FILE}.

@node Symbolic Modes
@section Symbolic Modes

@cindex symbolic modes
@dfn{Symbolic modes} represent changes to files' permissions as
operations on single-character symbols.  They allow you to modify either
all or selected parts of files' permissions, optionally based on
their previous values, and perhaps on the current @code{umask} as well
(@pxref{Umask and Protection}).

The format of symbolic modes is:

@example
@r{[}ugoa@dots{}@r{][[}+-=@r{][}rwxXstugo@dots{}@r{]}@dots{}@r{][},@dots{}@r{]}
@end example

The following sections describe the operators and other details of
symbolic modes.

@menu
* Setting Permissions::          Basic operations on permissions.
* Copying Permissions::          Copying existing permissions.
* Changing Special Permissions:: Special permissions.
* Conditional Executability::    Conditionally affecting executability.
* Multiple Changes::             Making multiple changes.
* Umask and Protection::              The effect of the umask.
@end menu

@node Setting Permissions
@subsection Setting Permissions

The basic symbolic operations on a file's permissions are adding,
removing, and setting the permission that certain users have to read,
write, and execute the file.  These operations have the following
format:

@example
@var{users} @var{operation} @var{permissions}
@end example

@noindent
The spaces between the three parts above are shown for readability only;
symbolic modes cannot contain spaces.

The @var{users} part tells which users' access to the file is changed.
It consists of one or more of the following letters (or it can be empty;
@pxref{Umask and Protection}, for a description of what happens then).  When
more than one of these letters is given, the order that they are in does
not matter.

@table @code
@item u
@cindex owner of file, permissions for
the user who owns the file;
@item g
@cindex group, permissions for
other users who are in the file's group;
@item o
@cindex other permissions
all other users;
@item a
all users; the same as @samp{ugo}.
@end table

The @var{operation} part tells how to change the affected users' access
to the file, and is one of the following symbols:

@table @code
@item +
@cindex adding permissions
to add the @var{permissions} to whatever permissions the @var{users}
already have for the file;
@item -
@cindex removing permissions
@cindex subtracting permissions
to remove the @var{permissions} from whatever permissions the
@var{users} already have for the file;
@item =
@cindex setting permissions
to make the @var{permissions} the only permissions that the @var{users}
have for the file.
@end table

The @var{permissions} part tells what kind of access to the file should
be changed; it is zero or more of the following letters.  As with the
@var{users} part, the order does not matter when more than one letter is
given.  Omitting the @var{permissions} part is useful only with the
@samp{=} operation, where it gives the specified @var{users} no access
at all to the file.

@table @code
@item r
@cindex read permission, symbolic
the permission the @var{users} have to read the file;
@item w
@cindex write permission, symbolic
the permission the @var{users} have to write to the file;
@item x
@cindex execute permission, symbolic
the permission the @var{users} have to execute the file.
@end table

For example, to give everyone permission to read and write a file,
but not to execute it, use:

@example
a=rw
@end example

To remove write permission for from all users other than the file's
owner, use:

@example
go-w
@end example

@noindent
The above command does not affect the access that the owner of
the file has to it, nor does it affect whether other users can
read or execute the file.

To give everyone except a file's owner no permission to do anything with
that file, use the mode below.  Other users could still remove the file,
if they have write permission on the directory it is in.

@example
go=
@end example

@noindent
Another way to specify the same thing is:

@example
og-rxw
@end example

@node Copying Permissions
@subsection Copying Existing Permissions

@cindex copying existing permissions
@cindex permissions, copying existing
You can base a file's permissions on its existing permissions.  To do
this, instead of using @samp{r}, @samp{w}, or @samp{x} after the
operator, you use the letter @samp{u}, @samp{g}, or @samp{o}.  For
example, the mode
@example
o+g
@end example
@noindent
adds the permissions for users who are in a file's group to the
permissions that other users have for the file.  Thus, if the file
started out as mode 664 (@samp{rw-rw-r--}), the above mode would change
it to mode 666 (@samp{rw-rw-rw-}).  If the file had started out as mode
741 (@samp{rwxr----x}), the above mode would change it to mode 745
(@samp{rwxr--r-x}).  The @samp{-} and @samp{=} operations work
analogously.

@node Changing Special Permissions
@subsection Changing Special Permissions

@cindex changing special permissions
In addition to changing a file's read, write, and execute permissions,
you can change its special permissions.  @xref{Mode Structure}, for a
summary of these permissions.

To change a file's permission to set the user ID on execution, use
@samp{u} in the @var{users} part of the symbolic mode and
@samp{s} in the @var{permissions} part.

To change a file's permission to set the group ID on execution, use
@samp{g} in the @var{users} part of the symbolic mode and
@samp{s} in the @var{permissions} part.

To change a file's permission to stay permanently on the swap device,
use @samp{o} in the @var{users} part of the symbolic mode and
@samp{t} in the @var{permissions} part.

For example, to add set user ID permission to a program,
you can use the mode:

@example
u+s
@end example

To remove both set user ID and set group ID permission from
it, you can use the mode:

@example
ug-s
@end example

To cause a program to be saved on the swap device, you can use
the mode:

@example
o+t
@end example

Remember that the special permissions only affect files that are
executable, plus, on some systems, directories (on which they have
different meanings; @pxref{Mode Structure}).
Also, the combinations @samp{u+t}, @samp{g+t}, and @samp{o+s} have no effect.

The @samp{=} operator is not very useful with special permissions; for
example, the mode:

@example
o=t
@end example

@noindent
does cause the file to be saved on the swap device, but it also
removes all read, write, and execute permissions that users not in the
file's group might have had for it.

@node Conditional Executability
@subsection Conditional Executability

@cindex conditional executability
There is one more special type of symbolic permission: if you use
@samp{X} instead of @samp{x}, execute permission is affected only if the
file already had execute permission or is a directory.  It affects
directories' execute permission even if they did not initially have any
execute permissions set.

For example, this mode:

@example
a+X
@end example

@noindent
gives all users permission to execute files (or search directories) if
anyone could before.

@node Multiple Changes
@subsection Making Multiple Changes

@cindex multiple changes to permissions
The format of symbolic modes is actually more complex than described
above (@pxref{Setting Permissions}).  It provides two ways to make
multiple changes to files' permissions.

The first way is to specify multiple @var{operation} and
@var{permissions} parts after a @var{users} part in the symbolic mode.

For example, the mode:

@example
og+rX-w
@end example

@noindent
gives users other than the owner of the file read permission and, if
it is a directory or if someone already had execute permission
to it, gives them execute permission; and it also denies them write
permission to the file.  It does not affect the permission that the
owner of the file has for it.  The above mode is equivalent to
the two modes:

@example
og+rX
og-w
@end example

The second way to make multiple changes is to specify more than one
simple symbolic mode, separated by commas.  For example, the mode:

@example
a+r,go-w
@end example

@noindent
gives everyone permission to read the file and removes write
permission on it for all users except its owner.  Another example:

@example
u=rwx,g=rx,o=
@end example

@noindent
sets all of the non-special permissions for the file explicitly.  (It
gives users who are not in the file's group no permission at all for
it.)

The two methods can be combined.  The mode:

@example
a+r,g+x-w
@end example

@noindent
gives all users permission to read the file, and gives users who are in
the file's group permission to execute it, as well, but not permission
to write to it.  The above mode could be written in several different
ways; another is:

@example
u+r,g+rx,o+r,g-w
@end example

@node Umask and Protection
@subsection The Umask and Protection

@cindex umask and modes
@cindex modes and umask
If the @var{users} part of a symbolic mode is omitted, it defaults to
@samp{a} (affect all users), except that any permissions that are
@emph{set} in the system variable @code{umask} are @emph{not affected}.
The value of @code{umask} can be set using the
@code{umask} command.  Its default value varies from system to system.

@cindex giving away permissions
Omitting the @var{users} part of a symbolic mode is generally not useful
with operations other than @samp{+}.  It is useful with @samp{+} because
it allows you to use @code{umask} as an easily customizable protection
against giving away more permission to files than you intended to.

As an example, if @code{umask} has the value 2, which removes write
permission for users who are not in the file's group, then the mode:

@example
+w
@end example

@noindent
adds permission to write to the file to its owner and to other users who
are in the file's group, but @emph{not} to other users.  In contrast,
the mode:

@example
a+w
@end example

@noindent
ignores @code{umask}, and @emph{does} give write permission for
the file to all users.

@node Numeric Modes
@section Numeric Modes

@cindex numeric modes
@cindex file permissions, numeric
@cindex octal numbers for file modes
File permissions are stored internally as integers.  As an
alternative to giving a symbolic mode, you can give an octal (base 8)
number that corresponds to the internal representation of the new mode.
This number is always interpreted in octal; you do not have to add a
leading 0, as you do in C.  Mode 0055 is the same as mode 55.

A numeric mode is usually shorter than the corresponding symbolic
mode, but it is limited in that it cannot take into account a file's
previous permissions; it can only set them absolutely.

On most systems, the permissions granted to the user,
to other users in the file's group,
and to other users not in the file's group are each stored as three
bits, which are represented as one octal digit.  The three special
permissions are also each stored as one bit, and they are as a group
represented as another octal digit.  Here is how the bits are arranged,
starting with the lowest valued bit:

@example
Value in  Corresponding
Mode      Permission

          Other users not in the file's group:
   1      Execute
   2      Write
   4      Read

          Other users in the file's group:
  10      Execute
  20      Write
  40      Read

          The file's owner:
 100      Execute
 200      Write
 400      Read

          Special permissions:
1000      Save text image on swap device
2000      Set group ID on execution
4000      Set user ID on execution
@end example

For example, numeric mode 4755 corresponds to symbolic mode
@samp{u=rwxs,go=rx}, and numeric mode 664 corresponds to symbolic mode
@samp{ug=rw,o=r}.  Numeric mode 0 corresponds to symbolic mode
@samp{ugo=}.