Previous | Table of Contents | Next |
Use the chmod command to change the permissions on a file or directory. Only the owner of a file or superuser can change file and directory permissions.
You can set permissions with the chmod command in one of two ways:
Refer to Table 18-3 on page 416 for the octal values used to set file permissions in absolute mode.
Table 18-7 lists the symbols for setting file permissions in symbolic mode. You can use symbols to specify whose permissions are to be set or changed, the operation to be performed, or the permissions being assigned or changed.
Symbol | Function* | Description |
---|---|---|
u | Who | User (owner) |
g | Who | Group |
o | Who | Others |
A | Who | All |
= | Operation | Assign |
+ | Operation | Add |
- | Operation | Remove |
r | Permission | Read |
w | Permission | Write |
x | Permission | Execute |
l | Permission | Mandatory locking, setgid bit is on, group execution bit is off |
s | Permission | setuid or setgid bit is on |
S | Permission | suid bit is on, user execution bit is off |
t | Permission | Sticky bit is on, execution bit for others is on |
T | Permission | Sticky bit is on, execution bit for others is off |
*The who, operator, and permissions designations in the function column specify the symbols that change the permissions on the file or directory.
Use the following steps to change permissions in absolute mode:
Use the following steps to change permissions in symbolic mode:
The following example changes permissions in absolute mode for the file local.cshrc to 666.
castle% chmod 666 local.cshrc castle% ls -l local.cshrc -rw-rw-rw- 1 winsor staff 124 Sep 12 10:32 local.cshrc castle%
The following example removes read permission from others for the file filea:
castle% chmod o-r filea
The following example adds read and execute permissions for user, group, and others for the file fileb.
castle% chmod a+rx fileb
The following example adds read, write, and execute permissions for group for the file filec.
castle% chmod g=rwx filec
Three special types of permissions are available for executable files and public directories.
When these permissions are set for an executable file, any user who runs that file assumes the permissions of the owner or group of the executable file.
CAUTION! Be extremely careful when setting special permissions because they constitute a security risk. For example, a user can gain superuser permission by executing a program that sets the UID to root.
Monitor your system for any unauthorized use of the setuid and setgid permissions to gain superuser privileges. See "Searching for Files with Special Permissions" for information on how to search for file systems and print out a list of all of the programs using these permissions. A suspicious listing would be one that grants ownership of such a program to a user rather than to bin or sys. Only superuser can set these permissions.
Previous | Table of Contents | Next |