Skip to content

Latest commit

 

History

History
119 lines (78 loc) · 3.33 KB

file-permissions.md

File metadata and controls

119 lines (78 loc) · 3.33 KB

Special File Permissions & umask

Special File Permissions

In addition to the standard read (r), write (w), and execute (x) permissions, Linux supports special permissions that affect how files and directories are accessed and executed.

Setuid (Set User ID)

  • Description:
    When set on an executable file, this permission allows the process to run with the permissions of the file's owner, rather than the user who launched the process.

  • Symbol:
    s in the owner’s execute position.

  • Example:

    chmod u+s /usr/bin/program
    • Sets the setuid bit on /usr/bin/program.

  • Effect:
    The process will run with the permissions of the file's owner (often root), not the user executing the file.

Setgid (Set Group ID)

  • Description:
    When set on a file, the process runs with the permissions of the file's group. When set on a directory, files created within the directory inherit the group ownership of the directory, not the user's current group.

  • Symbol:
    s in the group’s execute position for directories; s in the group’s execute position for files.

  • Example (File):

    chmod g+s /path/to/file
    • Sets the setgid bit on a file.

  • Example (Directory):

    chmod g+s /path/to/directory
    • Sets the setgid bit on a directory.

  • Effect:
    Files created in the directory will have the group ownership of the directory.

Sticky Bit

  • Description:
    When set on a directory, only the file owner, directory owner, or root user can delete or rename files within the directory.

  • Symbol:
    t in the others' execute position.

  • Example:

    chmod +t /path/to/directory
    • Sets the sticky bit on a directory.

  • Effect:
    Enhances security by ensuring only the file’s owner or root can delete or rename the file.

umask

  • Description:
    umask sets default permissions for newly created files and directories by specifying which permissions should be masked out (i.e., removed).

  • Default Permissions:

    • Files: 666 (rw-rw-rw-)
    • Directories: 777 (rwxrwxrwx)

  • Syntax:

    umask [mask]

  • Common Masks:

    • 022: Default for many systems, creates files with permissions 644 (rw-r--r--) and directories with 755 (rwxr-xr-x). 
      umask 022
    • 077: Restricts permissions more, creating files with 600 (rw-------) and directories with 700 (rwx------). 
      umask 077

  • Examples:

    • Setting umask to 027:

      umask 027
      • Creates files with 640 (rw-r-----) and directories with 750 (rwxr-x---).

    • Viewing Current umask:

      umask
      • Displays the current umask value.

  • Effect:

    • umask determines default permissions when a file or directory is created, influencing security and access control for new files and directories.

Summary

Special file permissions and umask settings are essential for managing file access and security in Linux. Setuid, setgid, and sticky bit permissions provide advanced control over how files and directories are accessed, while umask sets default permission levels for newly created files and directories. Proper use of these features enhances system security and ensures appropriate access control.