Linux permissions cheatsheet

written by Maxim Chernyak on 15 Jun, 14

chmod [a]bcd

bit	scope	description
a		sticky:1, setgid:2, setuid:4 (optional, default: 0)
b	owner	x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7
c	group	x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7
d	everyone	x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7

• Note: only file/dir owner can chmod it
• Note: scripts need both x and r permissions to execute (that’s because scripts are read into interpreter)
  (only r is enough if ran via ruby script.rb, sh script.sh)

files

bit setting	meaning
sticky on files	no effect
setgid on execable binaries	no matter who executes, process runs as file’s group
setuid on execable binaries	no matter who executes, process runs as file’s owner
setuid/setgid on scripts	ignored due to security issues
setuid/setgid on non-execables	no effect1

Warning: setuid is dangerous

directories

bit setting	meaning
x on dirs	cd, stat (e.g. ls -l), inode lookup (access files)
w on dirs	add/delete/rename files (requires x for inode lookup)
r on dirs	ls

• Note: having xw on a dir is enough to delete any file in it (unless it has sticky bit)

sticky on dirs

• only used when writable by group/everyone
• files in dir can only be edited/deleted by their owner (think /tmp)
• symlinks only work if target is within this dir

setgid on dirs

• all files/subdirs created by anyone in this dir inherit its group
• all subdirs inherit this bit when created

setuid on dirs

• no effect

sources

• https://en.wikipedia.org/wiki/Chmod
• http://content.hccfl.edu/pollock/AUnix1/FilePermissions.htm
• http://major.io/2007/02/13/chmod-and-the-mysterious-first-octet/

comments powered by Disqus