File permission and ownership commands

Basics:

  • u=user (owner), g=groupo=others (world), a=all
  • r=read(4); w=write(2); x=execute(1)
  • 1=x, 2=w, 4=r, 5=rx; 6=rw7=rwx 

chmod:

  • chmod 755 file             (User-> rwx; Group-> rx; Others-> rx)
  • chmod -R 755 dir        (Apply permission recursively)
  • chmod uo+x,g-w file   (User & Other -> execute; Group -> remove write)
  • chmod a+rx
  • chmod u=r,g=w,o=x file
  • chmod ug=x,o=-x file
  • chmod u+s|4777  file               (setuid bit-> execute as owner)
  • chmod g+s|2777 dir                 (setgid bit-> child files/dir get same group ownership)
  • chmod   +t |1777  file|dir        (sticky bit-> Only owner can delete files/dir)

chown:

  • chown   user   file                (Changes user ownership)
  • chown   user:grp dir           (Changes user and group ownership together)
  • chown  -R user:grp   dir     (Changes user and group recursively)
  • chown :grp dir                     (Changes group ownership)

chgrp:

  • chgrp   grp  file              (Changes group of a file)
  • chgrp -R grp file            (changes group recursively)

umaks(Get or set the system’s file mode creation mask)

  • umask                (Shows octal value)
  • umask -S           (Shows symbolic value)
  • umask 0022      (Sets umask value)
  • Default value -> 0002
  • Default Permissions:
    • File           -> 0666 (default) – 0002 (umask) = 0664
    • Directory– > 0777 (default) – 0002 (umask) = 0775

setfacl and getfacl: (Set and get ACL of files and directories)

  • getfacl   file|dir                                   (View permission assigned on a file or directory)
  • setfacl  -m  u:user:rwx   file              (Grant permissions for a user on a file)
  • setfacl  -m  g:grp:rwx  file|dir          (Grant permissions for a grp)
  • setfact  -m  d:o:rwx     file|dir          (Grant default permission for other users)
  • setfacl  -x   u:user  file                        (Remove permissions for user on file)
  • setfacl  -x   g:grp  file|dir                   (Remove permissions for a grp on a file or dir)
  • setfacl  –b   file|dir                              (Remove all ACL permissions) 

lsattr and chattr(Get and set extended attributes)

  • chattr +|-ia file         (Add/Remove immutable & append-able attributes)
  • lsattr   file

SELinux: (Security-Enhanced Linux)

  • SELinux modes: (/etc/sysconfig/selinux)
    • Enforcing:   SELinux security policy is enforced and operative.
    • Permissive: SELinux is enabled but print audits and warnings only.
    • Disabled:     No SELinux policy is loaded.
  • sestatus -v|-b; getenforce
  • setenforce Enforcing (1)|Permissive (0)
  • ls -Z /tmp, ps axZ
  • restorecon -v file; restorecon -rv dir   (restore default SELinux contexts)
  • chcon -t httpd_sys_content_t /var/www/html/file.html 
  • semanage:  (SELinux Policy Management tool)
    • semanage fcontext -a -t  httpd_sys_content_t dir; restorecon -RFv dir
    • semanage boolean -l [-C]                               (-C customized)
    • semanage boolean -m httpd_use_sasl –on
  • getsebool -a; getsebool ssh_chroot_rw_homedirs
  • setsebool  [-P]  ssh_chroot_rw_homedirs on|off
  • sealert -l uuid
Advertisements

About Ishtiaque

I am IBM Certified Infrastructure Systems Architect, TOGAF 9 Certified, ITIL V3 Foundation certified and Oracle Certified Export in Java Web Component Developer with over 10 years of support and development experience in IBM middleware software and Java. Additionally, have a sound grip in databases, Linux and OpenStack administration. I hold the following certifications: IBM Certified Infrastructure Systems Architect TOGAF 9 Certified Oracle Certified Expert, Java EE6 Web Component Developer Oracle Certified Professional – Java 6 Programmer ITIL v3 Foundation Certified IBM Certified Solution Architect – Cloud Computing Infrastructure V1 IBM Certified System Administrator – WebSphere Portal V8, V7, V6.1, V6 IBM Certified System Administrator – WebSphere Application Server V7, V6.1 IBM Certified System Administrator – AIX V7 IBM Certified System Administrator – WebSphere MQ V7 IBM Certified Deployment Professional – Business Process Manager Advanced V7.5 IBM Certified Solution Advisor – Cloud Computing Architecture V3 IBM Certified Solution Developer – WebSphere Portal V5.1
This entry was posted in LFCS, Linux. Bookmark the permalink.