File permission and ownership commands

Basics:

  • u=user (owner), g=groupo=others (world), a=all
  • r=read(4); w=write(2); x=execute(1)
  • 1=x, 2=w, 4=r, 5=rx; 6=rw7=rwx 
  • P.S. For a directory, read and execute (a+rx) permissions need to be granted to a user to list it’s files and cd into it.

chmod:

  • chmod 755 file              (User-> rwx; Group-> rx; Others-> rx)
  • chmod -R 755 dir         (Apply permission recursively)
  • chmod -R a+rwX  dir   (Apply execute permission to dir only)
  • chmod uo+x,g-w file    (User & Other -> execute; Group -> remove write)
  • chmod a+rx
  • chmod u=r,g=w,o=x file
  • chmod ug=x,o=-x file
  • chmod u+s|4777  file      (setuid bit-> execute as owner)
    • -rwSrwxrwx. 1 user user 0 Oct 26 11:44 file
  • chmod g+s|2777 dir        (setgid bit-> child files/dir get same group ownership)
    • drwxrwsrwx. 1 user user 0 Oct 26 11:44 dir
  • chmod o+t |1777 dir        (sticky bit-> Prevents other users from deleting files)
    • drwxrwxrwt. 1 user user 0 Oct 26 11:44 dir

chown:

  • chown   user   file                (Changes user ownership)
  • chown :grp dir                     (Changes group ownership)
  • chown   user:grp dir           (Changes user and group ownership)
  • chown  -R user:grp   dir     (Changes user and group recursively)

chgrp:

  • chgrp   grp  file              (Changes group of a file)
  • chgrp -R grp file            (changes group recursively)

umaks(Get or set the system’s file mode creation mask)

  • umask                (Shows octal value)
  • umask -S           (Shows symbolic value)
  • umask 0022      (Sets umask value)
  • Default value -> 0002
  • Default Permissions:
    • File           -> 0666 (default) – 0002 (umask) = 0664
    • Directory– > 0777 (default) – 0002 (umask) = 0775
  • Change umask persistently:
    • echo “umask 0007” >> .bashrc
  • Change umask for all users persistently in /etc/bashrc and /etc/profile:
    if [ $UID -gt 199 ] && [ “`/usr/bin/id -gn`” = “`/usr/bin/id -un`” ]; then
    umask 0007

setfacl and getfacl: (Set and get ACL of files and directories)

  • getfacl   file|dir                                   (View permission assigned on a file or directory)
  • setfacl  -m  u:user:rwx   file              (Grant permissions for a user on a file)
  • setfacl  -m  g:grp:rwx  file|dir          (Grant permissions for a grp)
  • setfact  -m  d:o:rwx   dir                   (Grant default permission for other users)
  • setfacl  -x   u:user  file                        (Remove permissions for user on file)
  • setfacl  -x   g:grp  file|dir                   (Remove permissions for a grp on a file or dir)
  • setfacl  -x   d:O  dir                              (Remove default permissions)
  • setfacl  –b  -R  file|dir                         (Remove all ACL permissions recursively)
  • tune2fs -l /dev/sdb1 | grep -i “Default mount options:”   (ext4-> user_xatrr acl)

lsattr and chattr(Get and set extended attributes)

  • chattr +|-ia file         (Add/Remove immutable & append-able attributes)
  • lsattr   file

SELinux: (Security-Enhanced Linux)

  • SELinux modes: (/etc/selinux/config OR /etc/sysconfig/selinux)
    • Enforcing:   SELinux security policy is enforced and operative.
    • Permissive: SELinux is enabled but print audits and warnings only.
    • Disabled:     No SELinux policy is loaded.
  • sestatus -v|-b; getenforce
  • setenforce Enforcing (1)|Permissive (0)
  • ls -Z /tmp, ps axZ
  • chcon:
    • chcon -t   httpd_sys_content_t   /var/www/html/file.html 
    • chcon -R –reference=/var/www/html  /http
  • restorecon:
    • restorecon -v file
    • restorecon -rv dir   (restore default SELinux contexts)
  • semanage:  (SELinux Policy Management tool)
    • semanage fcontext -a -t  httpd_sys_content_t   dir; restorecon -rvF dir
    • semanage fcontext -lC     (-C-> customized or modified)
    • semanage boolean -m httpd_use_sasl –on|–off
    • semanage boolean -l C
    • semanage port -m -t http_port_t -p tcp 88
    • semanage port -l C
  • getsebool -a; getsebool ssh_chroot_rw_homedirs
  • setsebool  [-P]  ssh_chroot_rw_homedirs on|off
  • seinfo   -l | -t                                              (-t-> show all types)  
  • sesearch                                                     (package: setools-console)
  • sealert -l uuid
Advertisements

About Ishtiaque

I am IBM Certified Infrastructure Systems Architect, Linux Foundation Certified System Administrator, Oracle Certified Programmer in Java and Web Component Developer, and TOGAF 9 certified with over 10 years of support and development experience in IBM middleware software and Java. Additionally, have a sound grip in databases and OpenStack administration. I hold the following certifications: IBM Certified Infrastructure Systems Architect Linux Foundation Certified System Administrator (LFCS) TOGAF 9 Certified Oracle Certified Expert, Java EE6 Web Component Developer Oracle Certified Professional – Java 6 Programmer ITIL v3 Foundation Certified IBM Certified Solution Architect – Cloud Computing Infrastructure V1 IBM Certified System Administrator – WebSphere Portal V8, V7, V6.1, V6 IBM Certified System Administrator – WebSphere Application Server V7, V6.1 IBM Certified System Administrator – AIX V7 IBM Certified System Administrator – WebSphere MQ V7 IBM Certified Deployment Professional – Business Process Manager Advanced V7.5 IBM Certified Solution Advisor – Cloud Computing Architecture V3 IBM Certified Solution Developer – WebSphere Portal V5.1
This entry was posted in LFCE, LFCS, Linux. Bookmark the permalink.