perm.texi 16 KB

  1. @c File mode bits
  2. @c Copyright (C) 1994--2021 Free Software Foundation, Inc.
  3. @c Permission is granted to copy, distribute and/or modify this document
  4. @c under the terms of the GNU Free Documentation License, Version 1.3 or
  5. @c any later version published by the Free Software Foundation; with no
  6. @c Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
  7. @c Texts. A copy of the license is included in the ``GNU Free
  8. @c Documentation License'' file as part of this distribution.
  9. Each file has a set of @dfn{permissions} that control the kinds of
  10. access that users have to that file. The permissions for a file are
  11. also called its @dfn{access mode}. They can be represented either in
  12. symbolic form or as an octal number.
  13. @menu
  14. * Mode Structure:: Structure of file permissions.
  15. * Symbolic Modes:: Mnemonic permissions representation.
  16. * Numeric Modes:: Permissions as octal numbers.
  17. @end menu
  18. @node Mode Structure
  19. @section Structure of File Permissions
  20. There are three kinds of permissions that a user can have for a file:
  21. @enumerate
  22. @item
  23. @cindex read permission
  24. permission to read the file. For directories, this means permission to
  25. list the contents of the directory.
  26. @item
  27. @cindex write permission
  28. permission to write to (change) the file. For directories, this means
  29. permission to create and remove files in the directory.
  30. @item
  31. @cindex execute permission
  32. permission to execute the file (run it as a program). For directories,
  33. this means permission to access files in the directory.
  34. @end enumerate
  35. There are three categories of users who may have different permissions
  36. to perform any of the above operations on a file:
  37. @enumerate
  38. @item
  39. the file's owner;
  40. @item
  41. other users who are in the file's group;
  42. @item
  43. everyone else.
  44. @end enumerate
  45. @cindex owner, default
  46. @cindex group owner, default
  47. Files are given an owner and group when they are created. Usually the
  48. owner is the current user and the group is the group of the directory
  49. the file is in, but this varies with the operating system, the
  50. file system the file is created on, and the way the file is created. You
  51. can change the owner and group of a file by using the @command{chown} and
  52. @command{chgrp} commands.
  53. In addition to the three sets of three permissions listed above, a
  54. file's permissions have three special components, which affect only
  55. executable files (programs) and, on some systems, directories:
  56. @enumerate
  57. @item
  58. @cindex setuid
  59. Set the process's effective user ID to that of the file upon execution
  60. (called the @dfn{setuid bit}). No effect on directories.
  61. @item
  62. @cindex setgid
  63. Set the process's effective group ID to that of the file upon execution
  64. (called the @dfn{setgid bit}). For directories on some systems, put
  65. files created in the directory into the same group as the directory, no
  66. matter what group the user who creates them is in.
  67. @item
  68. @cindex sticky
  69. @cindex swap space, saving text image in
  70. @cindex text image, saving in swap space
  71. @cindex restricted deletion flag
  72. prevent users from removing or renaming a file in a directory
  73. unless they own the file or the directory; this is called the
  74. @dfn{restricted deletion flag} for the directory.
  75. For regular files on some systems, save the program's text image on the
  76. swap device so it will load more quickly when run; this is called the
  77. @dfn{sticky bit}.
  78. @end enumerate
  79. In addition to the permissions listed above, there may be file attributes
  80. specific to the file system, e.g: access control lists (ACLs), whether a
  81. file is compressed, whether a file can be modified (immutability), whether
  82. a file can be dumped. These are usually set using programs
  83. specific to the file system. For example:
  84. @c should probably say a lot more about ACLs... someday
  85. @table @asis
  86. @item ext2
  87. On @acronym{GNU} and @acronym{GNU}/Linux the file permissions
  88. (``attributes'') specific to
  89. the ext2 file system are set using @command{chattr}.
  90. @item FFS
  91. On FreeBSD the file permissions (``flags'') specific to the FFS
  92. file system are set using @command{chrflags}.
  93. @end table
  94. Although a file's permission ``bits'' allow an operation on that file,
  95. that operation may still fail, because:
  96. @itemize
  97. @item
  98. the file-system-specific permissions do not permit it;
  99. @item
  100. the file system is mounted as read-only.
  101. @end itemize
  102. For example, if the immutable attribute is set on a file,
  103. it cannot be modified, regardless of the fact that you
  104. may have just run @code{chmod a+w FILE}.
  105. @node Symbolic Modes
  106. @section Symbolic Modes
  107. @cindex symbolic modes
  108. @dfn{Symbolic modes} represent changes to files' permissions as
  109. operations on single-character symbols. They allow you to modify either
  110. all or selected parts of files' permissions, optionally based on
  111. their previous values, and perhaps on the current @code{umask} as well
  112. (@pxref{Umask and Protection}).
  113. The format of symbolic modes is:
  114. @example
  115. @r{[}ugoa@dots{}@r{][}+-=@r{]}@var{perms}@dots{}@r{[},@dots{}@r{]}
  116. @end example
  117. @noindent
  118. where @var{perms} is either zero or more letters from the set
  119. @samp{rwxXst}, or a single letter from the set @samp{ugo}.
  120. The following sections describe the operators and other details of
  121. symbolic modes.
  122. @menu
  123. * Setting Permissions:: Basic operations on permissions.
  124. * Copying Permissions:: Copying existing permissions.
  125. * Changing Special Permissions:: Special permissions.
  126. * Conditional Executability:: Conditionally affecting executability.
  127. * Multiple Changes:: Making multiple changes.
  128. * Umask and Protection:: The effect of the umask.
  129. @end menu
  130. @node Setting Permissions
  131. @subsection Setting Permissions
  132. The basic symbolic operations on a file's permissions are adding,
  133. removing, and setting the permission that certain users have to read,
  134. write, and execute the file. These operations have the following
  135. format:
  136. @example
  137. @var{users} @var{operation} @var{permissions}
  138. @end example
  139. @noindent
  140. The spaces between the three parts above are shown for readability only;
  141. symbolic modes cannot contain spaces.
  142. The @var{users} part tells which users' access to the file is changed.
  143. It consists of one or more of the following letters (or it can be empty;
  144. @pxref{Umask and Protection}, for a description of what happens then). When
  145. more than one of these letters is given, the order that they are in does
  146. not matter.
  147. @table @code
  148. @item u
  149. @cindex owner of file, permissions for
  150. the user who owns the file;
  151. @item g
  152. @cindex group, permissions for
  153. other users who are in the file's group;
  154. @item o
  155. @cindex other permissions
  156. all other users;
  157. @item a
  158. all users; the same as @samp{ugo}.
  159. @end table
  160. The @var{operation} part tells how to change the affected users' access
  161. to the file, and is one of the following symbols:
  162. @table @code
  163. @item +
  164. @cindex adding permissions
  165. to add the @var{permissions} to whatever permissions the @var{users}
  166. already have for the file;
  167. @item -
  168. @cindex removing permissions
  169. @cindex subtracting permissions
  170. to remove the @var{permissions} from whatever permissions the
  171. @var{users} already have for the file;
  172. @item =
  173. @cindex setting permissions
  174. to make the @var{permissions} the only permissions that the @var{users}
  175. have for the file.
  176. @end table
  177. The @var{permissions} part tells what kind of access to the file should
  178. be changed; it is normally zero or more of the following letters. As with the
  179. @var{users} part, the order does not matter when more than one letter is
  180. given. Omitting the @var{permissions} part is useful only with the
  181. @samp{=} operation, where it gives the specified @var{users} no access
  182. at all to the file.
  183. @table @code
  184. @item r
  185. @cindex read permission, symbolic
  186. the permission the @var{users} have to read the file;
  187. @item w
  188. @cindex write permission, symbolic
  189. the permission the @var{users} have to write to the file;
  190. @item x
  191. @cindex execute permission, symbolic
  192. the permission the @var{users} have to execute the file.
  193. @end table
  194. For example, to give everyone permission to read and write a file,
  195. but not to execute it, use:
  196. @example
  197. a=rw
  198. @end example
  199. To remove write permission for all users other than the file's
  200. owner, use:
  201. @example
  202. go-w
  203. @end example
  204. @noindent
  205. The above command does not affect the access that the owner of
  206. the file has to it, nor does it affect whether other users can
  207. read or execute the file.
  208. To give everyone except a file's owner no permission to do anything with
  209. that file, use the mode below. Other users could still remove the file,
  210. if they have write permission on the directory it is in.
  211. @example
  212. go=
  213. @end example
  214. @noindent
  215. Another way to specify the same thing is:
  216. @example
  217. og-rwx
  218. @end example
  219. @node Copying Permissions
  220. @subsection Copying Existing Permissions
  221. @cindex copying existing permissions
  222. @cindex permissions, copying existing
  223. You can base a file's permissions on its existing permissions. To do
  224. this, instead of using a series of @samp{r}, @samp{w}, or @samp{x}
  225. letters after the
  226. operator, you use the letter @samp{u}, @samp{g}, or @samp{o}. For
  227. example, the mode
  228. @example
  229. o+g
  230. @end example
  231. @noindent
  232. adds the permissions for users who are in a file's group to the
  233. permissions that other users have for the file. Thus, if the file
  234. started out as mode 664 (@samp{rw-rw-r--}), the above mode would change
  235. it to mode 666 (@samp{rw-rw-rw-}). If the file had started out as mode
  236. 741 (@samp{rwxr----x}), the above mode would change it to mode 745
  237. (@samp{rwxr--r-x}). The @samp{-} and @samp{=} operations work
  238. analogously.
  239. @node Changing Special Permissions
  240. @subsection Changing Special Permissions
  241. @cindex changing special permissions
  242. In addition to changing a file's read, write, and execute permissions,
  243. you can change its special permissions. @xref{Mode Structure}, for a
  244. summary of these permissions.
  245. To change a file's permission to set the user ID on execution, use
  246. @samp{u} in the @var{users} part of the symbolic mode and
  247. @samp{s} in the @var{permissions} part.
  248. To change a file's permission to set the group ID on execution, use
  249. @samp{g} in the @var{users} part of the symbolic mode and
  250. @samp{s} in the @var{permissions} part.
  251. To change a file's permission to set the restricted deletion flag or sticky bit,
  252. omit the @var{users} part of the symbolic mode (or use @samp{a}) and put
  253. @samp{t} in the @var{permissions} part.
  254. For example, to add set-user-ID permission to a program,
  255. you can use the mode:
  256. @example
  257. u+s
  258. @end example
  259. To remove both set-user-ID and set-group-ID permission from
  260. it, you can use the mode:
  261. @example
  262. ug-s
  263. @end example
  264. To set the restricted deletion flag or sticky bit, you can use
  265. the mode:
  266. @example
  267. +t
  268. @end example
  269. The combination @samp{o+s} has no effect. On @acronym{GNU} systems
  270. the combinations @samp{u+t} and @samp{g+t} have no effect, and
  271. @samp{o+t} acts like plain @samp{+t}.
  272. The @samp{=} operator is not very useful with special permissions; for
  273. example, the mode:
  274. @example
  275. o=t
  276. @end example
  277. @noindent
  278. does set the restricted deletion flag or sticky bit, but it also
  279. removes all read, write, and execute permissions that users not in the
  280. file's group might have had for it.
  281. @node Conditional Executability
  282. @subsection Conditional Executability
  283. @cindex conditional executability
  284. There is one more special type of symbolic permission: if you use
  285. @samp{X} instead of @samp{x}, execute permission is affected only if the
  286. file is a directory or already had execute permission.
  287. For example, this mode:
  288. @example
  289. a+X
  290. @end example
  291. @noindent
  292. gives all users permission to search directories, or to execute files if
  293. anyone could execute them before.
  294. @node Multiple Changes
  295. @subsection Making Multiple Changes
  296. @cindex multiple changes to permissions
  297. The format of symbolic modes is actually more complex than described
  298. above (@pxref{Setting Permissions}). It provides two ways to make
  299. multiple changes to files' permissions.
  300. The first way is to specify multiple @var{operation} and
  301. @var{permissions} parts after a @var{users} part in the symbolic mode.
  302. For example, the mode:
  303. @example
  304. og+rX-w
  305. @end example
  306. @noindent
  307. gives users other than the owner of the file read permission and, if
  308. it is a directory or if someone already had execute permission
  309. to it, gives them execute permission; and it also denies them write
  310. permission to the file. It does not affect the permission that the
  311. owner of the file has for it. The above mode is equivalent to
  312. the two modes:
  313. @example
  314. og+rX
  315. og-w
  316. @end example
  317. The second way to make multiple changes is to specify more than one
  318. simple symbolic mode, separated by commas. For example, the mode:
  319. @example
  320. a+r,go-w
  321. @end example
  322. @noindent
  323. gives everyone permission to read the file and removes write
  324. permission on it for all users except its owner. Another example:
  325. @example
  326. u=rwx,g=rx,o=
  327. @end example
  328. @noindent
  329. sets all of the non-special permissions for the file explicitly. (It
  330. gives users who are not in the file's group no permission at all for
  331. it.)
  332. The two methods can be combined. The mode:
  333. @example
  334. a+r,g+x-w
  335. @end example
  336. @noindent
  337. gives all users permission to read the file, and gives users who are in
  338. the file's group permission to execute it, as well, but not permission
  339. to write to it. The above mode could be written in several different
  340. ways; another is:
  341. @example
  342. u+r,g+rx,o+r,g-w
  343. @end example
  344. @node Umask and Protection
  345. @subsection The Umask and Protection
  346. @cindex umask and modes
  347. @cindex modes and umask
  348. If the @var{users} part of a symbolic mode is omitted, it defaults to
  349. @samp{a} (affect all users), except that any permissions that are
  350. @emph{set} in the system variable @code{umask} are @emph{not affected}.
  351. The value of @code{umask} can be set using the
  352. @code{umask} command. Its default value varies from system to system.
  353. @cindex giving away permissions
  354. Omitting the @var{users} part of a symbolic mode is generally not useful
  355. with operations other than @samp{+}. It is useful with @samp{+} because
  356. it allows you to use @code{umask} as an easily customizable protection
  357. against giving away more permission to files than you intended to.
  358. As an example, if @code{umask} has the value 2, which removes write
  359. permission for users who are not in the file's group, then the mode:
  360. @example
  361. +w
  362. @end example
  363. @noindent
  364. adds permission to write to the file to its owner and to other users who
  365. are in the file's group, but @emph{not} to other users. In contrast,
  366. the mode:
  367. @example
  368. a+w
  369. @end example
  370. @noindent
  371. ignores @code{umask}, and @emph{does} give write permission for
  372. the file to all users.
  373. @node Numeric Modes
  374. @section Numeric Modes
  375. @cindex numeric modes
  376. @cindex file permissions, numeric
  377. @cindex octal numbers for file modes
  378. As an
  379. alternative to giving a symbolic mode, you can give an octal (base 8)
  380. number that represents the new mode.
  381. This number is always interpreted in octal; you do not have to add a
  382. leading 0, as you do in C. Mode 0055 is the same as mode 55.
  383. A numeric mode is usually shorter than the corresponding symbolic
  384. mode, but it is limited in that it cannot take into account a file's
  385. previous permissions; it can only set them absolutely.
  386. The permissions granted to the user,
  387. to other users in the file's group,
  388. and to other users not in the file's group each require three
  389. bits, which are represented as one octal digit. The three special
  390. permissions also require one bit each, and they are as a group
  391. represented as another octal digit. Here is how the bits are arranged,
  392. starting with the lowest valued bit:
  393. @example
  394. Value in Corresponding
  395. Mode Permission
  396. Other users not in the file's group:
  397. 1 Execute
  398. 2 Write
  399. 4 Read
  400. Other users in the file's group:
  401. 10 Execute
  402. 20 Write
  403. 40 Read
  404. The file's owner:
  405. 100 Execute
  406. 200 Write
  407. 400 Read
  408. Special permissions:
  409. 1000 Restricted deletion flag or sticky bit
  410. 2000 Set group ID on execution
  411. 4000 Set user ID on execution
  412. @end example
  413. For example, numeric mode 4755 corresponds to symbolic mode
  414. @samp{u=rwxs,go=rx}, and numeric mode 664 corresponds to symbolic mode
  415. @samp{ug=rw,o=r}. Numeric mode 0 corresponds to symbolic mode
  416. @samp{a=}.