VERY quick chmod question

[belsonc]

quick if you know chmod, that is...

I'm trying to figure out how to do something on my box (which, at the moment, has no net connection whatsoever - the best possible security ), and in my researching, I came across a wonderful site that describes the numerics for chmod - http://www.computerhope.com/unix/uchmod.htm#03 (scroll up a little)

My question is this - I want to make sure I'm understanding the numbering correctly - what would the difference be between chmod 707 foo.sh and chmod 007 foo.sh? From the way I'm understanding it, you'd effectively be locking yourself out from using the file in any way (r/w/x) with 007 - right? Or am I missing something?

-CB

[Suramya]

yup. You got it right the first time.

In Binary:

000: 0 : No permissions for anyone
001: 1 : Give Execute Privs
010: 2 : Give only Write privs
011: 3 : Give Write and execute privs
100: 4 : Give only Read privs
101: 5 : Give read and execute privs
110: 6 : Give read and write privs
111: 7 : Give all privs

So 007 would translate as:
000 000 111 in binary which we can see from the chart above means:

No Privs for owner, No Privs for group, All Privs for others.

Hope this helps.

- Suramya

[bwkaz]

Originally posted by belsonc
From the way I'm understanding it, you'd effectively be locking yourself out from using the file in any way (r/w/x) with 007 - right?

Correct, except in one case.

If the file is owned by root with permissions 007, then root can still read and write it (I'm not sure about execute). Root ignores all permission bits (except perhaps execute).

Anyway, you'd lock yourself out because the permissions granted are not cumulative -- the kernel looks to see whether owner matches first, group matches second, and uses world otherwise. It STOPS after the first match it finds.

So if you want a whole group of users to be able to write to a file, you could make it owned by the root user and that group, then turn on the group-write permission bit. If, later, you find out that one member of that group is a troublemaker and shouldn't be allowed to write to that file (but should still have permission to do the rest of the stuff that group can do, so you can't remove him from the group entirely), you can make the file be owned by him, and remove owner write permission.

What you described is just the extension of that. If you own a file but no owner bits are set, then you have no permissions, regardless of other bits.

[serz]

Originally posted by bwkaz
Root ignores all permission bits (except perhaps execute).

Yep, that's it. Just checked.

[techwise]

Would that file have a license to kill and drink Stoly Martinis?

:-)

[belsonc]

Originally posted by techwise
Would that file have a license to kill and drink Stoly Martinis?

:-)

You know, I was asking my friend Chris about this chmod question before, and I used the 007 example... I found myself trying to come up with a good 007 joke, but I just couldn't... I was really disappointed in myself... LOL

[retsaw]

Originally posted by bwkaz
So if you want a whole group of users to be able to write to a file, you could make it owned by the root user and that group, then turn on the group-write permission bit. If, later, you find out that one member of that group is a troublemaker and shouldn't be allowed to write to that file (but should still have permission to do the rest of the stuff that group can do, so you can't remove him from the group entirely), you can make the file be owned by him, and remove owner write permission.

That would only work if the troublemaker is stupid/ignorant because making them the owner means they can change the permissions to whatever they want.

[bwkaz]

Uh... that's right, OK, never mind.

Well then, let's instead say you want everyone to be able to write to some file, but you find that a certain group of people ends up causing trouble with it. You can add all those people to a group, make that group own the file, and chmod g-w it.