-
VERY quick chmod question
quick if you know chmod, that is...
I'm trying to figure out how to do something on my box (which, at the moment, has no net connection whatsoever - the best possible security ), and in my researching, I came across a wonderful site that describes the numerics for chmod - http://www.computerhope.com/unix/uchmod.htm#03 (scroll up a little)
My question is this - I want to make sure I'm understanding the numbering correctly - what would the difference be between chmod 707 foo.sh and chmod 007 foo.sh? From the way I'm understanding it, you'd effectively be locking yourself out from using the file in any way (r/w/x) with 007 - right? Or am I missing something?
-CB
Primary Linux box:
AMD Athlon XP 2600+
512MB 333mhz RAM
80GB HD
DVD+RW
unsupported sound card that plays music anyway
Slack 10, 2.6.9
Knockaround laptop:
P3-750
don't remember how much ram or what size HD
15" display
DVD-ROM
dualbooting Ubuntu and Libranet
-
yup. You got it right the first time.
In Binary:
000: 0 : No permissions for anyone
001: 1 : Give Execute Privs
010: 2 : Give only Write privs
011: 3 : Give Write and execute privs
100: 4 : Give only Read privs
101: 5 : Give read and execute privs
110: 6 : Give read and write privs
111: 7 : Give all privs
So 007 would translate as:
000 000 111 in binary which we can see from the chart above means:
No Privs for owner, No Privs for group, All Privs for others.
Hope this helps.
- Suramya
--------------------------------------------------
My Website: http://www.suramya.com
My Blog: http://www.suramya.com/blog
Registered Linux User #: 309391
--------------------------------------------------
*************************************************
Disclaimer:
Any errors in spelling, tact, or fact are transmission errors.
*************************************************
-
Re: VERY quick chmod question
Originally posted by belsonc
From the way I'm understanding it, you'd effectively be locking yourself out from using the file in any way (r/w/x) with 007 - right?
Correct, except in one case.
If the file is owned by root with permissions 007, then root can still read and write it (I'm not sure about execute). Root ignores all permission bits (except perhaps execute).
Anyway, you'd lock yourself out because the permissions granted are not cumulative -- the kernel looks to see whether owner matches first, group matches second, and uses world otherwise. It STOPS after the first match it finds.
So if you want a whole group of users to be able to write to a file, you could make it owned by the root user and that group, then turn on the group-write permission bit. If, later, you find out that one member of that group is a troublemaker and shouldn't be allowed to write to that file (but should still have permission to do the rest of the stuff that group can do, so you can't remove him from the group entirely), you can make the file be owned by him, and remove owner write permission.
What you described is just the extension of that. If you own a file but no owner bits are set, then you have no permissions, regardless of other bits.
-
Re: Re: VERY quick chmod question
Originally posted by bwkaz
Root ignores all permission bits (except perhaps execute).
Yep, that's it. Just checked.
djserz.com.ar
"All the drugs in this world won't save you from yourself..."
-
Would that file have a license to kill and drink Stoly Martinis?
:-)
$whatis microsoft
microsoft: nothing appropriate
-
Originally posted by techwise
Would that file have a license to kill and drink Stoly Martinis?
:-)
You know, I was asking my friend Chris about this chmod question before, and I used the 007 example... I found myself trying to come up with a good 007 joke, but I just couldn't... I was really disappointed in myself... LOL
Primary Linux box:
AMD Athlon XP 2600+
512MB 333mhz RAM
80GB HD
DVD+RW
unsupported sound card that plays music anyway
Slack 10, 2.6.9
Knockaround laptop:
P3-750
don't remember how much ram or what size HD
15" display
DVD-ROM
dualbooting Ubuntu and Libranet
-
Re: Re: VERY quick chmod question
Originally posted by bwkaz
So if you want a whole group of users to be able to write to a file, you could make it owned by the root user and that group, then turn on the group-write permission bit. If, later, you find out that one member of that group is a troublemaker and shouldn't be allowed to write to that file (but should still have permission to do the rest of the stuff that group can do, so you can't remove him from the group entirely), you can make the file be owned by him, and remove owner write permission.
That would only work if the troublemaker is stupid/ignorant because making them the owner means they can change the permissions to whatever they want.
-
Uh... that's right, OK, never mind.
Well then, let's instead say you want everyone to be able to write to some file, but you find that a certain group of people ends up causing trouble with it. You can add all those people to a group, make that group own the file, and chmod g-w it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|