VERY quick chmod question


Results 1 to 8 of 8

Thread: VERY quick chmod question

  1. #1
    Join Date
    Jan 2003
    Posts
    86

    VERY quick chmod question

    quick if you know chmod, that is...

    I'm trying to figure out how to do something on my box (which, at the moment, has no net connection whatsoever - the best possible security ), and in my researching, I came across a wonderful site that describes the numerics for chmod - http://www.computerhope.com/unix/uchmod.htm#03 (scroll up a little)

    My question is this - I want to make sure I'm understanding the numbering correctly - what would the difference be between chmod 707 foo.sh and chmod 007 foo.sh? From the way I'm understanding it, you'd effectively be locking yourself out from using the file in any way (r/w/x) with 007 - right? Or am I missing something?

    -CB
    Primary Linux box:

    AMD Athlon XP 2600+
    512MB 333mhz RAM
    80GB HD
    DVD+RW
    unsupported sound card that plays music anyway
    Slack 10, 2.6.9


    Knockaround laptop:
    P3-750
    don't remember how much ram or what size HD
    15" display
    DVD-ROM
    dualbooting Ubuntu and Libranet

  2. #2
    Join Date
    Mar 2003
    Location
    Earth [I think...]
    Posts
    414
    yup. You got it right the first time.

    In Binary:

    000: 0 : No permissions for anyone
    001: 1 : Give Execute Privs
    010: 2 : Give only Write privs
    011: 3 : Give Write and execute privs
    100: 4 : Give only Read privs
    101: 5 : Give read and execute privs
    110: 6 : Give read and write privs
    111: 7 : Give all privs

    So 007 would translate as:
    000 000 111 in binary which we can see from the chart above means:

    No Privs for owner, No Privs for group, All Privs for others.

    Hope this helps.

    - Suramya
    --------------------------------------------------
    My Website: http://www.suramya.com
    My Blog: http://www.suramya.com/blog
    Registered Linux User #: 309391
    --------------------------------------------------

    *************************************************
    Disclaimer:
    Any errors in spelling, tact, or fact are transmission errors.
    *************************************************

  3. #3
    Join Date
    Apr 2001
    Location
    SF Bay Area, CA
    Posts
    14,947

    Re: VERY quick chmod question

    Originally posted by belsonc
    From the way I'm understanding it, you'd effectively be locking yourself out from using the file in any way (r/w/x) with 007 - right?
    Correct, except in one case.

    If the file is owned by root with permissions 007, then root can still read and write it (I'm not sure about execute). Root ignores all permission bits (except perhaps execute).

    Anyway, you'd lock yourself out because the permissions granted are not cumulative -- the kernel looks to see whether owner matches first, group matches second, and uses world otherwise. It STOPS after the first match it finds.

    So if you want a whole group of users to be able to write to a file, you could make it owned by the root user and that group, then turn on the group-write permission bit. If, later, you find out that one member of that group is a troublemaker and shouldn't be allowed to write to that file (but should still have permission to do the rest of the stuff that group can do, so you can't remove him from the group entirely), you can make the file be owned by him, and remove owner write permission.

    What you described is just the extension of that. If you own a file but no owner bits are set, then you have no permissions, regardless of other bits.

  4. #4
    Join Date
    Apr 2003
    Location
    Buenos Aires, Argentina
    Posts
    4,221

    Re: Re: VERY quick chmod question

    Originally posted by bwkaz
    Root ignores all permission bits (except perhaps execute).
    Yep, that's it. Just checked.
    djserz.com.ar
    "All the drugs in this world won't save you from yourself..."

  5. #5
    Join Date
    Oct 2002
    Posts
    547
    Would that file have a license to kill and drink Stoly Martinis?

    :-)
    $whatis microsoft
    microsoft: nothing appropriate

  6. #6
    Join Date
    Jan 2003
    Posts
    86
    Originally posted by techwise
    Would that file have a license to kill and drink Stoly Martinis?

    :-)
    You know, I was asking my friend Chris about this chmod question before, and I used the 007 example... I found myself trying to come up with a good 007 joke, but I just couldn't... I was really disappointed in myself... LOL
    Primary Linux box:

    AMD Athlon XP 2600+
    512MB 333mhz RAM
    80GB HD
    DVD+RW
    unsupported sound card that plays music anyway
    Slack 10, 2.6.9


    Knockaround laptop:
    P3-750
    don't remember how much ram or what size HD
    15" display
    DVD-ROM
    dualbooting Ubuntu and Libranet

  7. #7
    Join Date
    Apr 2003
    Location
    UK
    Posts
    1,181

    Re: Re: VERY quick chmod question

    Originally posted by bwkaz
    So if you want a whole group of users to be able to write to a file, you could make it owned by the root user and that group, then turn on the group-write permission bit. If, later, you find out that one member of that group is a troublemaker and shouldn't be allowed to write to that file (but should still have permission to do the rest of the stuff that group can do, so you can't remove him from the group entirely), you can make the file be owned by him, and remove owner write permission.
    That would only work if the troublemaker is stupid/ignorant because making them the owner means they can change the permissions to whatever they want.

  8. #8
    Join Date
    Apr 2001
    Location
    SF Bay Area, CA
    Posts
    14,947
    Uh... that's right, OK, never mind.

    Well then, let's instead say you want everyone to be able to write to some file, but you find that a certain group of people ends up causing trouble with it. You can add all those people to a group, make that group own the file, and chmod g-w it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •