Top

A Linux User Reference

Search tips
  • search ignores words that are less than 4 characters in length
  • searches are case insensitve
  • if a search does not return anything try it in Boolean mode then Query expansion mode by checking the appropriate radio button e.g. searching for 'cron' in just the Administration category returns nothing - presumably because the 50% threshold is reached. Boolean mode ignores this threshold so a search for 'cron' returns several hits
  • in Boolean mode preceding a word with a '+' means the result must include that word, a '-' means it must not
  • in Boolean mode '+crontab -anacron' means match articles about crontab that DO NOT mention anacron
  • to match a phrase e.g. 'manage system' check the Boolean mode radio button and enclose the phrase in quotes "some phrase ..."
  • in Query expansion mode the search context is expanded beyond the keywords you entered - relevancy of hits may well be degraded

FILES AND DIRECTORIES

File modes

  • Access modes
    • Each linux file has a set of properties that control access to it.
    • Collectively these properties are know as the file's access mode or mode.
    • Access modes can be manipulated using either octal or symbolic formats.
    • The access mode consists of four sets of three flags.

      • in octal these flags are represented as 4 digits i.e. 0644

        • the first digit '0' represents any special attributes that are set
        • the second '6' the file owner's permissions
        • the third '4' the file group permissions
        • the fourth '4' the file world, everybody and everything's permissions
      • often, when no special attributes are set i.e. the first digit is '0', the first digit is omitted when reporting the mode i.e. 644 => 0644

      • in symbolic form these flags are represented as 9 characters i.e. rw-r---r--

        • the first three characters represent 'rw-' represent the owner's permissions
        • the next three 'r--' the group permissions
        • and lastly 'r--' the world permissions
        • 'r' = read, 'w' = write, 'x' = execute and '-' = none permissions set
    Binary Attributes set Octal Symbolic
    111 read, write, execute 7 rwx
    110 read, write 6 rw-
    101 read, execute 5 r-x
    100 read 4 r--
    011 write, execute 3 -wx
    010 write 2 -w-
    001 execute 1 --x
    000 none 0 ---

    Display a file's access mode in symbolic form

    $ ls -al perm-change.txt
    -rw-r--r-- 1 mark mark 0 Dec 13 00:29 perm-change.txt 
    

    One character appears in front of the access mode, in this case a '-'. This character identifies the type of file.

    Character File type
    - Regular files
    d Directory
    b Block special filec|Character special file
    p Pipe special file
    l Symbolic link
    s Socket

    Putting it all together

    perm-change.txt is a regular file with, no special attributes set, read and write permissions for the owner (mark), read permissions for members of group (mark) and read permissions for everything else. This mode equates to '0644' in octal.

    Display a file's access mode in both symbolic form and in octal

    $ stat perm-change.txt | grep "Access: ("
    Access: (0644/-rw-r--r--)  Uid: ( 1000/    mark)   Gid: ( 1000/    mark)
                                                           (or)
    $ stat -c "%a %A %F %n" perm-change.txt
    644 -rw-r--r-- regular empty file perm-change.txt
                                                           (or)
    $ stat --printf "%a %A %F %n\n" perm-change.txt
    644 -rw-r--r-- regular empty file perm-change.txt
    

    The last two forms of the stat command omit the the first octal digit. When it is missing it has a value of '0'.

  • Special attributes
    File special attributes

    apply to executable files and directories

    Binary Attributes set Octal Symbolic
    111 suid, sgid, sticky 7 [sS][sS][tT]
    110 suid, sgid 6 [sS][sS]-
    101 suid, sticky 5 [sS]-[tT]
    100 suid 4 [sS]--
    011 sgid, sticky 3 -[sS][tT]
    010 sgid 2 -[sS]-
    010 sticky 1 --[tT]
    000 None 0

    Symbolic special attributes, if set, appear where the 'x' execute flag would normally be. An UPPERCASE 'S' or 'T' means that the 'x' execute flag for that set (owner, group or world) was NOT set while lower case means it was.

    SUID

    Usually a program started by a user will run under that user's id. The program will have the same access as the user. When the SUID bit is set on an executable, it runs under the id of the program's owner.

    SGID

    When set on executable files, the executable will run under the file's group id - not the user who runs it. When set on directory files, newly created files in the directory are set to the same group ownership as the directory.

    Sticky

    When set on a directory, regardless of file permissions, only root, file owner or directory owner can rename or delete the directory. This protects the directory from being deleted by users who have write access to it.

    Sticky bit directory example

    $ ls -al /tmp
    total 40
    drwxrwxrwt  9 root root 4096 Dec 13 01:20 .
    .....
    

    Anyone can write to '/tmp', anyone can delete their own files in '/tmp' but only root can delete '/tmp'.

    Group members of the directory can create and modify files in the directory.

    Apply each special attribute to a file and display it's permissions in octal and symbolic form

    $ for special_attribute in 7 6 5 4 3 2 1 0
    > do
    > chmod $special_attribute'644' perm-change.txt
    > stat perm-change.txt | grep "Access: (" | cut -d"U" -f 1
    > done
    Access: (7644/-rwSr-Sr-T)  
    Access: (6644/-rwSr-Sr--)  
    Access: (5644/-rwSr--r-T)  
    Access: (4644/-rwSr--r--)  
    Access: (3644/-rw-r-Sr-T)  
    Access: (2644/-rw-r-Sr--)  
    Access: (1644/-rw-r--r-T)  
    Access: (0644/-rw-r--r--) 
    

    UPPERCASE symbolic attributes indicate that no execute flag is set.

    Apply special attributes to a directory

    $ mkdir permsdir
    $ chmod 764 permsdir
    $ for special_attribute in 7 6 5 4 3 2 1 0
    > do
    > chmod $special_attribute'764' permsdir
    > stat permsdir | grep "Access: (" | cut -d"U" -f 1
    > done
    Access: (7764/drwsrwSr-T)  
    Access: (6764/drwsrwSr--)  
    Access: (7764/drwsrwSr-T)  
    Access: (6764/drwsrwSr--)  
    Access: (7764/drwsrwSr-T)  
    Access: (6764/drwsrwSr--)  
    Access: (7764/drwsrwSr-T)  
    Access: (6764/drwsrwSr--) 
    

    lowercase symbolic attributes indicate execute flag is set.

  • Change file access mode
    /bin/chmod

    Command usage

    chmod [options] mode[,mode, ...] file ...
    chmod [options] octal-mode file ...
    
    Mode:
    [ugoa][-+=][rwxXst]
     u       user
     g       group
     o       other
     a       all
     -       remove/unset
     +       add to existing bits
     =       set exactly
     r       read
     w       write
     x       execute
     X       execute for dirs. or execute already set for some user
     s       suid or sgid
     t       sticky
    
    Common options:
     -c      report only when a change is made
     -R      operate on files and directories recursively
    

    Set file permissions to rw(root) and read for everyone else

    $ chmod 644 fileperms.txt
    -rw-r--r-- 1 mark mark 0 2009-03-31 00:39 fileperms.txt
                                                               (or)
    $ chmod u=rw,g=r,o=r file1                                 
    -rw-r--r-- 1 mark mark 0 2009-03-31 01:28 file1
    

    Set sticky bit

    $ ls -ald dir1
    drwxr-xr-x 2 mark mark 4096 2009-03-31 01:29 dir1
    
    $ chmod +t dir1
    drwxr-xr-t 2 mark mark 4096 2009-03-31 01:29 dir1
    

    Remove sticky bit

    $ chmod -t dir1
    drwxr-xr-x 2 mark mark 4096 2009-03-31 01:29 dir1
    

    Remove all directory execute/search permissions

    $ chmod -X dir1
    drw-r--r-- 2 mark mark 4096 2009-03-31 01:29 dir1
    

    Replace execute/search for owner and group only

    $ chmod ug+X dir1
    drwxr-xr-- 2 mark mark 4096 2009-03-31 01:29 dir1
    

    Set suid

    $ chmod u+s file1
    -rwSr--r-- 1 mark mark 0 2009-03-31 01:28 file1
    

    Remove suid and set sgid

    $ chmod u-s,g+s file1
    -rw-r-Sr-- 1 mark mark 0 2009-03-31 01:28 file1 
    
  • Set user file creation mask
    umask
    • Bash builtin command.
    • Sets the user file-creation mask.
    • Any user created file will be created with the same access mode as that of the umask.
    umask [-p] [-S] [mode]
    
    Options:
     -S            and no 'mode' supplied, print current value in symbolic form
     -p            and no 'mode' supplied, output in a form that may be reused 
                   as input to this command
    

    If mode begins with a digit, it is interpreted as an octal number otherwise it is interpreted as a symbolic mode mask, if mode is omitted, the current value of the mask is printed.

    Display current mask value

    $ umask
    0022
    
    $ umask -S
    u=rwx,g=rx,o=rx
    
    $ umask -p
    umask 0022
    

    By default, text files are created with '666' (rw-rw-rw) permissions, directories with '777' (rwxrwxrwx) permissions. The user's umask is then applied to the default permissions

    0666          0777
    0022          0022
    ----          ----
    0644          0755
    ----          ----
    

    User's umask in operation

    $ umask
    0022
    $ mkdir freddir
    $ stat freddir
      File: ‘freddir’
      Size: 4096        Blocks: 8          IO Block: 4096   directory
    Device: 804h/2052d  Inode: 15466788    Links: 2
    Access: (0755/drwxr-xr-x)  Uid: ( 1000/    mark)   Gid: ( 1000/    mark)
    .....
    $ touch fred
    $ stat fred
      File: ‘fred’
      Size: 0           Blocks: 0          IO Block: 4096   regular empty file
    Device: 804h/2052d  Inode: 15466782    Links: 1
    Access: (0644/-rw-r--r--)  Uid: ( 1000/    mark)   Gid: ( 1000/    mark)
    .....
    $ umask 0044
    $ touch bert
    $ stat bert
      File: ‘bert’
      Size: 0           Blocks: 0          IO Block: 4096   regular empty file
    Device: 804h/2052d  Inode: 15466782    Links: 1
    Access: (0622/-rw--w--w-)  Uid: ( 1000/    mark)   Gid: ( 1000/    mark)
    .....
    
  • Display file status
    /usr/bin/stat

    Command usage

    stat [option] file ...
    
    Common options:
     -f <filesys>           displays filesystem status
     -c | --format=         specify a format sequence
     -printf <format>       specify a format sequence, do not print newlines
    
    Some format sequences:
     %a     Access rights in octal
     %A     Access rights in human readable form
     %F     File type
     %n     File name
     %s     Total size, in bytes
     %U     User name of owner
    

    View a file's access modes

    $ stat  fileperms.txt
      File: `fileperms.txt'
      Size: 0            Blocks: 0          IO Block: 4096   regular empty file
    Device: 808h/2056d   Inode: 115550      Links: 1
    Access: (0754/-rwxr-xr--)  Uid: ( 1000/    mark)   Gid: ( 1000/    mark)
    Access: 2009-03-31 00:39:48.000000000 +0100
    Modify: 2009-03-31 00:39:48.000000000 +0100
    Change: 2009-03-31 00:40:10.000000000 +0100
    

    Just print the specific details

    $ stat --format="%a %A %F %n %U %s" c5home.html
    644 -rw-r--r-- regular file c5home.html mark 6492
    
  • Change owner and or group of a file
    /bin/chown

    The second variation uses the reference file's (ref-file) ownership properties to set 'file's ownership properties.

    chown [options] [owner][:[group]] file ...
    chown [options] --reference=<ref-file> file ...
    
    Common options:
     -c           report only when a change is made
     -R           operate on files and directories recursively
    

    Sample file permissions

    -rw-r--r-- 1 mark mark 0 2009-03-31 14:41 file1
    -rw-r--r-- 1 mark mark 0 2009-03-31 14:41 file2
    

    Change just the file owner to root

    # chown -c root file1 file2
    Changed ownership of `file1' to root
    Changed ownership of `file2' to root
    

    Change group ownership to root, no reporting

    # chown .root file1 file2
                                             (or)
    # chown :root file1 file2                         
    # ls -al file1 file2
    -rw-r--r-- 1 root root 0 2009-03-31 14:41 file1
    -rw-r--r-- 1 root root 0 2009-03-31 14:41 file2
    

    Change group and owner back to mark

    # chown mark:mark file1 file2
    # ls -al file1 file2
    -rw-r--r-- 1 mark mark 0 2009-03-31 14:41 file1
    -rw-r--r-- 1 mark mark 0 2009-03-31 14:41 file2
    

    Change group and owner back to root, report if changes made

    # chown -c root.root file1 file2
    Changed ownership of `file1' to root:root
    Changed ownership of `file2' to root:root
    
    # chown -c root:root file1 file2 
    

    When no changes are made nothing is reported - the last command repeats the first one.

  • Change group ownership of a file
    /bin/chgrp

    Behaves as chown for the group.

    chgrp [options] group file ...
    chgrp [options] --reference=<ref-file> file ...
    
    Common options:
     -c           report only when a change is made
     -R           operate on files and directories recursively
    

    Change all files and subdirectories in /home/staff to group staff

    # chgrp -R staff /home/staff