chmod [a]bcd
| bit | scope | description |
| a | | sticky:1, setgid:2, setuid:4 (optional, default: 0) |
| b | owner | x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7 |
| c | group | x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7 |
| d | everyone | x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7 |
- Note: only file/dir owner can chmod it
- Note: scripts need both
x and r permissions to execute(that’s because scripts are read into interpreter) (only r is enough if ran via ruby script.rb, sh script.sh)
files
| bit setting | meaning |
| sticky on files | no effect |
| setgid on execable binaries | no matter who executes, process runs as file’s group |
| setuid on execable binaries | no matter who executes, process runs as file’s owner |
| setuid/setgid on scripts | ignored due to security issues |
| setuid/setgid on non-execables | no effect1 |
Warning: setuid is dangerous
directories
| bit setting | meaning |
| x on dirs | cd, stat (e.g. ls -l), inode lookup (access files) |
| w on dirs | add/delete/rename files (requires x for inode lookup) |
| r on dirs | ls |
- Note: having
xw on a dir is enough to delete any file in it(unless it has sticky bit)
sticky on dirs
- only used when writable by group/everyone
- files in dir can only be edited/deleted by their owner (think
/tmp) - symlinks only work if target is within this dir
setgid on dirs
- all files/subdirs created by anyone in this dir inherit its group
- all subdirs inherit this bit when created
setuid on dirs
sources
- There is an exception. See “SUID and SGID on non-executable files” on this page.
Top comments (0)