![]() ![]() We’ve managed to get through all of this file permission malarkey without mentioning sticky bits. This article provides further information on configuring Linux ACLs. There’s a useful guide to linux file permissions here. rw-r- 1 teddy pack 18 Jul 2 13:30 happydog.log rw-r- 1 mike pack 8 Jul 2 13:27 goodboy.log <- after ACL changes ![]() rw-rw-r- 1 teddy pack 0 Jul 2 10:54 growl.txt <- after the setgid rw-rw-r- 1 teddy teddy 0 Jul 2 10:46 woof.txt rw-rw-r- 1 mike mike 0 Jul 2 10:44 biscuit.txt Remember, the ACL changes we’ve made to file permissions in the directory do not apply retrospectively : ls -lrt treats Mike$ echo 'Bath Time !' >treats/happydog.logīash: treats/happydog.log: Permission denied rw-r- 1 teddy pack 18 Jul 2 13:30 treats/happydog.log On the other hand, he can create a new file which mike can see, but no write to (much to teddy’s relief) … teddy$ echo 'Munch! Wag! Woof!' >treats/happydog.log Sh: 3: cannot create treats/goodboy.log: Permission denied However, he cannot write to the file : teddy $ echo 'More biscuits' >treats/goodboy.log Teddy can read the new file (although he refuses to use cat for some reason) : teddy $ more treats/goodboy.log rw- r- 1 mike pack 8 Jul 2 13:27 treats/goodboy.log ![]() These permissions are now applied to any new files created in the directory : mike $ echo 'Biscuit'>treats/goodboy.log To remove write permissions from group, we add a default setting to the directory’s ACL : We can do this by setting the default ACL permissions. Remember, we want any new files we create to be read-only for members of the pack group and to have no permissions for other users. Sh: 3: cd: can't cd to walkies Defaulting the ACL settings Whilst he can list the contents of the directory, he cannot navigate to it : To demonstrate, we can create a directory from which the others execute permission is then revoked … mike$ mkdir walkiesĭrwxrwx r- 2 mike mike 4096 Jul 2 11:30 walkiesĪs teddy is not the file owner or a group member of mike, he has other permissions on the directory. The execute permission is required to enter a directory. However, none of our files have been created with execute enabled.Īs explained in this stack overflow answer, it doesn’t really make sense to grant execute permissions on a file unless it’s known to be executable, therefore, linux does not do this automatically.ĭirectories however, are subtly different. You may have noticed that the execute permission is set for everyone. Incidentally, we can see the setgid bit in the flags line. For treats, the current ACL looks like this : getfacl treats Being just a type of file, directories are no different. In Linux each file has a File Access Control List (ACL). Remember, that we want any new files to be read-write for the owner, read-only for group members and not accessible for anyone else. rw-rw-r- 1 teddy pack 0 Jul 2 10:54 treats/growl.txt When teddy creates his next file, the directory’s group is used : teddy $ touch treats/growl.txt We can see the effect this has on the directory permissions : ls -ld treatsĭrwxrw sr-x 2 mike pack 4096 Jul 2 10:46 treats Don’t worry, that’s not as complicated as it sounds. To ensure that any new files created in the directory inherit the the directory’s group, we need to set the setgid bit. rw-rw-r- 1 teddy teddy 0 Jul 2 10:46 treats/woof.txt rw-rw-r- 1 mike mike 0 Jul 2 10:44 treats/biscuit.txt This does not affect any new files created in the directory, which are still assigned their owners’ primary group by default : mike$ touch treats/biscuit.txt We want to change this so that it uses the group we’ve just created : chgrp pack treatsĭrwxrwxr-x 2 mike pack 4096 Jul 2 10:40 treats When I create a directory as mike, I can see that it inherits that user’s primary group : mkdir treatsĭrwxrwxr-x 2 mike mike 4096 Jul 2 10:40 treats We can confirm that both users now belong to the group : getent group pack
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |