Unix file permissions cheat sheet
Working with Magento in a Linux environment requires you to have some knowledge of Unix file system permissions. These are documented extensively, but I wanted to have a simple yet complete overview that includes setuid, setgid, and the sticky bit. Since I could not find one, I composed a cheat sheet myself.
Since this is a reference page, I will start with the reference tables. I shall highlight one permission per line, in red. Followed by the chmod command to create it, a common name, and a description.
Lees dit artikel in het Nederlands.
–rwx rwx rwx | chmod u+r | This file is readable by its owner. | |
-rwx rwx rwx | chmod u+w | This file is writable by its owner. | |
-rwx rwx rwx | chmod u+x | This file is executable by its owner. | |
-rws rwx rwx | chmod u+s | “setuid” | When the file is executed, the process assumes the id of the owner. |
-rwS rwx rwx | chmod u+s,u-x | When the file is executed, the process assumes the id of the owner, yet the owner may not execute it himself. | |
-rwx rwx rwx | chmod g+r | This file is readable by group members. | |
-rwx rwx rwx | chmod g+w | This file is writable by group members. | |
-rwx rwx rwx | chmod g+x | This file is executable by group members. | |
-rwx rws rwx | chmod g+s | “setgid” | When the file is executed, the process assumes the id of the group. |
-rwx rwS rwx | chmod g+s,g-x | When the file is executed, the process assumes the id of the group, yet no member of the group may execute it. | |
-rwx rwx rwx | chmod o+r | This file is readable by others. | |
-rwx rwx rwx | chmod o+w | This file is writable by others. | |
-rwx rwx rwx | chmod o+x | This file is executable by others. | |
-rwx rwx rwt | chmod o+t | “sticky bit” | Obsolete, originally used to keep the program in virtual memory for faster loading. |
-rwx rwx rwT | chmod o+t,o-x | Obsolete; not executable by others. |
drwx rwx rwx | chmod u+r | The owner of this directory may read the names of the files and directories in this directory. | |
drwx rwx rwx | chmod u+w | The owner of this directory may create, delete and rename files and directories in this directory. | |
drwx rwx rwx | chmod u+x | The owner of this directory may read data and metadata of files and directories in this directory. | |
drws rwx rwx | chmod u+s | “setuid” | No effect. |
drwS rwx rwx | chmod u+s,u-x | No effect. | |
drwx rwx rwx | chmod g+r | The names of the files and directories in this directory are readable by group members. | |
drwx rwx rwx | chmod g+w | Group members may create, delete and rename files and directories in this directory. | |
drwx rwx rwx | chmod g+x | Group members may read data and metadata of files and directories in this directory. | |
drwx rws rwx | chmod g+s | “setgid” | New files and directories in this directory inherit the the group id of the directory. |
drwx rwS rwx | chmod g+s,g-x | New files and directories in this directory inherit the the group id of the directory. Group members may not read data and metadata of files in this directory. | |
drwx rwx rwx | chmod o+r | Others may read the names of the files and directories in this directory. | |
drwx rwx rwx | chmod o+w | Others may create, delete and rename files and directories in this directory. | |
drwx rwx rwx | chmod o+x | Others may read data and metadata of files and directories in this directory. | |
drwx rwx rwt | chmod o+t | “restricted deletion flag” | A file or directory in this directory may only be deleted by its owner (, the directory owner and the superuser). |
drwx rwx rwT | chmod o+t,o-x | A file or directory in this directory may only be deleted by its owner (, the directory owner and the superuser). Others may not read data and metadata of files in this directory. |
About the cheat sheet
When you execute ls -l
you get a list of files in the directory. It shows file type, file permissions and file ownership.
ls -l
Here’s an example result line
-rw-rw-r– 1 patrick www-data 7 feb 20 11:41 hello.txt
-rw-rw-r– are the file permissions, patrick is the file’s owner, and www-data is the file’s group.
File permissions are grouped as follows:
–rwx rwx rwx | Owner |
-rwx rwx rwx | Group |
-rwx rwx rwx | Others |
You can change the file permissions with the chmod command. For example
chmod +x bin/magento | Makes a file executable, for user, group and other. |
chmod g+s pub/media | Make new files and directories in the directory pub/media inherit the group id of the directory. |
References
http://unix.stackexchange.com/questions/79395/how-does-the-sticky-bit-work
https://en.wikipedia.org/wiki/File_system_permissions
https://linux.die.net/man/1/chmod
https://en.wikipedia.org/wiki/Setuid