Unix file permissions cheat sheet

Working with Magento in a Linux environment requires you to have some knowledge of Unix file system permissions. These are documented extensively, but I wanted to have a simple yet complete overview that includes setuid, setgid, and the sticky bit. Since I could not find one, I composed a cheat sheet myself.

Since this is a reference page, I will start with the reference tables. I shall highlight one permission per line, in red. Followed by the chmod command to create it, a common name, and a description.

Lees dit artikel in het Nederlands.

Files
rwx rwx rwxchmod u+rThis file is readable by its owner.
-rwx rwx rwxchmod u+wThis file is writable by its owner.
-rwx rwx rwxchmod u+xThis file is executable by its owner.
-rws rwx rwxchmod u+s“setuid”When the file is executed, the process assumes the id of the owner.
-rwS rwx rwxchmod u+s,u-xWhen the file is executed, the process assumes the id of the owner, yet the owner may not execute it himself.
-rwx rwx rwxchmod g+rThis file is readable by group members.
-rwx rwx rwxchmod g+wThis file is writable by group members.
-rwx rwx rwxchmod g+xThis file is executable by group members.
-rwx rws rwxchmod g+s“setgid”When the file is executed, the process assumes the id of the group.
-rwx rwS rwxchmod g+s,g-xWhen the file is executed, the process assumes the id of the group, yet no member of the group may execute it.
-rwx rwx rwxchmod o+rThis file is readable by others.
-rwx rwx rwxchmod o+wThis file is writable by others.
-rwx rwx rwxchmod o+xThis file is executable by others.
-rwx rwx rwtchmod o+t“sticky bit”Obsolete, originally used to keep the program in virtual memory for faster loading.
-rwx rwx rwTchmod o+t,o-xObsolete; not executable by others.
Directories
drwx rwx rwxchmod u+rThe owner of this directory may read the names of the files and directories in this directory.
drwx rwx rwxchmod u+wThe owner of this directory may create, delete and rename files and directories in this directory.
drwx rwx rwxchmod u+xThe owner of this directory may read data and metadata of files and directories in this directory.
drws rwx rwxchmod u+s“setuid”No effect.
drwS rwx rwxchmod u+s,u-xNo effect.
drwx rwx rwxchmod g+rThe names of the files and directories in this directory are readable by group members.
drwx rwx rwxchmod g+wGroup members may create, delete and rename files and directories in this directory.
drwx rwx rwxchmod g+xGroup members may read data and metadata of files and directories in this directory.
drwx rws rwxchmod g+s“setgid”New files and directories in this directory inherit the the group id of the directory.
drwx rwS rwxchmod g+s,g-xNew files and directories in this directory inherit the the group id of the directory. Group members may not read data and metadata of files in this directory.
drwx rwx rwxchmod o+rOthers may read the names of the files and directories in this directory.
drwx rwx rwxchmod o+wOthers may create, delete and rename files and directories in this directory.
drwx rwx rwxchmod o+xOthers may read data and metadata of files and directories in this directory.
drwx rwx rwtchmod o+t“restricted
deletion flag”
A file or directory in this directory may only be deleted by its owner (, the directory owner and the superuser).
drwx rwx rwTchmod o+t,o-xA file or directory in this directory may only be deleted by its owner (, the directory owner and the superuser). Others may not read data and metadata of files in this directory.

About the cheat sheet

When you execute ls -l you get a list of files in the directory. It shows file type, file permissions and file ownership.

ls -l

Here’s an example result line

-rw-rw-r– 1 patrick www-data 7 feb 20 11:41 hello.txt

-rw-rw-r– are the file permissions, patrick is the file’s owner, and www-data is the file’s group.

File permissions are grouped as follows:

rwx rwx rwxOwner
-rwx rwx rwxGroup
-rwx rwx rwxOthers

You can change the file permissions with the chmod command. For example

chmod +x bin/magentoMakes a file executable, for user, group and other.
chmod g+s pub/mediaMake new files and directories in the directory pub/media inherit the group id of the directory.

References

http://unix.stackexchange.com/questions/79395/how-does-the-sticky-bit-work

https://en.wikipedia.org/wiki/File_system_permissions

https://linux.die.net/man/1/chmod

https://en.wikipedia.org/wiki/Setuid

Geef een antwoord

Het e-mailadres wordt niet gepubliceerd.