Skip to main content

Controlling File and Directory Permissions

Granting ownership to specific user

chmod $USER $FILE
chmod kg /etc/hosts

Granting ownership to specific group

chgrp $GROUP $FILE

Checking permissions

ls -l /path/to/dir

Taking an example value of drwxrwxrwx+, the meaning of each character is explained in the following tables:

d The file type, technically not part of its permissions. See info ls -n "What information is listed" for an explanation of the possible values.

rwx The permissions that the owner has over the file.

rwx The permissions that the group has over the file.

rwx The permissions that all the other users have over the file.

+ A single character that specifies whether an alternate access method applies to the file. When this character is a space, there is no alternate access method. A . character indicates a file with a security context, but no other alternate access method. A file with any other combination of alternate access methods is marked with a + character, for example in the case of Access Control Lists.

Changing Permissions

Only the file owner or root can change permissions.

Can be changed using digits: alt

Or using UGO (user, group, other):

+ - add permission - - removes permission = - sets permission

Remove permission for user u for file:

chmod u-w /etc/hosts

Remove permission for group g for file:

chmod g-w /etc/hosts

Changing Default Permissions

unmask takes the Linux base permissions and subtracts the unmask values to set the default permissions.

Each user can set a personal default umask value for the files and directories in their personal ~/.profile file. To see the current value when logged on as the user, simply enter the command umask and note what is returned.

SUID/SGID bits

We can grant temporary root access to a user or group by setting the appropriate bit.

To set the SUID bit, add a 4 to the beginning of the permission:

chmod 4644 /path/to/file

To set the SGID bit, add a 2:

chmod 2644 /path/to/file

We can look for all files that have these bits set:

find / -user root -perm 4000
find / -user root -perm 2000

When the SUID bit is set, we will see it as an s instead of x when checking the permission of the file:

-rwxr-xr-x 1 root root 26696 Mar 17 2020 sucrack
-rwsr-xr-x 1 root root 140944 Jul 5 2020 sudo