Showing posts with label linux file permission. Show all posts
Showing posts with label linux file permission. Show all posts

Friday, 25 December 2015

Default permission of file and directory in Linux / UNIX

What is UMASK

UMASK (User Mask or User file creation MASK) is the default permission of file and directory in Linux or UNIX. There are three types of permission for every file and directory (read, write and execute) for three types of user (Owner, Groups and Others).

[wasi@saidrasel ~]]$ mkdir cde
[wasi@saidrasel ~]]$ touch abc
[wasi@saidrasel ~]$ ls -l abc
-rw-rw-r--. 1 wasi wasi 0 Dec 26 11:12 abc

In the above example

  • User (wasi) has read,write permission
  • Group has read, write permission
  • Others have read permission

Three file permissions:

read: permission to read the contents of file.
write: permission to write to the file.
execute: permission to execute the file as a program/script.

Three directory permissions:

read: permission to read the contents of directory ( view files and sub-directories in that directory ).
write: permission to write in to the directory. ( create files and sub-directories in that directory )
execute: permission to enter into that directory.

Numeric values for the read, write and execute permissions:
read--4
write--2
execute--1

[wasi@saidrasel ~]$ ls -l abc
-rw-rw-r--. 1 wasi wasi 0 Dec 26 11:12 abc
drwxrwxr-x. 2 wasi wasi 6 Dec 26 11:31 cde

So the numeric value permission for this file is-- 4+2 4+2 4 --->664
and the numeric value permission for the directory is-- 4+2+1 4+2+1 4+1 --->775

Umask is responsible for the default permission

[wasi@saidrasel ~]$ umask
0002
[wasi@saidrasel ~]$

Final default permission for a file is calculated as shown below:

Default file permission: 666
Default umask : 002
Final default file permission: 664 (666-002)

Final default permission for a directory is calculated as shown below:

Default directory permission: 777
Default umask: 002
Final default directory permission: 775 (777-002)

We can find umask value setting from /etc/bashrc or /etc/profile


How to set access permission in a file for specific user in Linux

Files and directories have permission sets for the owner of the file, the group associated with the file, and all other users for the system. However, these permission sets have limitations. For example, different permissions cannot be configured for different users. Thus, Access Control Lists (ACLs) were implemented.

[root@saidrasel]# ll a
-rw-r--r--. 1 root root 0 Dec 25 22:56 a

Above permission means ---file owner is root have permission rw (read,write), group root have permission r (read) and other have permission r (read). Following example showing in details

[root@saidrasel]# getfacl a
# file: a
# owner: root
# group: root
user::rw-
group::r--
other::r--

Now we will set permission in file a for specific user wasi, so for this we need to create a user named wasi

[root@saidrasel]# useradd wasi
[root@saidrasel]# passwd wasi
Changing password for user wasi.
New password: 

Now we will set rwx (read,write and execute) permission for new user wasi

[root@saidrasel]# setfacl -m u:wasi:rwx a
or
[root@saidrasel]# setfacl -m u:wasi:rwx /root/Desktop/a       [for absolute path]

 Now we can check the permission of file a for user wasi

[root@saidrasel]# getfacl a
# file: a
# owner: root
# group: root
user::rw-
user:wasi:rwx
group::r--
mask::rwx
other::r--

[root@saidrasel]#

Thats it..........