Linux notebook / Shell

Apache Awk Bash C cftp daemontools DHCP djbdns DNS Emacs Email ezmlm Fetchmail find GDB Hardware HTML HTTP Intro ISDN less Make Math mc mirrordir MySQL Peripherals Perl PHP3 pppd qmail Regexps Shell System Tables test To do Typical ucspi-tcp Versions Index TCP/IP slides

Shell

File permissions

Oneliners

top

Octal file permissions

Value in mode Corresponding permission ls -l display

Other users not in the file's group

1 Execute - --- --- --x

2 Write - --- --- -w-

4 Read - --- --- r--

Other users in the file's group

10 Execute - --- --x ---

20 Write - --- -w- ---

40 Read - --- r-- ---

The file's owner

100 Execute - --x --- ---

200 Write - -w- --- ---

400 Read - r-- --- ---

Special permissions

1000 Save text image on swap device
(aka sticky bit) - --- --- --t

2000 Set group ID on execution - --- --s ---

4000 Set user ID on execution - --s --- ---

Permission flags/access matrix

Value in mode Description Regular file Directory

4000 Set user ID Set effective user ID on execution (not used)

2000 Set group ID If group execute bit set (10) then
set effective group ID on execution
else
mandatory record locking
Set group ID on new files created to the group ID of the directory

1000 Sticky bit Save program text in swap area (if supported) Restrict removal and renaming of files in directory

400 User read User permission to read file User permission to read directory entries

200 User write User permission to write file User permission to delete and create files in directory

100 User execute User permission to execute file User permission to search for a given pathname in directory

40 Group read Group permission to read file Group permission to read directory entries

20 Group write Group permission to write file Group permission to delete and create files in directory

10 Group execute Group permission to execute file Group permission to search for a given pathname in directory

4 Others read Others permission to read file Others permission to read directory entries

2 Others write Others permission to write file Others permission to delete and create files in directory

1 Others execute Others permission to write file Others permission to search for a given pathname in directory

Permission summary

Operation Required permissions

Creating a file Write and execute permission in directory

Reading a file Read permission on file and execute permission in all directories in the file's pathname.
For example, to open the file /usr/dict/words execute permission is required for directories /, usr and dict. Then we need read permission for the file words

Writing to file Write permission on file and execute permission in all directories in the file's path

Deleting a file Write permission in directory and execute permission in all directories in the file's path.
Note that we don't need any permissions on the file

Listing directory Read permission in directory

Visiting directory Execute permission in directory

Permission examples

Assuming a directory and file as below, a regular user (not root) gets the following results for the given commands:

Command Result

drwx------ 2 root root 1024 xxx xx xx:xx example/
-rw------- 1 root root 4096 xxx xx xx:xx example/testfile

ls /example Permission denied

cat /example/testfile Permission denied

rm /example/testfile Permission denied

echo probe > /example/testfile Permission denied

drwxrwxrwx 2 root root 1024 xxx xx xx:xx example/
-rw------- 1 root root 4096 xxx xx xx:xx example/testfile

ls /example OK

cat /example/testfile Permission denied

rm /example/testfile OK

echo probe > /example/testfile OK

drwxrwxrwx 2 root root 1024 xxx xx xx:xx example/
-rw-rw-rw- 1 root root 4096 xxx xx xx:xx example/testfile

ls /example OK

cat /example/testfile OK

rm /example/testfile OK

echo probe > /example/testfile OK

dr-xr-xr-x 2 root root 1024 xxx xx xx:xx example/
-rw------- 1 root root 4096 xxx xx xx:xx example/testfile

ls /example OK

cat /example/testfile Permission denied

rm /example/testfile Permission denied

echo probe > /example/testfile Permission denied

Value in mode	Corresponding permission	ls -l display
Other users not in the file's group
1	Execute	`- --- --- --x`
2	Write	`- --- --- -w-`
4	Read	`- --- --- r--`
Other users in the file's group
10	Execute	`- --- --x ---`
20	Write	`- --- -w- ---`
40	Read	`- --- r-- ---`
The file's owner
100	Execute	`- --x --- ---`
200	Write	`- -w- --- ---`
400	Read	`- r-- --- ---`
Special permissions
1000	Save text image on swap device (aka sticky bit)	`- --- --- --t`
2000	Set group ID on execution	`- --- --s ---`
4000	Set user ID on execution	`- --s --- ---`

Value in mode	Description	Regular file	Directory
4000	Set user ID	Set effective user ID on execution	(not used)
2000	Set group ID	If group execute bit set (10) then set effective group ID on execution else mandatory record locking	Set group ID on new files created to the group ID of the directory
1000	Sticky bit	Save program text in swap area (if supported)	Restrict removal and renaming of files in directory
400	User read	User permission to read file	User permission to read directory entries
200	User write	User permission to write file	User permission to delete and create files in directory
100	User execute	User permission to execute file	User permission to search for a given pathname in directory
40	Group read	Group permission to read file	Group permission to read directory entries
20	Group write	Group permission to write file	Group permission to delete and create files in directory
10	Group execute	Group permission to execute file	Group permission to search for a given pathname in directory
4	Others read	Others permission to read file	Others permission to read directory entries
2	Others write	Others permission to write file	Others permission to delete and create files in directory
1	Others execute	Others permission to write file	Others permission to search for a given pathname in directory

Operation	Required permissions
Creating a file	Write and execute permission in directory
Reading a file	Read permission on file and execute permission in all directories in the file's pathname. For example, to open the file /usr/dict/words execute permission is required for directories /, usr and dict. Then we need read permission for the file words
Writing to file	Write permission on file and execute permission in all directories in the file's path
Deleting a file	Write permission in directory and execute permission in all directories in the file's path. Note that we don't need any permissions on the file
Listing directory	Read permission in directory
Visiting directory	Execute permission in directory

Command	Result
drwx------ 2 root root 1024 xxx xx xx:xx example/ -rw------- 1 root root 4096 xxx xx xx:xx example/testfile
ls /example	Permission denied
cat /example/testfile	Permission denied
rm /example/testfile	Permission denied
echo probe > /example/testfile	Permission denied
drwxrwxrwx 2 root root 1024 xxx xx xx:xx example/ -rw------- 1 root root 4096 xxx xx xx:xx example/testfile
ls /example	OK
cat /example/testfile	Permission denied
rm /example/testfile	OK
echo probe > /example/testfile	OK
drwxrwxrwx 2 root root 1024 xxx xx xx:xx example/ -rw-rw-rw- 1 root root 4096 xxx xx xx:xx example/testfile
ls /example	OK
cat /example/testfile	OK
rm /example/testfile	OK
echo probe > /example/testfile	OK
dr-xr-xr-x 2 root root 1024 xxx xx xx:xx example/ -rw------- 1 root root 4096 xxx xx xx:xx example/testfile
ls /example	OK
cat /example/testfile	Permission denied
rm /example/testfile	Permission denied
echo probe > /example/testfile	Permission denied

Various useful command forms

To extract the currently existing interface IP addresses

ifconfig|grep inet|cut -f 2 -d :|cut -f 1 -d ' '

To extract part of the existing interface IP addresses

ifconfig|grep inet|cut -f 2 -d :|cut -f 1,2,3 -d '.'

To find the most recent file in the given directory

ls -t|head -1

To create a link on the given directory for the given file (can use multiple files)

ln -s file dir

To create a link named link_to_be_created to the file named file_to_be_linked

ln -s file_to_be_linked link_to_be_created

To refer the previous working directory (OLDPWD qv)

ls ~-

To change to the previous working directory

cd -

To show the shared libraries required by program

ldd program

To remove debug information from program

strip program

To show network statistics once a second

netstat -c

To display top processes every few seconds

top

To convert DOS/Windows text files to Linux/Unix format (delete CRs)

tr -d '\r' <filein >fileout

To capture a sequence of commands and results, start a new shell section with the following command, which will create the file example with all the commands and results. Use C-d to terminate

script example

To list all the subdirectories in the current directory, use

ls -F|grep /$

To find the process ID of a process named example, use

pidof example

To add a timestamp to the file named example, use

mv example example.`date -r example +%Y%m%d%H%M`

Last update: Wed, 2 Nov 2005 10:16:21 GMT

top