Perhaps it would be useful to explore some basics about permissions.
Generally, directories are created with a default mask 755 and files are created with a default mask of 644; that is a directory will be
Code:
drwxr-xr-x 2 owner group 4096 Jan 13 2010 test/
and files will be
Code:
-rw-r--r-- 1 owner group 1484 Oct 26 2009 testing.sql
There are three groups of permissions, owner, group and public (reading left to right).
Now, in the case of a file, the owner can read it and write to it (as in using an editor to change the content or removing it entirely), the group can read it (only) and public (anybody else) can read it (only). The three digits are owner, group, public.
If you want to make a file executable (it's a shell or binary program), you would
Which would then be
Code:
-rwxr-xr-x 1 owner group 8336 Nov 1 2009 file*
That is, read, write, execute for the owner, read, execute for the group, and execute for anybody else.
Again, the defaults are 755 for directories, 644 for files (on most systems).
Now,
owner is the user account name -- the log in name -- of an individual user that created or has been assigned as owner. Group is the default group that all users belong to (it's usually
users). The way you use group identities is that any user can belong to one or more groups and you can add specific user accounts to additional group(s) so they can access thing you don't want just everybody to get at.
The permission are called a
mask and keep in mind that permission on a directory are different from those of a file; here's some masks for directories:
- 755 - owner: read, write, execute; group read, execute; public read, execute
750 - owner: read, write, execute; group read, execute; public none
775 - owner: read, write, execute; group read, write, execute; public read, execute
770 - owner: read, write, execute; group read, write, execute; public none
Generally, you'd leave a directory at 755 unless you had a specific reason not to.
Files:
- 644 - owner: read, write; group: read; public: read
640 - owner: read, write; group: read; public: none
755 - owner: read, write, execute; group: read, execute; public read, execute
750 - owner: read, write, execute; group: read, execute; public none
775 - owner: read, write, execute; group: read, write, execute; public read, execute
See how it work? If you did 666 on a file that's read, write for everybody; 600 on a file is read, write for the owner and nobody else can see anything. 777 on a directory is read, write, execute for everybody (and you really don't usually want to do that).
Now, what's an easy way to set permission on mass?
We have a couple of nifty utilities for doing that; one is the
find utility. As the name implies,
find, uh, finds things (like files and directories). Say you want to find all the files in your directory tree:
Code:
find /mnt/AMYQ/SECTEC/MACROS -type f
You'll see a list of only the files (preceded by
/mnt/AMYQ/SECTEC/MACROS/). Better would be
Code:
cd /mnt/AMYQ/SECTEC/MACROS/
find . -type f
Let's say you want to change the access permission of every file so they're the default 644 permission:
Code:
cd /mnt/AMYQ/SECTEC/MACROS/
find . -type f -exec chmod 644 {}\;
Or, if you wanted to change the access permission of every file so they're executable (755):
Code:
cd /mnt/AMYQ/SECTEC/MACROS/
find . -type f -exec chmod 755 {}\;
What to change the owner or group name?
Code:
cd /mnt/AMYQ/SECTEC/MACROS/
find . -type f -exec chown user.group {}\;
You'd do the same thing with directories:
Code:
cd /mnt/AMYQ/SECTEC/MACROS/
find . -type d -exec chmod 755 {}\;
You may have figured out that the "find dot" is start in the current directory.
Might be a little easier than fiddling around with
setfacl?
Oh, yeah, if you set either a directory or file with a mask of 000, well, it is inaccessible by anybody (except root) and ain't a good idea to be doing that.
Hope this helps some.
Trouble regarding unix permissions (bug maybe?)
