question on higher-level directory permission settings
if I want to share a directory with some other user who do not share any group with me, do all directories above it have o+rx?
for example, if I want to share /home/my/trade-secret/publisized/declassifed.txt with all other users, it appears the directory trade-secret must also have o+rw permission set or other wise even if publisized/ has 777, users won't be able to access it. but a more important question is, if I want to protect stuff from a certain directory and downwards, e.g. /home/my/grandmas_recipes is it good enough (and safe enough) to set permission o-rwx on the directory grandma_recipes/, and I dont' have to recursively set the permission on all subdirectories I know this is a very newbie question, but strange enough, I never knew the exact answers. Thanks! |
Perhaps an example may be of use.
I have a directory named /spares -- the name is not relevant, it could be anything. The permission mask for this directory is Code:
drwxrwxr-x 25 root users 4096 Feb 14 12:55 spares/ The entire directory looks like this: Code:
ls -al /spares The owner, trona just happens to be me, so I can write in those directories; the permission mask for those directories is a good default of 755. Why is 755 a good default? It means read-write for owner, read for group, read for public; i.e., nobody can write in it but me but everybody else can read the content. If I wanted to keep public from reading, I'd use a mask of 750. If I wanted to keep the group and the public from reading, I'd use a mask of 700. So, if you wanted to keep everybody but you out of grandma_recipes, you'd do Code:
chmod 700 grandma_recipes Code:
chmod 750 grandma_recipes Code:
chmod 755 grandma_recipes Now, that's directories. Files are a different story. You make a file executable with Code:
chmod 755 file_name Code:
chmod 644 file_name Code:
chmod 660 file_name Code:
chmod 666 file_name And, last but not least, you own it and everybody can read only Code:
chmod 444 file_name When you initially create a directory or file, the system-wide umask value sets the permission mask; a pretty standard, widely-used value for umask is display with Code:
usmask That sets newly-created directories 755 and file 644 and is a pretty good default for all files and directories you may create. After creating something you can restrict or add permissions as described above, but, generally, a value of 0022 is just about right in most cases. Hope this helps some. |
These might also help you:
http://mywiki.wooledge.org/Permissions http://www.grymoire.com/Unix/Permissions.html |
thank you so much for the long and detailed explanation on file and directory permissions, tronayne. likewise, i also find the numbers easier to remember than characters in most cases, except when I want to do a batch job of enabling and/or disable certain permissions, but the existing permissions are different on the dirs and files, then the ugoa+/-rwx is much better since they preserve the existing permissions.
so take the grandma's recipe case as an example again. say my grandma has a million-dollar worth of chicken noodle soup recipe which resides in the directory: /home/my/grandmas_recipes/chicken_noodle_soup/ingredients.txt and chicken_noodle_soup/ has permission 755 by default as well as the file ingredients.txt if I set grandmas_recipes/ to 700, without setting chicken_noodle_soup/ to 700 (so it remains in 755), will others be able to read the ingredients.txt file and steal the recipe? |
Quote:
But, keep it even simpler, set all the directories to 755 (the default when created) and set ingredients.txt to 400 (or 600) will accomplish what you want. At 600, the owner (I'm assuming you) will be able to read and write and nobody else will be able to access it; they'll be able to see the file name but will get Code:
cat ingredients.txt Hope this helps some. |
All times are GMT -5. The time now is 08:27 AM. |