Information Technology Reference
In-Depth Information
Using
u+x
adds execution permissions to the user,
g-w
, removes write per-
mission from the group, and
o=r
sets only read access to other (that is, it
removes any other permissions).
The
ls(1)
command uses something similar to symbolic mode to represent
file access modes. The following listing shows the output of an
ls
command:
# ls -l
total 2
-rw-rw-rw- 1 ambro other 384 Jul 24 11:53 file1
-rwxrw-rw- 1 ambro other 1237 Jul 24 11:53 file2
-rw-r--r-- 1 ambro other 23678 Jul 24 11:53 file3
#
The
ls
command lists three sets of
rwx
permissions: one for user, one for
group, and one for other. In the absence of a permission, the “
-
” character is
displayed. In the previous listing, the file named
file1
has read/write access
for user, group, and other (absolute mode of 666). The file named
file2
has
read/write/execute for user and read/write for group and other (absolute
mode of 766). The file named
file3
has read/write for user and read only for
group and other (absolute mode of 644). Using the
ls
command to list file
permissions is discussed in detail later in this chapter.
Default File Permissions
When a file is created, a set of default permissions are assigned to it. The
default permissions are defined using the
umask(1)
command. The
umask
command sets a mask of the permissions that should
not
be included in the
file access mode by default.
For example, to allow full permission for owner and to remove write per-
mission for group and others, the
umask
would be 022. This means that a file
created with an access mode of 666 will have the umask of 022 subtracted
from its access mode (666 - 022 = 644), which removes write for group and
others. The
umask
command should be added to the contents of the user's
login initialization file to provide a consistent permission mask.
The following listing shows the impact of the
umask
command on created
files and directories.
# umask 022
# >file1
# mkdir dir1
# ls -l
total 2
drwxr-xr-x 2 root other 512 Jun 30 02:28 dir1
-rw-r--r-- 1 root other 0 Jun 30 02:28 file1