Access Rights

chmod

  • Changes the access rights of a file.
Octal
chmod [-R] [0..7][0..7][0..7][0..7] <file>
  • The octal values, listed from left to right below, are the sum of the numeric values for the following desired options:
  • Special attributes:  4: SUID; 2: SGID; 1: sticky bit
  • Owner rights:  4: read; 2: write; 1: execute
  • Group rights:  4: read; 2: write; 1: execute
  • Other rights:  4: read; 2: write; 1: execute
  • -R: Recursive
Symbolic
chmod [-R,-f,...] [ugoa]*[+-=][rwxXstugo]*[,...]* <file>
  • -R: Recursive (ignores symbolic links)
  • -f: Suppress most error messages
  • u: User who owns it
  • g: Other users in the group
  • o: Other users not in the group
  • a: All users
  • <none>: All users, but the bits that are set in the user's umask are not affected.
  • +: Permission added
  • -: Permission removed
  • =: Permission set as
  • r: Read / view the directory
  • w: Write / add and delete files in the directory
  • x: Execute / enter the directory
  • X: Execute / enter the directory (applies to directories, or to files with any x bit already set)
  • s: SUID / SGID (set user / group ID on execute)
  • t: Sticky bit
  • u: Existing file rights for the owner
  • g: Existing file rights for the group
  • o: Existing file rights for others
Examples
# Give all users rwx access to /tmp directory
chmod 777 /tmp
# Give all users rw access to the first floppy drive
chmod a+rw /dev/fd0
# Gives users in the group full access to all files and directories under the home directory
chmod -Rf g=rwxX /home/*

# Recursively give the group w access for the current directory
chmod -R g+w .
# Recursively give the group w access for the MyDir directory
chmod -R g+w MyDir
# Recursively change all directories to 775 and files to 664
find -name "*" -type d -exec chmod 775 {} \;
find -name "*" -type f -exec chmod 664 {} \;

chown

chown [-R] <owner>[.<group>] <file>
  • changes the owner of a file (and optionally the group)

chgrp

chgrp [-R] <group> <file>
  • Changes the group of a file.

install

install [-m mode] [-o owner] [-g group] [-p] <source> <dest>
  • Copy files and set the access rights

umask

  • Sets the default access rights for new files and directories.
Octal
umask [0..7][0..7][0..7]
  • The three digits (having a value >= 0 and <= 7) represent the inverse binary value of the default access rights for the owner of a new file or directory, others in the group, and others not in the group, respectively.
Symbolic 
umask u=[rwx]*,g=[rwx]*,o=[rwx]*
  • Sets the default access rights for new files and directories.
Examples
# Let the owner and others in the group have full r/w/execute access to new files
# and directories, and others not in the group have r/execute access.
umask u=rwx,g=rwx,o=rx
# Let the owner and others in the group have full r/w/execute access to new files
# and directories, and others not in the group have r/execute access.
umask 002
# Display the current umask setting in symbolic form.
umask -S
# Display the current umask setting in octal form.
umask

sudo

sudo <command>
  • Run commands specified in the sudoers file.

/etc/sudoers

Defaults:<user> <options>
<options>
  • runaspw  : Requires the user to enter the root password, rather than their own password
  • timestamp_timeout=<n>
  • n > 0: The password will be remembered for n minutes (default: 5)
  • n = 0: The password will not be remembered
  • n = -1: The password, once entered, will never be needed again
  • passwd_tries=<n>  : Number of chances the user has to correctly enter the password (default: 3)
<user> <machine>=(<users>) [NOPASSWD:] <commands>
<machine>
  • Which machines the user can perform commands on (ALL; localhost; ...)
<users>
  • Which users the user can perform commands as (ALL; user1, user2; ...)
<commands>
  • Which commands the user can perform (ALL; /path1/cmd1, /path2/cmd2; /path1/, /path2/)
Usage
  • Use "/usr/sbin/visudo" to edit the file (as root).