Code-Memo

File permissions and ACLs

Traditional permissions

Three classes:

• user (u)
• group (g)
• others (o)

Three permissions:

• read (r), write (w), execute (x)

Inspect:

ls -l
stat file

Change:

chmod 640 file
chmod u+x script.sh
chown alice:devops file

Special bits

• setuid (u+s): run as file owner
• setgid (g+s): run as file group / inherit group on directories
• sticky (+t): only owner can delete in a directory (e.g. /tmp)

chmod u+s /path/to/binary
chmod g+s /shared/dir
chmod +t /shared/dir

ACLs (fine-grained permissions)

View:

getfacl file

Set:

setfacl -m u:alice:rwx file
setfacl -m g:devops:rx dir

Default ACLs for new files in a directory:

setfacl -d -m g:devops:rwX dir

Notes

• ACLs are useful when one extra user/group needs access without changing ownership
• Be careful: ACLs can make effective permissions less obvious than ls -l

Related

• Permissions and ownership