FILE PERMISSIONS:
--------------------------------
There are 3 fields, owner, group and other :
owner group other
rwx rwx rwx
421 421 421
7 7 7
rwx r-- r--
421 4-- 4--
7 4 4
rw- r-- r--
42- 4-- 4--
6 4 4
SUMMARY (from man page listed below):
-r-------- Read by owner
--w------- Write by owner
---x------ Execute (or search directory) by owner; do not set
user ID on execution
---s------ Execute/search by owner; set user ID on execution
---S------ No execute/search by owner; set user ID on
execution
----r----- Read by group
-----w---- Write by group
------x--- Execute/search by group; do not set group ID on
execution
------s--- Execute/search by group; set group ID on execution
------S--- No execute/search by group; set group ID on
execution
-------r-- Read by others
--------w- Write by others
---------x Execute/search by others; do not set sticky bit on
execution
---------t Execute/search by others; set sticky bit on
execution
---------T No execute/search by others; set sticky bit on
execution
NOTE: a file owned by root should NEVER be set with "w" permission in "other".
--------------------------------------------------------------------------------------------------------------------------------
to change the permission add the bits to find the value desired
and use the chmod command, examples:
chmod 1777 file1
-rwxrwxrwt 1 root sys 0 Aug 7 11:41 file1
chmod 1755 file2
-rwxr-xr-t 1 root sys 0 Aug 7 11:41 file2
chmod 2644 file3
-rw-r-Sr-- 1 root sys 0 Aug 7 11:41 file3
chmod 2777 file4
-rwxrwsrwx 1 root sys 0 Aug 7 11:41 file4
chmod 3777 file5
-rwxrwsrwt 1 root sys 0 Aug 7 11:41 file5
chmod 3644 file6
-rw-r-Sr-T 1 root sys 0 Aug 7 11:41 file6
chmod 4640 file7
-rwSr----- 1 root sys 0 Aug 7 11:41 file7
chmod 5666 file8
-rwSrw-rwT 1 root sys 0 Aug 7 11:41 file8
chmod 6777 file9
-rwsrwsrwx 1 root sys 0 Aug 7 11:41 file9
=========================================================================
chmod(1) chmod(1)
NAME
chmod - change file mode access permissions
SYNOPSIS
/usr/bin/chmod [-A] [-R] symbolic_mode_list file ...
Obsolescent form:
/usr/bin/chmod [-A] [-R] numeric_mode file ...
DESCRIPTION
The chmod command changes the permissions of one or more files
according to the value of symbolic_mode_list or numeric_mode. You can
display the current permissions for a file with the ls -l command (see ls(1)).
Symbolic Mode List
A symbolic_mode_list is a comma-separated list of operations in the
following form. Whitespace is not permitted.
[who]op[permission][,...]
The variable fields can have the following values:
who One or more of the following letters:
u Modify permissions for user (owner).
g Modify permissions for group.
o Modify permissions for others.
a Modify permissions for all users (a is
equivalent to ugo).
op Required; one of the following symbols:
+ Add permission to the existing file mode
bits of who.
- Delete permission from the existing file
mode bits of who.
= Replace the existing mode bits of who with
permission.
permission One or more of the following letters:
r Add or delete the read permission for who.
w Add or delete the write permission for who.
x Add or delete the execute file (search
directory) permission for who.
s Add or delete the set-owner-ID-on-file-
execution or set-group-ID-on-file-execution
permission for who. Useful only if u or g
is expressed or implied in who.
t Add or delete the save-text-image-on-file-
execution (sticky bit) permission. Useful
only if u is expressed or implied in who.
See chmod(2).
X Conditionally add or delete the
execute/search permission as follows:
+ If file is a directory, add or delete
the search permission to the existing
file mode for who. (Same as x.)
+ If file is not a directory, and the
current file permissions include the
execute permission (ls -l displays an x
or an s) for at least one of user,
group, or other, then add or delete the
execute file permission for who.
+ If file is not a directory, and no
execute permissions are set in the
current file mode, then do not change
any execute permission.
Or one only of the following letters:
u Copy the current user permissions to who.
g Copy the current group permissions to who.
o Copy the current other permissions to who.
The operations are performed in the order specified, and can override
preceding operations specified in the same command line.
If who is omitted, the r, w, x, and X permissions are changed for all
users if the changes are permitted by the current file mode creation
mask (see umask(1)). The s and t permissions are changed as if a was
specified in who.
Omitting permission is useful only when used with = to delete all
permissions.
Numeric Mode (Obsolescent)
Absolute permissions can be set by specifying a numeric_mode, an octal
number constructed from the logical OR (sum) of the following mode
bits:
Miscellaneous mode bits:
4000 (= u=s) Set user ID on file execution (file only)
2000 (= g=s) Set group ID on file execution (file only)
1000 (= u=t) Set sticky bit; see below and chmod(2)
Permission mode bits:
0400 (= u=r) Read by owner
0200 (= u=w) Write by owner
0100 (= u=x) Execute (search in directory) by owner
0040 (= g=r) Read by group
0020 (= g=w) Write by group
0010 (= g=x) Execute/search by group
0004 (= o=r) Read by others
0002 (= o=w) Write by others
0001 (= o=x) Execute/search by others
Options
-A Preserve any optional access control list (ACL) entries
associated with the file (HFS file systems only). By
default, in conformance with the IEEE Standard POSIX
1003.1-1988, optional HFS ACL entries are deleted. For JFS
ACLs, this option has no effect, because optional JFS ACL
entries are always preserved. For information about access
control lists, see acl(5) and aclv(5).
-R Recursively change the file mode bits. For each file
operand that names a directory, chmod alters the file mode
bits of the named directory and all files and subdirectories
in the file hierarchy below it.
Only the owner of a file, or a user with appropriate privileges, can
change its mode.
Only a user having appropriate privileges can set (or retain, if
previously set) the sticky bit of a regular file.
If the sticky bit is set on a directory, files inside the directory
may be renamed or removed only by the owner of the file, the owner of
the directory, or the superuser (even if the modes of the directory
would otherwise allow such an operation).
In order to set the set-group-ID bit, the group of the file must
correspond to your current group ID.
If chmod is used on a symbolic link, the mode of the file referred to
by the link is changed.
--------------------------------------------------------------------------------------------------------------------------------
EXAMPLES
Deny write permission to others:
chmod o-w file
Make a file executable by everybody:
chmod a+x file
Assign read and execute permission to everybody, and set the set-
user-ID bit:
chmod a=rx,u+s file
Assign read and write permission to the file owner, and read
permission to everybody else:
chmod u=rw,go=r file
or the obsolescent form:
chmod 644 file
Traverse a directory subtree making all regular files readable by user
and group only, and all executables and directories executable
(searchable) by everyone:
chmod -R ug+r,o-r,a+X pathname
If the current value of umask is 020 (umask -S displays
u=rwx,g=rx,o=rwx; do not change write permission for group) and the
current permissions for file mytest are 444 (a=r), displayed by ls -l
as -r--r--r--, then the command
chmod +w mytest
sets the permissions to 646 (uo=rw,g=r), displayed by ls -l as
-rw-r--rw-.
If the current value of umask is 020 (umask -S displays
u=rwx,g=rx,o=rwx; do not change write permission for group) and the
current permissions for file mytest are 666 (a=rw), displayed by ls -l
as -rw-rw-rw-, then the command
chmod -w mytest
sets the permissions to 464 (uo=r,g=rw), displayed by ls -l as
-r--rw-r--.
DEPENDENCIES
The -A option causes chmod to fail on file systems that do not support ACLs.
AUTHOR chmod was developed by AT&T and HP.
SEE ALSO chacl(1), ls(1), umask(1), chmod(2), acl(5), aclv(5).
======================================================================
Hewlett-Packard Company - 5 - HP-UX Release 11i: November 2000
ls(1) ls(1)
NAME
ls, lc, l, ll, lsf, lsr, lsx - list contents of directories
SYNOPSIS
ls [-abcdefgilmnopqrstuxACFLR1] [names]
lc [-abcdefgilmnopqrstuxACFLR1] [names]
l [ls_options] [names]
ll [ls_options] [names]
lsf [ls_options] [names]
lsr [ls_options] [names]
lsx [ls_options] [names]
DESCRIPTION
For each directory argument, the ls command lists the contents of the
directory. For each file argument, ls repeats its name and any other
information requested. The output is sorted in ascending collation
order by default (see Environment Variables below). When no argument
is given, the current directory is listed. When several arguments are
given, the arguments are first sorted appropriately, but file
arguments appear before directories and their contents.
If you are a user with appropriate privileges, all files except . and
.. are listed by default.
There are three major listing formats. The format chosen depends on
whether the output is going to a login device (determined by whether
output device file is a tty device), and can also be controlled by
option flags. The default format for a login device is to list the
contents of directories in multicolumn format, with entries sorted
vertically by column. (When individual file names (as opposed to
directory names) appear in the argument list, those file names are
always sorted across the page rather than down the page in columns
because individual file names can be arbitrarily long.) If the
standard output is not a login device, the default format is to list
one entry per line. The -C and -x options enable multicolumn formats,
and the -m option enables stream output format in which files are
listed across the page, separated by commas. In order to determine
output formats for the -C, -x, and -m options, ls uses an environment
variable, COLUMNS, to determine the number of character positions
available on each output line. If this variable is not set, the
terminfo database is used to determine the number of columns, based on
the environment variable TERM. If this information cannot be
obtained, 80 columns is assumed.
The command lc functions the same as ls except that the lc default
output is columnar, even if output is redirected.
Options
ls recognizes the following options:
-a List all entries; usually entries whose names begin with a
period (.) are not listed.
-b List nonprinting characters in the octal \ddd notation.
-c Use time of last modification of the inode (file created,
mode changed, etc.) for sorting (-t) or printing (-l (ell)).
-d If an argument is a directory, list only its name (not its
contents); often used with -l (ell) to get the status of a
directory.
-e List the extent attributes of the file. If any of the files
has a extent attribute, this option lists the extent size,
space reserved and allocation flags. This option must be
used with the -l (ell) option.
-f Interpret each argument as a directory and list the name
found in each slot. This option disables -l (ell), -r, -s,
and -t, and enables -a; the order is the order in which
entries appear in the directory.
-g Same as -l (ell), except that only the group is printed
(owner is omitted). If both -l (ell) and -g are specified,
the owner is not printed.
-i For each file, list the inode number in the first column of
the report. When used in multicolumn output, the number
precedes the file name in each column.
-l (ell) List in long format, giving mode, number of links,
owner, group, size in bytes, and time of last modification
for each file (see further DESCRIPTION and Access Control
Lists below). If the time of last modification is greater
than six months ago, or any time in the future, the year is
substituted for the hour and minute of the modification
time. If the file is a special file, the size field
contains the major and minor device numbers rather than a
size. If the file is a symbolic link, the filename is
printed, followed by -> and the pathname of the referenced
file.
-m Stream output format.
-n The same as -l, (ell) except that the owner's UID and
group's GID numbers are printed, rather than the associated
character strings.
-o The same as -l, (ell) except that only the owner is printed
(group is omitted). (If both -l (ell) and -o are specified,
the group is not printed).
-p Put a slash (/) after each file name if that file is a
directory.
-q List nonprinting characters in file names as the character
(?).
-r Reverse the order of sort to get reverse (descending)
collation or oldest first, as appropriate.
-s List size in blocks, including indirect blocks, for each
entry. The first entry listed is the total number of blocks
in the directory. When used in multicolumn output, the
number of blocks precedes the file name in each column. The
number of indirect blocks in a file is filesystem dependent.
-t Sort by time modified (latest first) before sorting
alphabetically.
-u Use time of last access instead of last modification for
sorting (-t option) or printing (-l (ell) option).
-x List multicolumn output with entries sorted across rather
than down the page.
-A The same as -a, except that the current directory . and
parent directory .. are not listed. For a user with
appropriate privileges, this flag defaults to on, and is
turned off by -A.
-C List multicolumn output with entries sorted down the
columns.
-F After each file name, put one of:
+ A slash (/) if the file is a directory or a symbolic link
to a directory.
+ An asterisk (*) if the file is executable;
+ An at-sign (@) if the file is a symbolic link to a file;
+ A vertical bar (|) if the file is a fifo.
-L If the argument is a symbolic link, list the file or
directory to which the link refers rather than the link
itself.
-R Recursively list subdirectories encountered.
-1 (one) List the file names in single column format regardless
of the output device. This forces single column format to
the user's terminal.
Specifying more than one of the options in the following mutually
exclusive pairs is not considered an error: -C and -l (ell), -m and -l
(ell), -x and -l (ell), -C and -1 (one), and -c and -u.
ls is known by several shorthand-version names for the various
formats:
l is equivalent to ls -m
ll is equivalent to ls -l (ell)
lsf is equivalent to ls -F
lsr is equivalent to ls -R
lsx is equivalent to ls -x
The shorthand notations are implemented as links to ls. Option
arguments to the shorthand versions behave exactly as if the long form
above had been used with the additional arguments.
Mode Bits Interpretation (-l option)
The mode printed in listings produced by the -l (ell) option consists
of 10 characters, for example, -rwxr-xr-x.
The first character indicates the entry type:
b Block special file
c Character special file
d Directory
l Symbolic link
n Network special file
p Fifo (also called a "named pipe") special file
s Socket
- Ordinary file
The next 9 characters are interpreted as three sets of three
characters each which identify access and execution permissions for
the owner, group, and others categories, as described in chmod(1).
The - indicates the permission is not granted. The various
permissions can be put together in any combination, except that the x,
s, S, t, and T characters are mutually exclusive, as implied below.
-r-------- Read by owner
--w------- Write by owner
---x------ Execute (or search directory) by owner; do not set
user ID on execution
---s------ Execute/search by owner; set user ID on execution
---S------ No execute/search by owner; set user ID on
execution
----r----- Read by group
-----w---- Write by group
------x--- Execute/search by group; do not set group ID on
execution
------s--- Execute/search by group; set group ID on execution
------S--- No execute/search by group; set group ID on
execution
-------r-- Read by others
--------w- Write by others
---------x Execute/search by others; do not set sticky bit on
execution
---------t Execute/search by others; set sticky bit on
execution
---------T No execute/search by others; set sticky bit on
execution
The mode characters are interpreted as follows:
- Deny all permissions in the corresponding position.
r Grant read permission to the corresponding user class.
w Grant write permission to the corresponding user class.
x Grant execute (or search in directory) permission to the
corresponding user class.
s Grant execute (search) permission to the corresponding user
class. Execute the file as if by the owner (set user ID,
SUID) or group (set group ID, SGID), as indicated by
position.
S Deny execute (search) permission to the corresponding user
class. Execute the file as if by the owner (set user ID,
SUID) or group (set group ID, SGID), as indicated by
position.
t Grant execute (search) permission to others. The "sticky"
(save text image) bit is set (see the description of S_ISVTX
in chmod(2)).
T Deny execute (search directory) permission to others. The
"sticky" (save text image) bit is set.
When an option is specified that results in a listing of directory
and/or file sizes in bytes or blocks (such as the -s or -l (ell)
option), a total count of blocks, including indirect blocks, is also
printed at the beginning of the listing.
Access Control Lists (ACLs)
If a file has optional ACL entries, the -l (ell) option displays a
plus sign (+) after the file's permissions. The permissions shown are
a summary representation of the file's access control list, as
returned by stat() in the st_mode field (see stat(2)). To list the
contents of an access control list, use the lsacl command (see
lsacl(1) and acl(5)) for HFS file systems, or the getacl command (see
getacl(1) and aclv(5)) for JFS file systems.
EXTERNAL INFLUENCES
Environment Variables
If the COLUMNS variable is set, ls uses the width provided in
determining positioning of columnar output.
LANG determines the locale to use for the locale categories when both
LC_ALL and the corresponding environment variable (beginning with LC_)
do not specify a locale. If LANG is not set or is null, it defaults
to C (see lang(5)).
LC_COLLATE determines the order in which the output is sorted.
LC_CTYPE determines which characters are classified as nonprinting for
the -b and -q options, and the interpretation of single- and/or
multibyte characters within file names.
LC_TIME determines the date and time strings output by the -g, -l
(ell), -n, and -o options.
LC_MESSAGES determines the language in which messages (other than the
date and time strings) are displayed.
If any internationalization variable contains an invalid setting, they
all default to C (see environ(5)).
International Code Set Support
Single- and multibyte character code sets are supported.
RETURN VALUE
ls exits with one of the following values:
0 All input files were listed successfully.
>0 ls was aborted because errors occurred when accessing files.
The following conditions cause an error:
+ Specified file not found.
+ User has no permission to read the directory.
+ Process could not get enough memory.
+ Invalid option specified.
EXAMPLES
Print a long listing of all the files in the current working directory
(including the file sizes). List the most recently modified
(youngest) file first, followed by the next older file, and so forth,
to the oldest. Files whose names begin with a . are also printed.
ls -alst
WARNINGS
Setting options based on whether the output is a login (tty) device is
undesirable because ls -s is very different from ls -s | lp. On the
other hand, not using this setting makes old shell scripts that used
ls almost inevitably fail.
Nonprinting characters in file names (without the -b or -q option) may
cause columnar output to be misaligned.
DEPENDENCIES
NFS
The -l (ell) option does not display a plus sign (+) after the access
permission bits of networked files to represent existence of optional
access control list entries.
AUTHOR
ls was developed by AT&T, the University of California, Berkeley and HP.
FILES
/etc/group For group IDs for -l (ell) and -g.
/etc/passwd For user IDs for -l (ell) and -o.
/usr/share/lib/terminfo/?/* For terminal information.
SEE ALSO
chmod(1), find(1), getacl(1), lsacl(1), stat(2), acl(5), aclv(5).
No comments:
Post a Comment