-rwxrwxr--. 1 student student 1520 May 18 07:36 myscript.sh
>-rwxrwxr--. 1 student student 1520 May 18 07:36 myscript.sh
[joe@localhost ~]$ man -k permissions access (2) - check user's permissions for a file chmod (2) - change permissions of a file console.perms (5) - permissions control file for users at the system console ...
[student@workstation ~]$ ls -l ~/.ssh/sdf_rsa -rw-rw-rw- 1 student student 2675 Jul 29 2022 .ssh/sdf_rsa [student@workstation ~]$ chmod 0600 .ssh/sdf_rsa [student@workstation ~]$ ls -l ~/.ssh/sdfid_rsa -rw- - - - - - - 1 student student 2675 Jul 29 2022 .ssh/sdf_rsa
[student@workstation ~]$ man -k owner chgrp (1) - change group ownership chown (1) - change file owner and group ...
[joe@localhost ~]$ ls -l myscript.sh -rw-r--r-- 1 joe joe 1760 Sep 14 12:48 myscript.sh [joe@localhost ~]$ chown :devops myscript.sh -rw-r--r-- 1 joe devops 1760 Sep 14 12:49 myscript.sh
[student@workstation ~]$ which passwd /usr/bin/passwd [student@workstation ~]$ ls -l /usr/bin/passwd -rwsr-xr-x 1 root root 59976 Nov 24 2022 /usr/bin/passwd Note: Sometimes a program needs to be run with the permissions of the owner of the program rather than the user who runs the program. The `passwd` command is an example. The `/etc/shadow` file must be updated when a user sets a new password. Root privileges are required to change that file. The s in the permissions field indicates that this special permission is set. --- # Special Permissions (sgid) Note: Similar to suid, sgid runs a file with the permissions of the group the file belongs to. If the permission is set on a directory files created in the directory inherit the directory's group. --- # Special Permissions (Sticky Bit) [student@workstation ~]$ ls -ld /tmp drwxrwxrwt 19 root root 4096 Feb 7 08:26 /tmp/ Note: The sticky bit limits the permissions on a directory. Note the t in the permissions. With the sticky bit set on a directory only the owner of a file in the `/tmp` directory can remove or change the file. --- # Manage Default Permissions and File Access ![screenshot of the login.defs file showing the umask](../images/login_defs.png) Note: When a new file is created it inherits the default permissions set on the system. These permissions are set in the `umask` section of the `/etc/login.defs` file. --- # The `umask` Command ``` [student@workstation ~]$ umask ``` Note: The `umask` command is used to display default permissions. A user can change the default permissions temporarily for files that user creates. Root can set new default permissions for all users by editing the `umask` section of `/etc/login.defs`. The change will take effect the next time the system is booted. --- # How the `umask` is Set
[student@workstation ~]$ ls -ld /tmp drwxrwxrwt 19 root root 4096 Feb 7 08:26 /tmp/ Note: The sticky bit limits the permissions on a directory. Note the t in the permissions. With the sticky bit set on a directory only the owner of a file in the `/tmp` directory can remove or change the file. --- # Manage Default Permissions and File Access ![screenshot of the login.defs file showing the umask](../images/login_defs.png) Note: When a new file is created it inherits the default permissions set on the system. These permissions are set in the `umask` section of the `/etc/login.defs` file. --- # The `umask` Command ``` [student@workstation ~]$ umask ``` Note: The `umask` command is used to display default permissions. A user can change the default permissions temporarily for files that user creates. Root can set new default permissions for all users by editing the `umask` section of `/etc/login.defs`. The change will take effect the next time the system is booted. --- # How the `umask` is Set