Официален блог на WebEKM EKM очаквайте сайта онлайн скоро.

Download Free Templates http://bigtheme.net/ free full Wordpress, Joomla, Mgento - premium themes.

Linux access permissions, ownership, special permissions SUID, SGID, Sticky Bit and Access Lists

PermissionsConceptTraditional access permissions for files and folders  in Linux distributions enables us control of granting access to files/folders and what users can do with them. Not complicated, easy to understand and crucial to working with a file system. 

There are 3 types of users that can access a files: the owner of the file (OWNER), a member of a group that file is asssociated with (GROUP), and everyone else (OTHER). A user can access the file in 3 ways: READ, WRITE and EXECUTE.

If you input command “ls -l” you will get the output

ls-l lin

Let’s break it down starting from the left column


1. Type of file “-” for files, “d” for folders, “s” socket file
2. File acess permissions for owner, group and other. Permissions are represented
by “r” read, “w” write, “x” execute. If there is a “-” that means there is no permission.
3. Flag for ACL if the file has an ACL
4. Number of links to the file
5. the name of the owner
6. the name of the group the file is associated with
7. the size of the file
8. the date and time of creation or modification
9. the name of the file

chmod : changing acess permissions

Permisions can be modified by symbolic (relative) or numeric (absolute) arguments. The person with root previleges has access to all files, regardles the owner of the file. The owner has right to modified the permissions.

Symbolic Arguments
“Chmod” removes (-) or adds (+) read(r), write(w) and execute(e) permissions for the users. The owner and group permissions are not affected.

The syntax of command:

chmod ugo+rwx file 

UGO – User Group Other – we have to remember the “O” stands for Other not for Owner !

If we want to change permissions of “file123.txt”. Firstly I added WRITE permission
for Group and Other and secondly I removed WRITE permission for User.

chmod UGO

Numeric Arguments
The numeric argument consists of 3 octal digits 0-7. The first digit specifies permissions for the owner, the second for the group anf the third for the users.
1 – gives the specified Users EXECUTE permissions
2 – gives WRITE permissions
4 – gives READ permissions

By adding those 3 values we can modify permissions, for example 1+4=5 and 5 gives
us EXECUTE and READ permissions for a given users.

Let’s check on the example :

chmod 777

Examples of numeric permissions:

777 – The owner, group and other has full access Read, Write and Execute
755 – the owner RWE, the group and other RE
640 – the owner RW, the group R, the other no access to the file

chown: changing the owner of the file/folder

The syntax of command:
chown user file
chown user.group file

.group is optional if we are not going to modify the group, only user.


I can also change recursively “-R” the owner for all files in the given folder

chown -r

chgrp: changing the group of the file/folder

The syntax of use:
chgrp group file

In this case I changed recursively group for all files in the MyFoler folder


Special Permissions

There are 3 special permissions SetUID (set user ID), SetGID (set group ID) and Sticky Bits. Before I go over explanation what they do, let me explain how to manipulate them. Unfortunately “s” or “t” will not appear next to “execute” rights but instead of its. Execute flag will be covered.

chmod SGID SUID Sticbit.jpg


If the underlying executable bit is not set, the “s” or “t” are capital “S” and “T”.

setuid guid stick rws.jpg

How do we modify SUID, SGID and Sticky Bits ?

We modify those parameters with “chmod”. When we type :
chmod 777 file.txt means the same as chmod 0777 file.txt

At the beginning of the permissions our “0” we set up SUID SGID and Sticky Bit.

For “4” we have SUID, for “2” we have SGID, for “1” we have Sticky Bit

Take a look at the examples :

schmod SUID SGID Sticky bit examples.jpg

as we see 4 activates SUID, 2 activates SGID and 1 activates Sticky Bit, 5 activates SUID and Sticky Bit, 6 activates SUID and SGID and 7 activates SUID, SGID and Sticky Bit

What SUID, SGID and Sticky Bits do for us ?

Below table clarifies everything

suid sgid stickbit influence files folder

let’s add some SUID, SGID and Sticky Bits

SGID SUID stickybit example

Access Lists

ACLs are supported by default in CentOS, if not, you have to add info about that to fstab file. ACL overrules default permissions, makes  permissions more granular, we may specify a particular user or a particular group and give them  permissions.  In other words with ACL, despite we’ve set up “no read” permission for the ‘other’, we may still allow given users grant access to the resources.

getfacl – Get File Access List

syntax of command
getfacl file – whole ACL info
getfacl u::rwx – standard permission info
u:marcin:rwx – acl for specific user
g:users:rwx – acl for specific group

setfacl – Set File Access List

syntax of command
setfacl -m u:user:rwx file
-m – modify
-b – erease ACL info
-d – set default acl info
-k – erease default acl info

Let’s see on the example how it works

getfacl file setfacl

We have a “file1.txt” file and only the “root” from group “users” has access to its, we have changed this with setfacl command and gave an access for user “marcin” that belongs to the same group “users”. As you see ls -l will not show entire information, only shows that now entire group “users” have rights to Read and Write, what is not true, because only user “marcin” and “root” from group “users” got this rights. But you may only get to know about  that by “getfacl file1.txt” command.


Onlain bookmaker bet365.com - the best bokie