Permissions and Umasks

From SlackWiki
Jump to: navigation, search

Normal Permissions

On *nix-like systems, traditionally every file has an owner, an assigned group, and a list of permissions (although POSIX Access Control Lists are getting more popular).

You can change the owner of a file with the "chown" command:

fred@linux:~> chown someUser foo

You can change the group of a file with the "chgrp" command:

fred@linux:~> chgrp someGroup foo

Alternatively, you can do both at once:

fred@linux:~> chown someUser.someGroup foo


fred@linux:~> chown someUser:someGroup foo

For every file, you can set the following for the User, Group, and Others: r - can read w - can write x - can execute

These are set with the "chmod" command:

fred@linux:~> chmod u=rwx,g=rx,o=r foo
fred@linux:~> ls -l foo
-rwxr-xr-- 1 fred users 0 2004-10-26 11:38 foo

You don't need to set all the permissions - you can just modify them, for example, to make a file executable:

fred@linux:~> chmod +x foo

You can also change the permissions just for either the User, Group, or Others:

fred@linux:~> chmod o-x foo

Octal Permissions

You can also specify permissions with a number. To find out which numbers, add up the numbers from this table:

r w x
4 2 1

For example, rwxr-xr-- would be:

U  G  O
4  4  4
+2 +0 +0
+1 +1 +0
=7 =5 =4

So to give a file rwxr-xr-- permissions:

fred@linux:~> chmod 754 foo


umasks define which permissions can not be set (in octal). For example, the default umask on slackware is 0022:

fred@laptop:~$ umask

Ignoring the first digit, this means that the owner can do anything, but group and others are unable to write (2 == w). A more secure umask (possibly more suitable for your ~/) is 0077, meaning that group and others have no access to your files.

More Umask

The following is based on Sandman1's Umask tutorial.

Well first this is a pretty boring topic to write about, So im going to get right to the point. When you set a umask you set what permission NOT to set. So when you create a file it uses the umask to set the file permissions. All of this might not make sense now but it will later. Now type:


Now on slackware you will get "0022", First ignore the first 0. Now we have 022. The first 0 makes sure the owner has ALL the permissions of a file. You can tell that becuase you have no permissions you want to turn off. Now the next two numbers you have a 2 for. The 2 indicates that you NEVER want to set write permissions.

Now that method above of trying to find a umask is a bit confusing. All you do is set the number what you DON'T want the user to have. Now there is an easier way of finding out a umask. You can subtract the permission from 777. Example:

777 - 750 = 027

That is the umask of the 750 permission. Now you may be asking yourself what is this usefull for. Well you can set the umask by typing "umask 027" in bash and when you create a file/directory it goes by umask 027 instead of the 0022.

Now another reason for setting a umask is becuase you want to access a filesystem such as NTFS,VFAT,Samba,etc as a regular user. You can set the umask and allow regular users to write to the filesytem. It is really easy, in the fstab all you add is "umask=027" and remount the filesystem. See Windows_Partitions for more information (and a potentially better option than setting umask options).