DEV Community

Max Chernyak
Max Chernyak

Posted on • Originally published at hakunin.com on

Linux permissions cheatsheet

chmod [a]bcd

bit scope description
a sticky:1, setgid:2, setuid:4 (optional, default: 0)
b owner x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7
c group x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7
d everyone x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7
  • Note: only file/dir owner can chmod it
  • Note: scripts need both x and r permissions to execute(that’s because scripts are read into interpreter) (only r is enough if ran via ruby script.rb, sh script.sh)

files

bit setting meaning
sticky on files no effect
setgid on execable binaries no matter who executes, process runs as file’s group
setuid on execable binaries no matter who executes, process runs as file’s owner
setuid/setgid on scripts ignored due to security issues
setuid/setgid on non-execables no effect1

Warning: setuid is dangerous

directories

bit setting meaning
x on dirs cd, stat (e.g. ls -l), inode lookup (access files)
w on dirs add/delete/rename files (requires x for inode lookup)
r on dirs ls
  • Note: having xw on a dir is enough to delete any file in it(unless it has sticky bit)

sticky on dirs

  • only used when writable by group/everyone
  • files in dir can only be edited/deleted by their owner (think /tmp)
  • symlinks only work if target is within this dir

setgid on dirs

  • all files/subdirs created by anyone in this dir inherit its group
  • all subdirs inherit this bit when created

setuid on dirs

  • no effect

sources

  1. There is an exception. See “SUID and SGID on non-executable files” on this page.

Top comments (0)