File permissions, users, groups

More learning about linux!!!

• https://wiki.archlinux.org/title/Users_and_groups
• https://wiki.archlinux.org/title/File_permissions_and_attributes

Ownership

• Every file is owned by one user and one group.
• In ls -l output, the user is output on the left, and the group on the right
• It’s pretty common for a group to exist with the same name as a user, which is why sometimes ls -l looks confusing writing the same username twice.
• Change the owning user with chown <user> <file>.
• Change the owning group with chown :<group> <file> (putting a colon in front of the group name).
  • Or both at once with <user>:<group> syntax
  • You can chown recursively with the -R flag

Permissions

There are three types of permission bits: read, write, execute.

• Read/write/execute map to the obvious things on files.
• If you can read a directory, you can list its contents.
• If you can write a directory, you can add/remove/rename files inside it.
• If you can execute a directory, you can cd into it.

There are three sets of these bits:

• owning user’s permissions
• group’s permissions
• other’s permissions

In ls -l (or namei) output, the user’s permissions are written first, then the group, then others’.

Change ownership with chmod. Kind of an involved command

• chmod <who>=<perms> <file>
  • who can be any combination of u for owning user, g for group, o for everyone else
    • or a for “all of those”, which is the default value
  • perms can be any combination of r, w, and x
  • like chown you can -R for recursive
• chmod <who>+<perms> <file> (with a plus)
  • only adds new permissions, won’t remove any from existing files
  • since <who> defaults to a this is why chmod +x works
• chmod <who>-<perms> <file> (with a minus)
  • only removes permissions
• chmod <a number> <file>
  • set ugo permissions with an octal digit

Octal digits to know:

• 7: read, write, and execute
• 6: read and write, but not execute
• 5: read and execute
• 4: read-only

Octal triplets to know:

• 644: read-and-write for owner, read-only for everyone else
  • 755: same, with the execute bit set

A secret, funnier triplet

Composed of the setuid, setgid, and sticky bits

• setuid: executes under the permissions of the file’s owning user, not your user. Common setuid binaries include su and sudo.
• setgid: Same for groups?
• sticky: Kind of legacy nonsense. Does nothing useful on files (supposedly prevents them from being swapped out), basically disables the execute flag on directories if you’re not the owner.

Rarely needed

solving my problem

The problem is that when I rsync files from my computer to my server, i need to chown them back to be owned by www-data

I had some stuff here but I was totally wrong. In reality: on Termux the files only had permission bits 700, and since rsync -a implies -p which copies permission bits, they were ending up on the server with bits 600. Changing the owning user to www-data allowed the server to read the files.

When i rsynced from my computer it’d set the bits to 775.

Solution: Well, I don’t need to copy those bits in the first place.

while i’m here

“archive mode is -rlptgoD

• rsync -r recursive
• rsync -l copy symlinks as symlinks
• rsync -p copy the permission bits
• rsync -t copy the modification times
• rsync -g copy owning group id
• rsync -o copy owning user id
• rsync -D copy devices and copy “specials” (named sockets and fifos?)

ok so maybe i just want rsync -r since i don’t need to copy that stuff in the first place?