You want to set permissions in a secure manner.
If you need to set exact permissions for security reasons (or you are sure that you don’t care what is already there, you just need to change it), use chmod with 4-digit octal modes.
|
1 |
$ chmod 0755 some_script |
If you only want to add or remove permissions, but need to leave other existing permissions unchanged, use the + and – operations in symbolic mode.
|
1 |
$ chmod +x some_script |
If you try to recursively set permissions on all the files in a directory structure using something like chmod -R 0644 some_directory then you’ll regret it because you’ve now rendered any subdirectories non-executable, which means you won’t be able to access their content, cd into them, or traverse below them.
Use find and xargs with chmod to set the files and directories individually.
|
1 2 |
$ find some_directory -type f | xargs chmod 0644 # File perms $ find some_directory -type d | xargs chmod 0755 # Dir. perms |
Of course, if you only want to set permissions on the files in a single directory (nonrecursive), just cd in there and set them.
When creating a directory, use mkdir -m mode new_directory since you not only accomplish two tasks with one command, but you avoid any possible race condition between creating the directory and setting the permissions.
Many people are in the habit of using three-digit octal modes, but we like to use all four possible digits to be explicit about what we mean to do with all attributes.
We also prefer using octal mode when possible because it’s very clear what permissions you are going to end up with.
You may also use the absolute operation (=) in symbolic mode if you like, but we’re traditionalists who like the old octal method best.
Ensuring the final permissions when using the symbolic mode and the + or – operations is trickier since they are relative and not absolute.
Unfortunately, there are many cases where you can’t simply arbitrarily replace the existing permissions using octal mode.
In such cases you have no choice but to use symbolic mode, often using + to add a permission while not disturbing other existing permissions.
Consult your specific system’s chmod for details, and verify that your results are as you expect.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$ ls -l -rw-r--r-- 1 jp users 0 Dec 1 02:09 script.sh # Make file read, write and executable for the owner using octal $ chmod 0700 script.sh $ ls -l -rwx------ 1 jp users 0 Dec 1 02:09 script.sh # Make file read and executable for everyone using symbolic $ chmod ugo+rx *.sh $ ls -l -rwxr-xr-x 1 jp users 0 Dec 1 02:09 script.sh |
Note in the last example that although we added (+) rx to everyone (ugo), the owner still has write (w).
That’s what we wanted to do here, and that is often the case.
But do you see how, in a security setting, it might be easy to make a mistake and allow an undesirable permission to slip through the cracks?
That’s why we like to use the absolute octal mode if possible, and of course we always check the results of our command.
