1120 lines
16 KiB
HTML
1120 lines
16 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>File Permissions</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="GNU/Linux Command-Line Tools Summary"
|
|
HREF="book1.htm"><LINK
|
|
REL="UP"
|
|
TITLE="Security"
|
|
HREF="c9295.htm"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Security"
|
|
HREF="c9295.htm"><LINK
|
|
REL="NEXT"
|
|
TITLE="Archiving Files"
|
|
HREF="c9978.htm"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>GNU/Linux Command-Line Tools Summary</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="c9295.htm"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 14. Security</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="c9978.htm"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="FILE-PERMISSIONS"
|
|
></A
|
|
>File Permissions</H1
|
|
><P
|
|
>Use <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
> ls <A
|
|
NAME="AEN9547"
|
|
></A
|
|
>-l </I
|
|
></SPAN
|
|
><A
|
|
NAME="AEN9549"
|
|
></A
|
|
>to see the permissions of files (list-long). They will appear like this, note that I have added spaces <A
|
|
NAME="AEN9551"
|
|
></A
|
|
>between permissions to make it easier to read:</P
|
|
><P
|
|
>Where: r <A
|
|
NAME="AEN9554"
|
|
></A
|
|
>= read, w <A
|
|
NAME="AEN9556"
|
|
></A
|
|
>= write,<A
|
|
NAME="AEN9558"
|
|
></A
|
|
> x = execute <A
|
|
NAME="AEN9560"
|
|
></A
|
|
></P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
> - rwx rw- r-- 1 <A
|
|
NAME="LINKS"
|
|
><IMG
|
|
SRC="../images/callouts/1.gif"
|
|
HSPACE="0"
|
|
VSPACE="0"
|
|
BORDER="0"
|
|
ALT="(1)"></A
|
|
> newuser newuser
|
|
type<A
|
|
NAME="TYPE"
|
|
><IMG
|
|
SRC="../images/callouts/2.gif"
|
|
HSPACE="0"
|
|
VSPACE="0"
|
|
BORDER="0"
|
|
ALT="(2)"></A
|
|
>owner<A
|
|
NAME="OWNER"
|
|
><IMG
|
|
SRC="../images/callouts/3.gif"
|
|
HSPACE="0"
|
|
VSPACE="0"
|
|
BORDER="0"
|
|
ALT="(3)"></A
|
|
>group<A
|
|
NAME="GROUP"
|
|
><IMG
|
|
SRC="../images/callouts/4.gif"
|
|
HSPACE="0"
|
|
VSPACE="0"
|
|
BORDER="0"
|
|
ALT="(4)"></A
|
|
>others<A
|
|
NAME="OTHERS"
|
|
><IMG
|
|
SRC="../images/callouts/5.gif"
|
|
HSPACE="0"
|
|
VSPACE="0"
|
|
BORDER="0"
|
|
ALT="(5)"></A
|
|
></PRE
|
|
><DIV
|
|
CLASS="CALLOUTLIST"
|
|
><DL
|
|
COMPACT="COMPACT"
|
|
><DT
|
|
><A
|
|
HREF="x9543.htm#LINKS"
|
|
><IMG
|
|
SRC="../images/callouts/1.gif"
|
|
HSPACE="0"
|
|
VSPACE="0"
|
|
BORDER="0"
|
|
ALT="(1)"></A
|
|
></DT
|
|
><DD
|
|
>
|
|
This number is the number of hard links (pointers) to this file. You can use <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>ln </I
|
|
></SPAN
|
|
>to create another hard-link to the file.
|
|
</DD
|
|
><DT
|
|
><A
|
|
HREF="x9543.htm#TYPE"
|
|
><IMG
|
|
SRC="../images/callouts/2.gif"
|
|
HSPACE="0"
|
|
VSPACE="0"
|
|
BORDER="0"
|
|
ALT="(2)"></A
|
|
></DT
|
|
><DD
|
|
> This is the type of file. '-' means a regular file, 'd' would mean a directory, 'l' would mean a link. There are also other types such as 'c' for character device and 'b' for block device (found in the /dev/ directory).
|
|
</DD
|
|
><DT
|
|
><A
|
|
HREF="x9543.htm#OWNER"
|
|
><IMG
|
|
SRC="../images/callouts/3.gif"
|
|
HSPACE="0"
|
|
VSPACE="0"
|
|
BORDER="0"
|
|
ALT="(3)"></A
|
|
></DT
|
|
><DD
|
|
> These are the permissions for the owner of the file (the user who created the file).
|
|
</DD
|
|
><DT
|
|
><A
|
|
HREF="x9543.htm#GROUP"
|
|
><IMG
|
|
SRC="../images/callouts/4.gif"
|
|
HSPACE="0"
|
|
VSPACE="0"
|
|
BORDER="0"
|
|
ALT="(4)"></A
|
|
></DT
|
|
><DD
|
|
> These are the permissions for the group, any users who belong is the same group as the user who created the file will have these permissions.
|
|
</DD
|
|
><DT
|
|
><A
|
|
HREF="x9543.htm#OTHERS"
|
|
><IMG
|
|
SRC="../images/callouts/5.gif"
|
|
HSPACE="0"
|
|
VSPACE="0"
|
|
BORDER="0"
|
|
ALT="(5)"></A
|
|
></DT
|
|
><DD
|
|
> These are the permissions for everyone else. Any user who is outside the group will have these permissions to the file.
|
|
</DD
|
|
></DL
|
|
></DIV
|
|
><P
|
|
>The two names at the end are the username <A
|
|
NAME="AEN9581"
|
|
></A
|
|
>and group <A
|
|
NAME="AEN9583"
|
|
></A
|
|
>respectively.<A
|
|
NAME="AEN9585"
|
|
></A
|
|
></P
|
|
><P
|
|
></P
|
|
><DIV
|
|
CLASS="VARIABLELIST"
|
|
><DL
|
|
><DT
|
|
>chmod</DT
|
|
><DD
|
|
><P
|
|
><A
|
|
NAME="AEN9592"
|
|
></A
|
|
>Change <A
|
|
NAME="AEN9594"
|
|
></A
|
|
>file access <A
|
|
NAME="AEN9596"
|
|
></A
|
|
>permissions for a file(s).</P
|
|
><P
|
|
>There are two methods <A
|
|
NAME="AEN9599"
|
|
></A
|
|
>to change <A
|
|
NAME="AEN9601"
|
|
></A
|
|
>permissions using <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>chmod</I
|
|
></SPAN
|
|
>; letters <A
|
|
NAME="AEN9604"
|
|
></A
|
|
>or numbers.<A
|
|
NAME="AEN9606"
|
|
></A
|
|
></P
|
|
><P
|
|
></P
|
|
><DIV
|
|
CLASS="VARIABLELIST"
|
|
><DL
|
|
><DT
|
|
>Letters Method:</DT
|
|
><DD
|
|
><P
|
|
>use a + or - (plus or minus <A
|
|
NAME="AEN9613"
|
|
></A
|
|
>sign) to add <A
|
|
NAME="AEN9615"
|
|
></A
|
|
>or remove <A
|
|
NAME="AEN9617"
|
|
></A
|
|
>permissions for a file respectively. Use an equals <A
|
|
NAME="AEN9619"
|
|
></A
|
|
>sign =, to specify <A
|
|
NAME="AEN9621"
|
|
></A
|
|
>new <A
|
|
NAME="AEN9623"
|
|
></A
|
|
>permissions and remove <A
|
|
NAME="AEN9625"
|
|
></A
|
|
>the old <A
|
|
NAME="AEN9627"
|
|
></A
|
|
>ones for the particular <A
|
|
NAME="AEN9629"
|
|
></A
|
|
>type of user(s). </P
|
|
><P
|
|
>You can use<SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
> chmod <A
|
|
NAME="AEN9633"
|
|
></A
|
|
>letter</I
|
|
></SPAN
|
|
> where the letters <A
|
|
NAME="AEN9635"
|
|
></A
|
|
>are:</P
|
|
><P
|
|
><SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>a</I
|
|
></SPAN
|
|
> (all (everyone))<SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>, u</I
|
|
></SPAN
|
|
> (user)<SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>,</I
|
|
></SPAN
|
|
> <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>g</I
|
|
></SPAN
|
|
> (group) and <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>o</I
|
|
></SPAN
|
|
> (other).</P
|
|
></DD
|
|
></DL
|
|
></DIV
|
|
><P
|
|
>Examples:</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chmod u+rw somefile</PRE
|
|
><P
|
|
>This would give the user read and write <A
|
|
NAME="AEN9646"
|
|
></A
|
|
>permission.</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chmod o-rwx somefile</PRE
|
|
><P
|
|
>This will remove <A
|
|
NAME="AEN9650"
|
|
></A
|
|
>read/write/execute permissions from other users (doesn't include <A
|
|
NAME="AEN9652"
|
|
></A
|
|
>users within your group).</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chmod a+r<SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
> </I
|
|
></SPAN
|
|
>somefile</PRE
|
|
><P
|
|
>This will give everyone <A
|
|
NAME="AEN9657"
|
|
></A
|
|
>read permission <A
|
|
NAME="AEN9659"
|
|
></A
|
|
>for the file.</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chmod a=rx somefile</PRE
|
|
><P
|
|
>This would give everyone execute and read permission to the file, if anyone had write <A
|
|
NAME="AEN9663"
|
|
></A
|
|
>permission it would be removed.</P
|
|
><P
|
|
></P
|
|
><DIV
|
|
CLASS="VARIABLELIST"
|
|
><DL
|
|
><DT
|
|
>Numbers Method:</DT
|
|
><DD
|
|
><P
|
|
>you can also use numbers <A
|
|
NAME="AEN9670"
|
|
></A
|
|
>(instead of letters) to change <A
|
|
NAME="AEN9672"
|
|
></A
|
|
>file permissions. Where:</P
|
|
><P
|
|
>r <A
|
|
NAME="AEN9675"
|
|
></A
|
|
>(read) = 4 w <A
|
|
NAME="AEN9677"
|
|
></A
|
|
>(write) = 2 x (execute) = 1 </P
|
|
></DD
|
|
></DL
|
|
></DIV
|
|
><P
|
|
>Numbers <A
|
|
NAME="AEN9680"
|
|
></A
|
|
>can be added together so you can specify read/write/execute permissions; read+write = 6, read+execute = 5, read+write+execute = 7</P
|
|
><P
|
|
>Examples:</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chmod 777 somefile</PRE
|
|
><P
|
|
>This would give everyone read/write/execute permission on “this_file”. The first number <A
|
|
NAME="AEN9685"
|
|
></A
|
|
>is user, second is group <A
|
|
NAME="AEN9687"
|
|
></A
|
|
>and third is everyone else (other).</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chmod 521 somefile</PRE
|
|
><P
|
|
>This would give the user read and execute <A
|
|
NAME="AEN9691"
|
|
></A
|
|
>permission, and the group <A
|
|
NAME="AEN9693"
|
|
></A
|
|
>write<A
|
|
NAME="AEN9695"
|
|
></A
|
|
> permission <A
|
|
NAME="AEN9697"
|
|
></A
|
|
>(but not read permission!) and everyone else execute <A
|
|
NAME="AEN9699"
|
|
></A
|
|
>permission. (Note that it's just an example, settings like that don't really make sense...).</P
|
|
></DD
|
|
><DT
|
|
>chown</DT
|
|
><DD
|
|
><P
|
|
><A
|
|
NAME="AEN9705"
|
|
></A
|
|
>Changes the ownership <A
|
|
NAME="AEN9707"
|
|
></A
|
|
>rights <A
|
|
NAME="AEN9709"
|
|
></A
|
|
>of a file (hence the name 'chown' - change owner<A
|
|
NAME="AEN9711"
|
|
></A
|
|
>). This program can only be used by root. </P
|
|
><P
|
|
>Use the<SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
> -R <A
|
|
NAME="AEN9715"
|
|
></A
|
|
></I
|
|
></SPAN
|
|
> option to change <A
|
|
NAME="AEN9717"
|
|
></A
|
|
>things recursively,<A
|
|
NAME="AEN9719"
|
|
></A
|
|
> in other words, all matching <A
|
|
NAME="AEN9721"
|
|
></A
|
|
>files including <A
|
|
NAME="AEN9723"
|
|
></A
|
|
>those in subdirectories.<A
|
|
NAME="AEN9725"
|
|
></A
|
|
></P
|
|
><P
|
|
>Command syntax:</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chown owner:group the_file_name</PRE
|
|
></DD
|
|
><DT
|
|
>sticky bit</DT
|
|
><DD
|
|
><P
|
|
><A
|
|
NAME="AEN9733"
|
|
></A
|
|
>Only the person <A
|
|
NAME="AEN9735"
|
|
></A
|
|
>who <A
|
|
NAME="AEN9737"
|
|
></A
|
|
>created the file within a directory may delete<A
|
|
NAME="AEN9739"
|
|
></A
|
|
> it, even if other people <A
|
|
NAME="AEN9741"
|
|
></A
|
|
>have write <A
|
|
NAME="AEN9743"
|
|
></A
|
|
>permission. You can turn <A
|
|
NAME="AEN9745"
|
|
></A
|
|
>it on by typing: </P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chmod 1700<SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
> </I
|
|
></SPAN
|
|
>somedirectory (where 1 = sticky bit)</PRE
|
|
><P
|
|
>or (where <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>t</I
|
|
></SPAN
|
|
> represents <A
|
|
NAME="AEN9751"
|
|
></A
|
|
>the sticky <A
|
|
NAME="AEN9753"
|
|
></A
|
|
>bit)</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chmod +t somedirectory</PRE
|
|
><P
|
|
>To turn <A
|
|
NAME="AEN9757"
|
|
></A
|
|
>it off <A
|
|
NAME="AEN9759"
|
|
></A
|
|
>you would need to type:</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chmod 0700 somefile (where the zero would mean no sticky bit)</PRE
|
|
><P
|
|
>or (where <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>t </I
|
|
></SPAN
|
|
> represents <A
|
|
NAME="AEN9764"
|
|
></A
|
|
>the sticky <A
|
|
NAME="AEN9766"
|
|
></A
|
|
>bit)</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chmod -t somefile<A
|
|
NAME="AEN9769"
|
|
></A
|
|
></PRE
|
|
><P
|
|
>Note that the permissions <A
|
|
NAME="AEN9772"
|
|
></A
|
|
>aren't relevant <A
|
|
NAME="AEN9774"
|
|
></A
|
|
>in the numbers <A
|
|
NAME="AEN9776"
|
|
></A
|
|
>example, only the first number (1 = on, 0 = off).</P
|
|
><P
|
|
>An example of a sticky <A
|
|
NAME="AEN9779"
|
|
></A
|
|
>directory is usually /tmp</P
|
|
></DD
|
|
><DT
|
|
>suid</DT
|
|
><DD
|
|
><P
|
|
>Allow SUID/SGID (switch user ID/switch group <A
|
|
NAME="AEN9785"
|
|
></A
|
|
>ID) access.<A
|
|
NAME="AEN9787"
|
|
></A
|
|
> You would normally use <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>chmod</I
|
|
></SPAN
|
|
> to turn <A
|
|
NAME="AEN9790"
|
|
></A
|
|
>this on or off <A
|
|
NAME="AEN9792"
|
|
></A
|
|
>for a particular file, suid <A
|
|
NAME="AEN9794"
|
|
></A
|
|
>is generally considered a security <A
|
|
NAME="AEN9796"
|
|
></A
|
|
>hazard so be careful <A
|
|
NAME="AEN9798"
|
|
></A
|
|
>when using this. </P
|
|
><P
|
|
>Example:</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chmod u+s file_name</PRE
|
|
><P
|
|
>This will give everyone permission to execute <A
|
|
NAME="AEN9803"
|
|
></A
|
|
>the file with the permissions of the user who set the +s switch.<A
|
|
NAME="AEN9805"
|
|
></A
|
|
> </P
|
|
><DIV
|
|
CLASS="CAUTION"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="CAUTION"
|
|
BORDER="1"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
ALIGN="CENTER"
|
|
><B
|
|
>Security Hazard</B
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
><P
|
|
>This is obviously a security hazard. You should avoid using the suid flag unless necessary.</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></DD
|
|
></DL
|
|
></DIV
|
|
><P
|
|
></P
|
|
><P
|
|
></P
|
|
><DIV
|
|
CLASS="VARIABLELIST"
|
|
><DL
|
|
><DT
|
|
>chattr</DT
|
|
><DD
|
|
><P
|
|
><SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
><A
|
|
NAME="AEN9817"
|
|
></A
|
|
></I
|
|
></SPAN
|
|
>Change file system attributes (works on ext2fs and possibly others...). Use the <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>-R</I
|
|
></SPAN
|
|
> option to change <A
|
|
NAME="AEN9820"
|
|
></A
|
|
>files recursively,<SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
> chattr </I
|
|
></SPAN
|
|
>has a large number <A
|
|
NAME="AEN9823"
|
|
></A
|
|
>of attributes <A
|
|
NAME="AEN9825"
|
|
></A
|
|
>which can be set <A
|
|
NAME="AEN9827"
|
|
></A
|
|
>on a file, read the manual<A
|
|
NAME="AEN9829"
|
|
></A
|
|
> page <A
|
|
NAME="AEN9831"
|
|
></A
|
|
>for further information.</P
|
|
><P
|
|
>Example:</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>chattr +i /sbin/lilo.conf<A
|
|
NAME="AEN9835"
|
|
HREF="#FTN.AEN9835"
|
|
><SPAN
|
|
CLASS="footnote"
|
|
>[1]</SPAN
|
|
></A
|
|
></PRE
|
|
><P
|
|
>This sets <A
|
|
NAME="AEN9840"
|
|
></A
|
|
>the 'immutable' flag <A
|
|
NAME="AEN9842"
|
|
></A
|
|
>on a file. Use a '+' to add <A
|
|
NAME="AEN9844"
|
|
></A
|
|
>attributes <A
|
|
NAME="AEN9846"
|
|
></A
|
|
>and a '-' to take them away. The +i will prevent <A
|
|
NAME="AEN9848"
|
|
></A
|
|
>any changes (accidental or otherwise) to the “lilo.conf” file. If you wish to modify <A
|
|
NAME="AEN9850"
|
|
></A
|
|
>the lilo.conf file you will need to unset <A
|
|
NAME="AEN9852"
|
|
></A
|
|
>the immutable<A
|
|
NAME="AEN9854"
|
|
></A
|
|
> flag:<A
|
|
NAME="AEN9856"
|
|
></A
|
|
><SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
> chattr -i</I
|
|
></SPAN
|
|
>.<A
|
|
NAME="AEN9859"
|
|
></A
|
|
> Note some flags <A
|
|
NAME="AEN9861"
|
|
></A
|
|
>can only be used by root;<A
|
|
NAME="AEN9863"
|
|
></A
|
|
> <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>-i</I
|
|
></SPAN
|
|
>, <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>-a</I
|
|
></SPAN
|
|
> and probably <A
|
|
NAME="AEN9867"
|
|
></A
|
|
>many others.</P
|
|
><P
|
|
>Note there are many different <A
|
|
NAME="AEN9870"
|
|
></A
|
|
>attributes <A
|
|
NAME="AEN9872"
|
|
></A
|
|
>that chattr can change,<A
|
|
NAME="AEN9874"
|
|
></A
|
|
> here are a few more which may be useful:</P
|
|
><P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
>A<A
|
|
NAME="AEN9879"
|
|
></A
|
|
> (no Access time) --- if a file or directory has this attribute set, whenever it is accessed,<A
|
|
NAME="AEN9881"
|
|
></A
|
|
> either for reading <A
|
|
NAME="AEN9883"
|
|
></A
|
|
>of for writing,<A
|
|
NAME="AEN9885"
|
|
></A
|
|
> it's last <A
|
|
NAME="AEN9887"
|
|
></A
|
|
>access time<A
|
|
NAME="AEN9889"
|
|
></A
|
|
> will not be updated.<A
|
|
NAME="AEN9891"
|
|
></A
|
|
> This can be useful, for example, on files or directories <A
|
|
NAME="AEN9893"
|
|
></A
|
|
>which are very often accessed <A
|
|
NAME="AEN9895"
|
|
></A
|
|
>for reading, especially since this parameter is the only one which changes on an inode <A
|
|
NAME="AEN9897"
|
|
></A
|
|
>when it's opened.<A
|
|
NAME="AEN9899"
|
|
></A
|
|
></P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>a<A
|
|
NAME="AEN9903"
|
|
></A
|
|
> (append only) --- if a file has this attribute <A
|
|
NAME="AEN9905"
|
|
></A
|
|
>set and is open for writing, the only operation possible will be to append <A
|
|
NAME="AEN9907"
|
|
></A
|
|
>data <A
|
|
NAME="AEN9909"
|
|
></A
|
|
>to it's previous contents. For a directory, this means that you can only add <A
|
|
NAME="AEN9911"
|
|
></A
|
|
>files to it, but not rename <A
|
|
NAME="AEN9913"
|
|
></A
|
|
>or delete any existing <A
|
|
NAME="AEN9915"
|
|
></A
|
|
>file. Only root can set or clear this attribute.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>s<A
|
|
NAME="AEN9919"
|
|
></A
|
|
> (secure deletion) --- when such a file or directory with this attribute<A
|
|
NAME="AEN9921"
|
|
></A
|
|
> set is deleted,<A
|
|
NAME="AEN9923"
|
|
></A
|
|
> the blocks <A
|
|
NAME="AEN9925"
|
|
></A
|
|
>it was occupying <A
|
|
NAME="AEN9927"
|
|
></A
|
|
>on disk <A
|
|
NAME="AEN9929"
|
|
></A
|
|
>are written back with zeroes <A
|
|
NAME="AEN9931"
|
|
></A
|
|
>(similar to using <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>shred</I
|
|
></SPAN
|
|
>). Note that this does work on the ext2,<A
|
|
NAME="AEN9934"
|
|
></A
|
|
> and ext3 <A
|
|
NAME="AEN9936"
|
|
></A
|
|
>filesystems but is unlikely to work on others (please see the documentation <A
|
|
NAME="AEN9938"
|
|
></A
|
|
>for the filesystem <A
|
|
NAME="AEN9940"
|
|
></A
|
|
>you are using). You may also like to see <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>shred</I
|
|
></SPAN
|
|
><A
|
|
NAME="AEN9943"
|
|
></A
|
|
>, please see <A
|
|
HREF="c2690.htm"
|
|
>Chapter 7</A
|
|
></P
|
|
></LI
|
|
></UL
|
|
></DD
|
|
><DT
|
|
>lsattr</DT
|
|
><DD
|
|
><P
|
|
><A
|
|
NAME="AEN9950"
|
|
></A
|
|
>(list attributes). This will list <A
|
|
NAME="AEN9952"
|
|
></A
|
|
>if whether a file has any special <A
|
|
NAME="AEN9954"
|
|
></A
|
|
>attributes (as set by chattr). Use the <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>-R</I
|
|
></SPAN
|
|
> option to list recursively <A
|
|
NAME="AEN9957"
|
|
></A
|
|
>and try using the <SPAN
|
|
CLASS="emphasis"
|
|
><I
|
|
CLASS="EMPHASIS"
|
|
>-d<A
|
|
NAME="AEN9960"
|
|
></A
|
|
></I
|
|
></SPAN
|
|
> option <A
|
|
NAME="AEN9962"
|
|
></A
|
|
>to list directories <A
|
|
NAME="AEN9964"
|
|
></A
|
|
>like other files rather than listing <A
|
|
NAME="AEN9966"
|
|
></A
|
|
>their contents.<A
|
|
NAME="AEN9968"
|
|
></A
|
|
></P
|
|
><P
|
|
>Command syntax:</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>lsattr</PRE
|
|
><P
|
|
>This will list files in the current <A
|
|
NAME="AEN9973"
|
|
></A
|
|
>directory, you may also like to specify<A
|
|
NAME="AEN9975"
|
|
></A
|
|
> a directory or a file:</P
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>lsattr /directory/or/file</PRE
|
|
></DD
|
|
></DL
|
|
></DIV
|
|
></DIV
|
|
><H3
|
|
CLASS="FOOTNOTES"
|
|
>Notes</H3
|
|
><TABLE
|
|
BORDER="0"
|
|
CLASS="FOOTNOTES"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="5%"
|
|
><A
|
|
NAME="FTN.AEN9835"
|
|
HREF="x9543.htm#AEN9835"
|
|
><SPAN
|
|
CLASS="footnote"
|
|
>[1]</SPAN
|
|
></A
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="95%"
|
|
><P
|
|
>This example and tiny parts of the explanation have been taken from the <SPAN
|
|
CLASS="PRODUCTNAME"
|
|
>Linux</SPAN
|
|
> Online Classroom, see [4] in the <A
|
|
HREF="b12722.htm"
|
|
><I
|
|
>Bibliography</I
|
|
></A
|
|
> for further information. </P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="c9295.htm"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="book1.htm"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="c9978.htm"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Security</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="c9295.htm"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Archiving Files</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |