Home / server / Questions / 147409
Accepted
Anonymous12345
Asked: 2010-06-03 02:24:52 +0800 CST

3 simple questions about file permissions

  • 772

1- Wonder, is this a good setup of permissions in the /var directory?

drwxr-xr-x  2 root root  4096 2010-05-30 03:34 backups
drwxr-xr-x  7 root root  4096 2010-05-29 17:55 cache
drwxr-xr-x 29 root root  4096 2010-05-29 17:55 lib
drwxrwsr-x  2 root staff 4096 2009-07-14 04:36 local
drwxrwxrwt  3 root root    60 2010-06-02 03:34 lock
drwxr-xr-x  9 root root  4096 2010-06-02 03:34 log
drwxrwsr-x  2 root man   4096 2009-09-20 20:36 mail
drwxr-xr-x  2 root root  4096 2009-09-20 20:36 opt
drwxrwxrwt 12 root root   420 2010-06-02 12:12 run
drwxr-xr-x  4 root root  4096 2009-09-20 20:37 spool
drwxrwxrwt  2 root root  4096 2009-07-14 04:36 tmp
drwxr-xr-x 14 user root  4096 2010-05-30 22:21 www

2- Could you give me a brief explanation of the columns above? First one is which permissions they have. Second is a nr. Third and fourth says "root root" for example. fifth is another nr (4096 for example). and the others are obvious.

3- Could you give me a brief explanation of the folders above? Especially the "lock" and "tmp" folders. Lock contains an apache2 folder which seems empty.

Thanks

linux apache-2.2 security

3 Answers

  1. Best Answer

    The best explanation of *nix permissions I found is at:

    http://content.hccfl.edu/pollock/AUnix1/FilePermissions.htm

    It is long, but worth the read. Pay special attention to what directory permissions mean as it might not be what you would guess. For example, write permission on a directory allows you to do delete files in that directory, regardless of the permissions on the file itself. Also look as the sticky bit is to find out about t for the temp directory.

    As far as ls -l, output it is:

    <FileType-Permisions> <Hardlink Count> <Owner> <Group> <Size> <Modification Time> <Name>

    FileType Permissions:

    • Character 1: File Type
    • Character 2: Owner Read
    • Character 3: Owner Write
    • Character 4: Owner Execute
    • Character 5,6,7: Group Read, Write, Execute
    • Character 8,9,10: All Read, Write, Execute

    They are evaluated left to right in a short-circuit method. This means that even if all has read access, if you are the owner and owner doesn't have read, you won't be able to read it. If you want to be more accurate, have look at what posix says:

    "%c%s%s%s%c", <entry type>, <owner permissions>,
    <group permissions>, <other permissions>,
    <optional alternate access method flag>

    Links:

    • If a file, how many links to that file exist, when all links are deleted, the file is deleted. If the file is a directory, it is how many directory links exist in that directory.

    Owner, Group:

    • The name of the owner of the file and group owner of the file. See /etc/passwd/ and /etc/group

    Size:

    • The size in blocks. The block size can be different on different systems, but it is normally 4 KBytes.. Oh, it is just in bytes actually. But you will notice everything has to be at least one block, so new files with something in them will at least take up 4096 even though this column might only show one byte.

    Modification Time:

    • When the file was last modified. See ctime and atime as well.

    Name:

    • The Name of the file.
    • 3

    1. Permissions comming with your distribution are normally OK and should probably not change if you're not sure of what you're doing.
      It seems ok even if backups directory might be with rwx------ permission (700)

    2. Answer is in man ls, 2nd is number of links to the file (in case of directory all inside file count as 1, non recursive), 5th nr is the file size, then there is the modification date.

    3. You will find your answer here http://www.pathname.com/fhs/ and more exactly here and here. In few words lock is used by apache to know if apache is already running or not, tmp is for temporary files

    • 1

  3. For an answer on the contents of the various folders check man hier.

    The /var/lock directory is intended to contain lock files. It is mainly used for devices and applications. File locks are usually placed in the directory being locked on next to the file being locked.

    /var/tmp is another /tmp directory. As /tmp is often on a tmpfs and is therefore cleared by a reboot, it useful if you need to create a temp file which will survive a reboot. This directory is rarely used.

    • 0