chmod

CHOWN & CHMOD - R

25 Feb 2025 - Posted in Linux/Unix by VB

CHOWN

chown -R user:mail ./* ./.[!.]*

CHMOD

-#to remove executable permissions

chmod -R 600 /path

-# to make directories transversal

chmod -R u=rwX,g=,o= /path

Above. for the user owner i'm giving capital "X", so it does apply only to directories and not files

-# all files in the current directory, recursively, including hidden files

chmod 755 -R ./* ./.[!.]*

-#all files in the current directory, not recursively, including hidden files

chmod 755 ./* ./.[!.]*

Notes: This will not change an exception filename starting with 2 dots, as example,

./..weirdfilenamehere.txt

Also, be careful not to remove the x bit, or else all your directories will not be accessible (one needs the x bit to cd into a directory).

Remember this: never use bare * but ./* instead.

To avoid problems setting permissions on directories, use find instead.

find . -type f -exec chmodVALUE{} \;

ACL (Access Control Level)

-# To apply the ACL

setfacl -Rm u::rwX,g::0,o::0 /path

-# To make the applied ACL default policy so newly created files will inherit the desired permissions.

setfacl -Rm d:u::rwX,g::0,o::0 /path

Again using capital X so it applies only to directories and not files.

CHOWN - Stackoverflow Forum || CHMOD & ACL - SuperUser Forum

Linux - Find files having 0777 permission level!

25 Jun 2023 - Posted in Linux/Unix by VB

A 0777 permission means -rwxrwxrwx for files & drwxrwxrwx for folders. Look it up here for more details.

Again, I will not try and go on about how security matters and how the incorrect file permission makes your Linux system vulnerable.

A file with permission 0777 is open to everyone for read and write. Any user logged in to system can write to this file. Which can be harmful for your system.

In some conditions you do require 0777 permissions, like log files. However, in most cases it is best to not have this.

The easiest way to locate all files having 0777 permission is:

find /path/to/dir -perm 777

The -perm command line parameter is used with the find command to search files based on permissions. You can use any permission instead of 777 to find files with that permission details only.

For example to search all files with permission 0777 under the logged in user home directory, type:

find $HOME -perm 777

The above command will search all the files & directories with permission 777 under the specified directory.

But if you don’t want to include directories in this list. Define the type with -type in command line parameter as below.

This will search only files with permission 777 under the /var/www directory.

find /var/www -perm 777 -type f

To search for directories only, type:

find /var/www -perm 777 -type d

Linux - Change Permissions Recursively

25 Jun 2023 - Posted in Linux/Unix by VB

I will not go long, but never, never, ever set file permissions to 0777 on production servers (or for that matter any server). This leads to WORLD writable and leads to security issues, including take-over/spamming and what not.

Always keep the file and directory permissions to minimal. Many applications frameworks request/suggest to keep permissions for all directories to 0755, and all files to 0644.

So, let us try that out and do it smartly this time.

Change Permissions Recursively

Change directory with cd command to the desired location under which you need all directories to have the permission level to 0755, and all files to 0644.

cd /home/user/public_html

Then use the first command below to chmod 0755 for all directories and sub directories. The second command will change all the files permission to 0644 (chmod 0644) under the directory tree.

find . -type d -exec chmod 0755 {} ; find . -type f -exec chmod 0644 {} ;

You can also change permission using xargs command to do this quickly.

find . -type d -print0 | xargs -0 chmod 755
find . -type f -print0 | xargs -0 chmod 644

Here the directory permission 0755 is similar to “rwxr-xr-x” and the file permission 0644 is equal to “rw-r–r–“.

Change Permission for Specific files

Instead of changing permission for all files, you can also target the specific files with similar extensions. For example, if you have a PHP application on your server, & you don’t want to allow others to execute the PHP files, then use the following command to chmod 0640 all of those files with php extension:

find . -type f -name "*.php" -exec chmod 0640 {} ;

The file permission 0640 will restrict others with no permissions. This adds an extra layer of security under permissions.