# Standard Permissions - perm sets: user, group, other - ability to set rwx for for each set - x for directories corresponds to viewing contents therein - `ls -al` shows owner and owner's group after perm sets - `sudo chmod g-w file_name` removes write perm for group for file - `sudo chmod g+w,o-r file_name` adds write perm for group and removes read perm for others for file - `sudo chmod 777 file_name` sets rwx for user, group, other - `sudo chown user_name file_name` changes owner of file to user - `sudo chgrp group_name file_name` changes group associated with file - `umask` shows current value in octal notation - subtracts umask value from 666 for files - typical default umask value = 022, which produces file perms = 644 (-rw-r--r--) - subtracts umask value from 777 for directories - typical default umask value = 022, which produces directory perms = 755 (-rwxr-xr-x) - `umask -S` shows current value in symbolic notation # ACLs (access control lists) - fine-grained control of files as opposed to standard perms - `getfacl file_name` shows ACL info for file ![[images/Pasted image 20250806201935.png]] - `sudo setfacl -m user:rw file_name` adds ACL entry for user without changing default perms - extra ACL shown as "+" when perming `ls -al` ![[images/Pasted image 20250707095327.png]] - `sudo setfacl -m u:user_name:rw file_name` modifies specified ACL entries - -x removes specifies ACL entries - -b removes all ACL entries - -k removes all default ACL entries, - -R recursively applies ACL modifications - --test performs a dry run - `setfacl -m m::rw file_name` set masks for a file - `setfacl -d -m m:rw directory_name` sets default mask for a directory # Attributes - `lsattr file_name` shows attributes for file ![[images/Pasted image 20250806201926.png]] - `sudo chattr +i file_name` adds immutable attribute to file - common attributes: - -a append only - -i immutable (cannot delete even as root user) - -c automatically compressed on disk - -E encrypted by fs