permissions_cheatsheet.txt

# Permissions cheatsheet

`chmod [a]bcd`

* bit a — sticky:1/setgid:2/setuid:4 (optional, default: 0)
* bit b — owner    | x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7
* bit c — group    | x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7
* bit d — everyone | x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7

note: only file/dir owner can chmod it
note: scripts need both x and r permissions to execute
  (that's because scripts are *read* into interpreter)
  (only r is enough if ran via `ruby script.rb`, `sh script.sh`)

## Files

sticky on files:                no effect
setgid on execable binaries:    no matter who executes, process owned by file's group
setuid on execable binaries:    no matter who executes, process owned by file's owner
setuid/setgid on scripts:       ignored due to security issues
setuid/setgid on non-execables: no effect[1]

## Dirs

x on dirs:
  - cd into dir
  - stat the dir (used by ls -l)
  - access/delete files in dir (inode lookup)
w on dirs: add/delete/rename files (requires x for inode lookup)
r on dirs: ls the dir

note: having xw on a dir is enough to delete any file in it
  (unless it has sticky bit)

sticky on dirs: (only used when writable by group/everyone)
  - files in dir can only be edited/deleted by their owner (think /tmp)
  - any symlinks will only work if target is somewhere under this dir
setuid on dirs: no effect
setgid on dirs:
  - all new files/subdirs in this dir inherit its group (not user's)
  - all new subdirs inherit this bit

[1]: There is an exception. See section "SUID and SGID on non-executable files" here: http://content.hccfl.edu/pollock/AUnix1/FilePermissions.htm