xab3r · August 29, 2015 14:07
diff --git a/permissions_cheatsheet.txt b/permissions_cheatsheet.txt
 # Permissions cheatsheet

 `chmod [a]bcd`

 * bit a — sticky:1/setgid:2/setuid:4 (optional, default: 0)
 * bit b — owner    | x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7
 * bit c — group    | x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7
 * bit d — everyone | x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7

 note: only file/dir owner can chmod it
 note: scripts need both x and r permissions to execute
  (that's because scripts are *read* into interpreter)
  (only r is enough if ran via `ruby script.rb`, `sh script.sh`)

 ## Files

 sticky on files:                no effect
 setgid on execable binaries:    no matter who executes, process owned by file's group
 setuid on execable binaries:    no matter who executes, process owned by file's owner
 setuid/setgid on scripts:       ignored due to security issues
 setuid/setgid on non-execables: no effect[1]

 ## Dirs

 x on dirs:
  - cd into dir
  - stat the dir (used by ls -l)
  - access/delete files in dir (inode lookup)
 w on dirs: add/delete/rename files (requires x for inode lookup)
 r on dirs: ls the dir

 note: having xw on a dir is enough to delete any file in it
  (unless it has sticky bit)

 sticky on dirs: (only used when writable by group/everyone)
  - files in dir can only be edited/deleted by their owner (think /tmp)
  - any symlinks will only work if target is somewhere under this dir
 setuid on dirs: no effect
 setgid on dirs:
  - all new files/subdirs in this dir inherit its group (not user's)
  - all new subdirs inherit this bit

 [1]: There is an exception. See section "SUID and SGID on non-executable files" here: http://content.hccfl.edu/pollock/AUnix1/FilePermissions.htm
	# Permissions cheatsheet

	`chmod [a]bcd`

	* bit a — sticky:1/setgid:2/setuid:4 (optional, default: 0)
	* bit b — owner \| x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7
	* bit c — group \| x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7
	* bit d — everyone \| x:1/w:2/r:4 - xw:3/xr:5/wr:6/xwr:7

	note: only file/dir owner can chmod it
	note: scripts need both x and r permissions to execute
	(that's because scripts are read into interpreter)
	(only r is enough if ran via `ruby script.rb`, `sh script.sh`)

	## Files

	sticky on files: no effect
	setgid on execable binaries: no matter who executes, process owned by file's group
	setuid on execable binaries: no matter who executes, process owned by file's owner
	setuid/setgid on scripts: ignored due to security issues
	setuid/setgid on non-execables: no effect[1]

	## Dirs

	x on dirs:
	- cd into dir
	- stat the dir (used by ls -l)
	- access/delete files in dir (inode lookup)
	w on dirs: add/delete/rename files (requires x for inode lookup)
	r on dirs: ls the dir

	note: having xw on a dir is enough to delete any file in it
	(unless it has sticky bit)

	sticky on dirs: (only used when writable by group/everyone)
	- files in dir can only be edited/deleted by their owner (think /tmp)
	- any symlinks will only work if target is somewhere under this dir
	setuid on dirs: no effect
	setgid on dirs:
	- all new files/subdirs in this dir inherit its group (not user's)
	- all new subdirs inherit this bit

	[1]: There is an exception. See section "SUID and SGID on non-executable files" here: http://content.hccfl.edu/pollock/AUnix1/FilePermissions.htm