Permissions
Basic
chmod – change file mode bits
stuff
File attributes
lsattr – list file attributes on a Linux second extended file system
$ lsattr /tmp/testdir/testfile
-----a---------- testdir/testfile
chattr – change file attributes on a Linux file system
Cannot delete file because “immutable” attribute is set.
chattr -a /tmp/testdir/testfile
chattr -i /tmp/testdir/testfile
Source: https://unix.stackexchange.com/questions/29902/unable-to-delete-file-even-when-running-as-root
https://computingforgeeks.com/how-to-solve-delete-file-operation-not-permitted-on-linux/
Documentation: https://en.wikipedia.org/wiki/Chattr
ACLs
getfacl – get file access control lists
setfacl – set file access control lists
-b, --remove-all | Remove all extended ACL entries. The base ACL entries of the owner, group and others are retained. |
-k, --remove-default | Remove the Default ACL. If no Default ACL exists, no warnings are issued. |
-d, --default | All operations apply to the Default ACL. Regular ACL entries in the input set are promoted to Default ACL entries. Default ACL entries in the input set are discarded. (A warning is issued if that happens). |
-R, --recursive | Apply operations to all files and directories recursively. This option cannot be mixed with `–restore’. |
-m, --modify | modify the ACL of a file or directory |
-x, --remove | remove ACL entries |
Clear all ACLs
setfacl -bk folder
Add/modify the bareos group to rx
setfacl -m g:bareos:rx folder
removes access for the “other” user
setfacl -m "other::---" somefolder
setfacl -dm "other::---" somefolder
Examples from the man page
Granting an additional user read access
setfacl -m u:lisa:r file
Revoking write access from all groups and all named users (using the effective rights mask)
setfacl -m m::rx file
Removing a named group entry from a file's ACL
setfacl -x g:staff file
Copying the ACL of one file to another
getfacl file1 | setfacl --set-file=- file2
Copying the access ACL into the Default ACL
getfacl --access dir | setfacl -d -M- dir
https://www.computerhope.com/unix/usetfacl.htm
https://horusec.info/linux/linux-file-acl-extended-permissions/
https://wiki.archlinux.org/title/Access_Control_Lists
NFSv4 ACLs
Flag | Linux name | Windows meaning |
---|---|---|
r | read_data | List folder / Read data |
w | write_data | Create files / Write data |
x | execute | Traverse folder / Execute file |
p | append_data | Create folder / Append data |
D | delete_child | Delete subfolders and files |
d | delete | Delete |
a | read_attributes | Read attributes |
A | write_attributes | Write attributes |
R | read_xattr | Read extended attributes |
W | write_xattr | Write extended attributes |
c | read_acl | Read permissions |
C | write_acl | Change permissions |
o | write_owner | Take ownership |
y | synchronize | ? |