file permissions

Andrew McNabb amcnabb at mcnabbs.org
Fri Jan 20 12:27:36 MST 2006


On Fri, Jan 20, 2006 at 11:01:28AM -0700, Ross Werner wrote:
> Maybe I'm just weird because I always forget crap about the symbolic
> notation (wait, does "a" mean "all" as in everyone, or "all" as in
> everyone besides user and group?) and find the numeric representation
> much more easier to read quickly. "750" is immediately obvious to me
> what it's doing, whereas representing the same thing in symbolic
> notation takes me a bit of effort to decipher what's going on.

Here's the problem with your approach (which I admittedly use more often
than not).

Say you have a directory tree, and all of the files in this directory
are group- and world-readable.  You decide that you want to make them
readable only by the owner.  You run something like:

find $directory -exec chmod 600 '{}' \;

Whoa, now the executable files aren't executable anymore, and you can't
cd into the directories.  So then you try:

find $directory -exec chmod 700 '{}' \;

Now _everything_ is executable!  That's a bad idea.

You could have run the following at the beginning:

find $directory -perm 755 -exec chmod 700 '{}' \;
find $directory -perm 644 -exec chmod 600 '{}' \;

That's really ugly.  You might even miss some files, that have been
chmodded in the past in some way or another, and to correct that problem
you'd have to make it even uglier.

Just stick with:

find $directory -exec chmod go-a '{}' \;

and you'll live happily ever after.


-- 
Andrew McNabb
http://www.mcnabbs.org/andrew/
PGP Fingerprint: 8A17 B57C 6879 1863 DE55  8012 AB4D 6098 8826 6868
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20060120/6601b505/attachment.bin 


More information about the PLUG mailing list