How to get "drwx---r-x+" folder permission using CHMOD? - Bash script

Wcatter picture Wcatter · Mar 16, 2015 · Viewed 43.9k times · Source

I am facing a problem when moving some files across my network and seems to be caused by file permissions.

Currently I have folders with this permissions drwxrwxrwx. I need to run a bash script that change permissions to drwx---r-x+

ACL needs to be there.

I don't quite understand how can I achieve the same permissions using CHMOD commands. I have tried so far:

chmod -R ugo=rx "file"

But this seems to change to dr-xr-xr-x, which is not enough...

So the question is, which command should I run to achieve drwx---r-x+ ??

Thanks in advance.

PS. This command must run in MACOSX Maveriks so "setfacl" command will not help.

Answer

ghoti picture ghoti · Mar 16, 2015

The permissions drwx---r-x+ break down as follows:

  • d is a directory, of course.
  • rwx means it's readable, writeable and accessible by the user. These three bits can be represented by the octal number 7.
  • --- means that the three aforementioned bits are NOT set for the group assigned to the directory. No bits are set, so the octal number is 0.
  • r-x means that users who aren't matched by the first two categories -- that is, everybody else, or "other" -- can read and access content of the directory, but can't write to it. The bits here are in the ones column and the fours column, so the octal number that represents this permission is 5.
  • + indicates that there is "extended security information" associated with this directory which isn't shown in standard ls "long format". An access control list, for example.

To set the basic permissions of this directory, you can use either the octal short-hand:

$ chmod 705 directoryname

or you can use the "symbolic" representation:

$ chmod u+rwx,g-rwx,o+rx-w directoryname

Obviously, the shorthand is ... shorter.

For the extended security information denoted by the +, you'd need to find out what is set up in order to replicate it. The ls command has a -e option to have it show extended security settings.

To actually set your ACLs from the command line, you'd use chmod'a =a, -a and +a options. Documentation about this is available in OSX from man chmod. From that man page:

         Examples
          # ls -le
          -rw-r--r--+ 1 juser  wheel  0 Apr 28 14:06 file1
            owner: juser
            1: admin allow delete
          # chmod =a# 1 "admin allow write,chown"
          # ls -le
          -rw-r--r--+ 1 juser  wheel  0 Apr 28 14:06 file1
            owner: juser
            1: admin allow write,chown