Permissions

an easy introduction + deep dive

Dan Fitch

2021-07-26

What are permissions even

  • Who can enter a folder?
  • Who can view a file?
  • Who can edit a file?

What does this talk apply to?

  1. The study drive, as hosted by Brain Imaging
  2. Linux/UNIX permissions
  3. (and how to view permissions via network shares on Mac/Windows)

Viewing on Sonora

Right click, Properties, Security tab
Note that I said "viewing" - editing in here is C̜̠̫̦᷿᷿͇̠̮͑᷈͗̉ͧ︡h̼̮͕͔︣͑a͎̫̘̪̫̙̐o̺͔̲̓ͤs͇̻̱̣̙͚̤̜̖͑ M̹͎̃̀ͫo̠̦̣̠ͦḑ̯̦͉͎᷿᷂̫̰̞︠̃͆e̡͖̮̱᷂͉̝͈̤᷀ͧ.

Simple file

Screenshot of file details on Windows

Folder

Screenshot of folder details on Windows

Folder "advanced" view

Screenshot of folder details on Windows

Locked folder

Screenshot of locked folder on Windows

Viewing on a Mac

Just do ⌘I Get Info and scroll down to the bottom, expanding Sharing & Permissions.

Sample locked folder

Screenshot of locked folder on a Mac

Who can change...

Group membership

Group membership is inside Jarvis, and can be changed by study admins.
Some studies have multiple subgroups for locking specific folders down.
You can see breakdowns of those groups at the bottom of study pages.

Who can change...

Permissions on something directly?

Anyone know?
Only the owner and root (Ty)
That's why you often have to email bit_help to get permissions changed, especially in study directories with many different owners.

Access is not checked recursively

If there is a file inside a directory, and you have read access to the file but not read access to the directory, you can still read the file.

INTERMISSION

(any questions so far?)

Deep dive

sploosh
(seriously, you can run away now)

Bitmasks in ls

But what's that dashed -rwxr-x--- stuff?

Bitmasks breakdown

777? 775?

Symbolic permissions

Instead of remembering chmod 775, you can do things like:
chmod u+x: user executable
chmod a+x: user, group, AND other executable
chmod o-rwx: other NOT readable, writable, or executable

Special permissions

Other Unix bits

SUID

chmod u+s ...

Always executes as the user who owns the file

On a directory? DON'T KNOW

SGID

chmod g+s ...

Always executes as the group who owns the file

On a directory, any files created there will have the group ownership set to that of the directory owner

Sticky bit

chmod +t directory

On a directory, only allows owner to delete or rename contents... used for /tmp and places like that

Umask

umask defines the default settings for permissions on stuff you create.
The default permissions on a folder are 777, and on a file, 666.

Your umask is subtracted from the defaults, so with the default umask of 002:

folders get 775 (other can't write)

files get 664 (nobody can execute, other can't write)

Probably don't change this unless you know what you're doing!

THE END

(or, Q&A time!)