Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
201
hpr_transcripts/hpr0992.txt
Normal file
201
hpr_transcripts/hpr0992.txt
Normal file
@@ -0,0 +1,201 @@
|
||||
Episode: 992
|
||||
Title: HPR0992: LiTS 007: Chmod and Unix Permissions.
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0992/hpr0992.mp3
|
||||
Transcribed: 2025-10-17 17:04:37
|
||||
|
||||
---
|
||||
|
||||
Welcome to Linux in the Shell episode 7 Unix file permissions in the CH mod command.
|
||||
My name is Dan Washko, I'll be your host, and start off I'd like to thank hacker public
|
||||
radio for hosting the website and these audio files and then remember if you have not read
|
||||
the website the entry for episode 7 at linuxinachel.org I encourage you to do so after listening
|
||||
to this audio to solidify the command in your mind and to watch the example video okay
|
||||
Unix file permissions or Linux file permissions because they're pretty much the same thing
|
||||
operate on three basic permissions read, write and execute and those permissions are applied
|
||||
to three different levels. They're applied to the owning user, the owning group and the
|
||||
own everybody else. So let's start by talking about the permissions and when I talk about
|
||||
permissions on files I'm talking about specifically files, not directories, in the Unix world
|
||||
pretty much everything is a file, even a directory, although a directory is a special
|
||||
type of file. There is a differentiation between how permissions are applied to files and
|
||||
to directories, which I'll cover in just a second, but at the level of a file the three
|
||||
permissions read, write and execute, operate in this manner. Read permission allows you to
|
||||
open a file and look at the contents of a file and look at the doing an LS command, LS-L
|
||||
command allow you to see the different aspects of the file. So with read you can open a file
|
||||
and look at the contents in this information. With a write permission allows you to alter
|
||||
or create a file, allows you to alter the contents of the file to delete a file if you
|
||||
want to. So it allows you to change that file is what it does. And finally the execute
|
||||
bit allows you to execute a file and whether it's a shell script or a binary or whatever
|
||||
allows you give permission to run that file as a program or as a shell script. Those
|
||||
permissions differ for a directory though. Now the read permission on a directory means
|
||||
that you have the ability or permission to read any files in that directory that you
|
||||
have permissions to read explicitly on those files, but it doesn't allow you to list the
|
||||
contents or to actually see those files in that directory so to speak. To do that you
|
||||
need the execute a little bit on the directory. Now the execute a little bit gives you two
|
||||
things. It allows you to list the contents of a directory and allows you to change into
|
||||
or CD into that directory. So if you had a directory called my directory and you had read
|
||||
but not execute and you ex issued LS slash my directory you would get permission denied.
|
||||
But if you had a file in there called test and you did LS the name of the direct my directory
|
||||
slash test you'd be able to see that file. If you wanted to open it with the less command
|
||||
you can type LES less my file slash test and open it. But you cannot view it by Lessing
|
||||
the direct directory nor can you use a wild card into that directory to open that file.
|
||||
Basically understand that on a directory if you want to be able to list the contents of the
|
||||
directory and if you want to be able to change into the contents of the directory or to use a wild
|
||||
card inside the directory you need the executable permission on there. Read only allows you to look at
|
||||
a file specifically that you have ownership to look at to begin with. You have to name that file
|
||||
in there. Also with read on a directory and execute on a file you could execute the file so
|
||||
long as you can you specify the name of it. You don't need the execute bit on the directory.
|
||||
Execute bit on the directory only gives you the ability to list all the files in the directory
|
||||
or to change into the directory. Be aware of that. Now write permission on a directory operates
|
||||
a little differently than it does on a file. It can override the right permission on a file so
|
||||
if you have right capabilities to a directory and you want to alter a file in that directory that
|
||||
you don't have right permissions to it will ask you say hey you don't really have right permissions
|
||||
to this file are you sure you want to do this to which you have to answer yes or if you're like
|
||||
in the vi or vim and you're trying to edit a file in there that you don't have you'll have to
|
||||
provide the bang to the right option that explicitly say okay do that so that's what right does
|
||||
on a directory as opposed to on a file. With that clear down these permissions are applied at the
|
||||
owning user the owning group and all others so for a single file or directory there are three sets
|
||||
of permissions one for the owning user one for the owning group and run for all others so you can
|
||||
specify permissions at user level group owning owner owner call that owner group only group level
|
||||
and for everyone else. Now there are three special permissions in Linux and these special
|
||||
permissions are called set user ID bit set group ID bit and set sticky bit and the way that
|
||||
these work in Linux may differ from other flavors of Unix but I believe how they work in Linux and
|
||||
BSD are pretty much the same thing. The set user ID and set group ID bit allow you to these are mainly
|
||||
for executing an application or a script a program or a script what that does is if you're going
|
||||
to execute that you execute it and it's executed as either the owning user or the owning group all right
|
||||
so if the set user ID bit is on a file and you run that and you have the executable ability to
|
||||
that when you run that it'll run as the owning user and if it's set at the group level it will run
|
||||
as the owning group used to have to do this I forget with which one it was but there used to be
|
||||
some old somba directory browsing utilities or GUI based somba applications that I believe
|
||||
required you to set some of the somba stuff as set UID bit on the root user so that when you
|
||||
executed the somba command that the GUI application required and ran somba stuff as the root user
|
||||
so you can mount somba directors and stuff I think that that was long ago that was back in the day
|
||||
now the set sticky bit allows you to what that does is when you set the sticky bit on a directory
|
||||
that what that does is override the directory execute or write option what that does is any file
|
||||
in there you can only delete that file if you are the owner if you are not the owner you cannot
|
||||
delete or alter that file when the sticky bit is set on a directory and I guess I didn't specify
|
||||
this and I'm going to say now generally the sticky bit is set on directories not on files but
|
||||
generally on directories and a great example is the temp directory so if you do an ls dash ld slash
|
||||
tmp and look at the values on your temp directory it'll come back and report the values as being
|
||||
rewrite execute rewrite execute rewrite t and the sticky bit is set for all others on that
|
||||
so even though you have rewrite execute capabilities in that directory you can't delete a file
|
||||
that is owned by somebody else so that overrides like the directory right bit in that case
|
||||
little information there about specifying the ls dash l command when you're looking at that the
|
||||
view of files permissions or directories permissions you'll notice that you'll either get
|
||||
you'll get rewrite x rewrite x rewrite x or some derivation in there if you don't have the
|
||||
permission it's just a dash and those three sets that's 12 I'm not 12 that's nine columns right
|
||||
there those three sets but you'll notice there's one leftmost column that could be a dash a d
|
||||
or some other letter that that's telling you the type of file that you're looking at the type of
|
||||
file whether it's just a file is a regular dash whether it's a directory is a d there's
|
||||
character file which is a c so understand what that means that that leftmost column right there
|
||||
that first column that you're looking at all right so now we kind of have a better understanding
|
||||
of the Linux file permissions what if you need to change that that's done by using the CH mod
|
||||
command change or some people call change mod or CH mod CH mod CH mod command however you want
|
||||
to say it basically the CH mod command is short for changing the mode bit so it's changing the
|
||||
permission bit very simple command to use takes two parameters one is the permissions that you want
|
||||
to set and the second one is the square you want to set those permissions be it a file group of
|
||||
files or directory now there are two ways that you can specify the permissions one is in symbolic
|
||||
mode which is probably the easiest for new users any other one is an octal mode which is my preferred
|
||||
mode is not that difficult to use and is a little more short form or precise I think not that
|
||||
symbolic mode isn't precise but we'll cover octal mode in just a minute so I had specified that
|
||||
there are three groups user owning user owning group and all others that's you geo we specify you
|
||||
equals owning user g equals owning group and oh equals all others there's a there's a fourth
|
||||
way that you can specify and that's a for all or everyone so it's you geo a is what to remember
|
||||
you for user you owning user g for owning group oh for others and a for everyone all right so
|
||||
you specify that by by passing to it in symbolic mode one of those values you geo a
|
||||
and then either using equals plus or minus and then the permissions so then if you wanted to
|
||||
specify like um the owner has all permissions it would be CH mod u equals read write r w x
|
||||
and then the file now again r equals read w equals write x equals executable I don't think I
|
||||
specify that in the beginning r equals write I'm sorry r equals read w equals write x equals
|
||||
executable so again to give the owning user all permissions read write and execute it's CH mod
|
||||
u equals read r w x and then name it a file now if you wanted to specify all three different group
|
||||
permissions for instance you user owning user you wanted to give all permissions group you only
|
||||
wanted to give read and execute and all other users just read it would be u equals r w x comma g
|
||||
equals r x comma oh equals r that would give owning user all rewrite and execute permissions
|
||||
owning group read and execute permissions and all others just read permissions now you can specify
|
||||
instead of equals you can add or subtract permissions by specifying like u plus r
|
||||
asterisk dot log would give every would give the owner read permissions to all the log files if
|
||||
they already didn't have it secretly you can do the same thing with the map minus which would be
|
||||
to remove a permission for that group so symbolic takes the use of u g o a owning user owning group
|
||||
all others or everybody and provides one of the permissions r equals read w equals write x equals
|
||||
execute now the other special permissions I talked about sticky bit and set uid and set group
|
||||
their symbolic representations are t for sticky bit s for set uid or set gid bit so if you wanted
|
||||
to set one of those values you can do that but I think a better way to kind of set those values
|
||||
the symbolic special symbolic values special values is to use octomode an octomode is very very simple
|
||||
once you get it down it's just it's really dead easy to think about octomode is using the octal
|
||||
values of those permissions and providing for each group each set the octal value so you sum up
|
||||
the octal values of each individual permission for that group it's going to be a value of 0 to 7
|
||||
so read permission equals 4 write permission equals 2 and execute permission equals 1 so if you look
|
||||
at that if you look at that and read the values octally so you have the leftmost of the three read
|
||||
right and execute is read write and execute the first one all the way to the right execute is
|
||||
either 1 or 0 the middle one right is a value of 2 or 0 and then the third one read is a value of
|
||||
4 or 0 so remember that counting octally 1 or 0 2 or 0 4 or 0 you look at those values read
|
||||
right and execute it's either going to be one of those three values or 0 so you add them up
|
||||
so if you had all three permissions read right and execute that would be read which equals 4
|
||||
plus write which equals 2 so that's 4 plus 2 plus execute which equals 1 so that's 4 plus 2 plus 1
|
||||
equals 7 that gives you the full value of read right execute 7 if you just have read and execute
|
||||
that's read which equals 4 write which is not set which equals 0 and execute x which equals 1
|
||||
so that's 4 plus 0 plus 1 which equals 5 if you had read and write but not execute that's
|
||||
read which equals 4 write which equals 2 and execute which equals 0 so 4 plus 2 plus 0 equals 6
|
||||
that gives you a value of 6 now you specify one of the octal value for each of the owning user
|
||||
owning group and owning or everyone else so unlike the symbolic mode where you can you can specify
|
||||
either everyone or one or two people and and switch it like that in octal mode you're going to
|
||||
specify the full list of permissions for everybody so if you wanted to give the owning user
|
||||
all permissions the owning group read and execute and everyone else just read those values would be
|
||||
CH mod 7 for all permissions and then 5 for read and execute on the owning group and then 4 which
|
||||
is just read on everyone else so once you get the octal representation down it's pretty darn easy
|
||||
to set the octal values right away those three special permissions each have an octal value too
|
||||
that sticky bit which is primarily put on directories like I said is 1 the octal value that is 1
|
||||
the group set you ID bit octal value is 2 and the user set you ID bit set you ID bit octal value is 4
|
||||
and those occupy the fourth or actually the left most fourth bit the left most bit
|
||||
so if you're counting from right to left and octal this column 1 is for everyone column 2 is for
|
||||
the owning group column 3 is for the owning user and the fourth column is for those special
|
||||
permissions now that fourth column is optional if you're not setting a special permission if you're
|
||||
not setting a special permission the value is 0 so you can either put 0 or you can leave it empty
|
||||
now that's important to realize okay why can you leave it empty and just ignore it sets it to 0
|
||||
those values to 0 understand that that applies for the whole thing all right and then when I said
|
||||
that you need to specify the the octal values for uh UGL that's very important because if you don't
|
||||
okay it starts to apply those values to the right most bit so the first bit first group and then
|
||||
it moves forward so if you were only specify CH mod 7 some file what that sets the permissions to
|
||||
is it set 7 read right next to your permission everyone all right so the owning user doesn't have
|
||||
any permissions the owning group doesn't have any permissions but everyone has read right access
|
||||
it's equivalent to saying CHMOD 007 on that file and if you did like 2 and 7 you would get the same
|
||||
thing you would get owning user no permissions owning group has right permissions everyone else read
|
||||
right execute that'd be equivalent on saying CHMOD 027 so be aware of that you need to at least
|
||||
specify for those three groups UGL special bit the fourth one is optional so that's it that's
|
||||
basically permissions in a nutshell very simple there are a few flags that you can use in conjunction
|
||||
with the CHMOD command probably one of the most useful ones is the dash capital R or dash dash
|
||||
recursive which will set those permissions um at on all files and directories and sub-directories
|
||||
underneath that directory or where you currently are um so be aware of that that it will do that
|
||||
recursively and a lot of times I've used that for certain things uh if you do that at the root
|
||||
level it will change your root file system permissions as long as you're the root person
|
||||
running it as root all the way there's an option in there a flag called dash dash preserve dash
|
||||
root which will not operate recursively on the root directory that's not set by default okay if you
|
||||
as root do CHMOD 666 slash root you're going to change all the permissions in that root directory
|
||||
that so everybody has read and write and no executable permissions on every single file uh if you
|
||||
tried to do that with the dash dash preserve dash root it would prevent you from doing it I don't
|
||||
recommend messing around with it anyhow there is an option dash dash no dash preserve dash root
|
||||
which uh is the default which doesn't preserve root all right so just be aware of that default
|
||||
doesn't preserve root when you issue the CHMOD commands you generally won't get an output
|
||||
but you will get um a response if there's an error if you want to see what's being done there is the
|
||||
dash dash verbose or dash v mode now take take into consideration CHMOD dash v uh unlike a lot of
|
||||
commands doesn't give you the version it goes into verbose mode if you want to see version it's
|
||||
dash dash version but the dash v will tell you exactly what it is doing with all the files that
|
||||
it processes so if it changes a permission it tells you what it changes to if it doesn't change
|
||||
a permission it tells you that it didn't change a permission so that's verbose mode if you only
|
||||
want to see what changes are made there's the dash c or dash dash changes which will only report
|
||||
any changes it makes so if it doesn't change its positions on the file of directory it doesn't
|
||||
report it to you but if it does you'll see what it changed it'll tell you what it did uh and finally
|
||||
there's the dash f or dash dash silent or dash dash quiet mode which will suppress pretty much
|
||||
every single error message that could be thrown by CHMOD if you don't have the if it's if it catches
|
||||
an error or you don't have permission to do something um so CHMOD file permissions pretty basic
|
||||
thanks for listening remember support hacker public radio if you haven't checked out the website
|
||||
for this write-up do so my name is Dan and thank you very much and have a great day
|
||||
you have been listening to hacker public radio or hacker public radio does our
|
||||
we are a community podcast network that releases shows every weekday Monday through Friday
|
||||
today's show like all our shows was contributed by an hbr listener by yourself
|
||||
if you ever consider recording a podcast then visit our website to find out how easy it really is
|
||||
hacker public radio was founded by the digital dog pound and new phenomenal computer cloud
|
||||
hbr is funded by the binary revolution at binref.com all binref projects are crowd-sponsored by
|
||||
linear pages from shared hosting to custom private clouds go to lunar pages.com for all your hosting
|
||||
needs unless otherwise stasis today's show is released under a creative comments attribution share
|
||||
like the social license
|
||||
Reference in New Issue
Block a user