Who Can Access a File with Octal Permissions "000" on Linux/Unix

File permission meanings

Permissions as numbers are 3 octal numbers. 555, for example, when converted to 3 binary numbers is 101 101 101 which would correspond to r-x r-x r-x. The first set is owner, second set is group, third set is everyone else.

r = read

w = write

x = execute

If any of those are missing (-), then that set does not have those permissions.

How can I get octal file permissions with Ruby?

If you check section two of your libc manual (man 2 stat from the shell) you should see something like this:

The status information word st_mode has the following bits:

#define S_IFMT   0170000  /* type of file */
#define S_IFIFO  0010000  /* named pipe (fifo) */
#define S_IFCHR  0020000  /* character special */
#define S_IFDIR  0040000  /* directory */
#define S_IFBLK  0060000  /* block special */
#define S_IFREG  0100000  /* regular */
#define S_IFLNK  0120000  /* symbolic link */
#define S_IFSOCK 0140000  /* socket */
#define S_IFWHT  0160000  /* whiteout */
#define S_ISUID  0004000  /* set user id on execution */
#define S_ISGID  0002000  /* set group id on execution */
#define S_ISVTX  0001000  /* save swapped text even after use */
#define S_IRUSR  0000400  /* read permission, owner */
#define S_IWUSR  0000200  /* write permission, owner */
#define S_IXUSR  0000100  /* execute/search permission, owner */

The precise contents won't be exactly the same but the octal values should be the same on any Unixy system.

The part you're interested in would be the "this is a regular file" bit:

#define S_IFREG  0100000  /* regular */

That's where your leading 100 comes from.

If you look back at the Perl version, you'll see that they're applying a bit mask:

(stat)[2] & 07777
          ^^^^^^^

to grab just the permission bits. If you do the same in Ruby:

printf "%04o\t#{f}\n", (File.stat(f).mode & 07777)
# ----------------------------------------^^^^^^^

you'll get the sort of output that you're expecting.

If you don't have libc man pages then you can look at the OpenGroup's stat documentation which will point you at the struct stat documentation which covers the various bits in the mode:

┌─────────┬───────────┬───────────────────────────────────────────┐
│ Name    │  Numeric  │               Description                 │            
│         │   Value   │                                           │            
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IRWXU │ 0700      │ Read, write, execute/search by owner.     │ 
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IRUSR │ 0400      │ Read permission, owner.                   │            
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IWUSR │ 0200      │ Write permission, owner.                  │            
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IXUSR │ 0100      │ Execute/search permission, owner.         │
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IRWXG │ 070       │ Read, write, execute/search by group.     │ 
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IRGRP │ 040       │ Read permission, group.                   │            
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IWGRP │ 020       │ Write permission, group.                  │            
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IXGRP │ 010       │ Execute/search permission, group.         │
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IRWXO │ 07        │ Read, write, execute/search by others.    │ 
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IROTH │ 04        │ Read permission, others.                  │            
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IWOTH │ 02        │ Write permission, others.                 │            
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_IXOTH │ 01        │ Execute/search permission, others.        │
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_ISUID │ 04000     │ Set-user-ID on execution.                 │            
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_ISGID │ 02000     │ Set-group-ID on execution.                │
├─────────┼───────────┼───────────────────────────────────────────┤
│ S_ISVTX │ 01000     │ On directories, restricted deletion flag. │
└─────────┴───────────┴───────────────────────────────────────────┘

Linux file default permissions

For changing default permissions of the file created, you can use umask command. umask is user mask which is used whenever a new file is created.

umask is a three digit number with octal base. First digit decides the user permissions, second is for group while third determines the permissions for others.

umask value is used in inverted/complemented form though. That means to determine the required umask value for the permissions you want, subtract the permissions (in octal form) from 666. The result should be used as your umask value. e.g. if you want to set default permissions to rw-r--r-- (which is 644 in octal) subtract 644 from 666. The result (022) is your umask value.

To set value for umask you can simply use:

umask 022

command.

For your case here, I think you can use

umask 000

shell script to create empty files with all possible permissions

Do a loop:

for ((i=0; i < 512; i++)); do 
    mod=$(printf "%03o" "$i"); 
    touch ${mod}.txt; chmod $mod $mod.txt; 
done

Rather than trying to construct the names, if you want the names to look like the output of ls -l, just do something like

for ((i=0; i < 512; i++)); do
    mod=$(printf "%03o" "$i") 
    touch ${mod}.txt
    chmod $mod $mod.txt
    n=$(ls -l $mod.txt | cut -b1-10)
    mv -- $mod.txt "$n.txt"
done

Changing File Permissions Linux

chmod

The chmod command is used to change the permissions of a file or directory. To use it, you specify the desired permission settings and the file or files that you wish to modify. There are two ways to specify the permissions, but I am only going to teach one way.

It is easy to think of the permission settings as a series of bits (which is how the computer thinks about them). Here's how it works:

rwx rwx rwx = 111 111 111

rw- rw- rw- = 110 110 110

rwx --- --- = 111 000 000

and so on...

rwx = 111 in binary = 7

rw- = 110 in binary = 6

r-x = 101 in binary = 5

r-- = 100 in binary = 4

777

(rwxrwxrwx) No restrictions on permissions. Anybody may do anything. Generally not a desirable setting.

755

(rwxr-xr-x) The file's owner may read, write, and execute the file. All others may read and execute the file. This setting is common for programs that are used by all users.

700

(rwx------) The file's owner may read, write, and execute the file. Nobody else has any rights. This setting is useful for programs that only the owner may use and must be kept private from others.

666

(rw-rw-rw-) All users may read and write the file.

644

(rw-r--r--) The owner may read and write a file, while all others may only read the file. A common setting for data files that everybody may read, but only the owner may change.

600

(rw-------) The owner may read and write a file. All others have no rights. A common setting for data files that the owner wants to keep private.

Directory permissions

The chmod command can also be used to control the access permissions for directories. In most ways, the permissions scheme for directories works the same way as they do with files. However, the execution permission is used in a different way. It provides control for access to file listing and other things. Here are some useful settings for directories:

777

(rwxrwxrwx) No restrictions on permissions. Anybody may list files, create new files in the directory and delete files in the directory. Generally not a good setting.

755

(rwxr-xr-x) The directory owner has full access. All others may list the directory, but cannot create files nor delete them. This setting is common for directories that you wish to share with other users.

700

(rwx------) The directory owner has full access. Nobody else has any rights. This setting is useful for directories that only the owner may use and must be kept private from others.

How to calculate permissions for chmod command?

You have 3 permission types:

User (permissions applying to the file's owner)
Group (permissions applying to the file's group)
Other (permissions applying to everyone else)

For each of these types, you can allow 3 things:

Ability to read (note that you need read permissions on a directory to list it)
Ability to write
Ability to execute

If you say:

chmod 755 some_file

It gets broken down like this:

User  Group  Other
7     5      5      (octal value,  base-8)
111   101    101    (binary value, base-2 or binary)
RWX   RWX    RWX

where: R - Read, W - Write, X - eXecute

So that command would mean that the owner gets all permissions, but group members, and others can only read and execute.

There's another input format with chmod that's handy, and doesn't require you to do conversion to binary in your head. As an example, to add execute permission for user:

chmod u+x some_file

To remove those permissions, you would say

chmod u-x some_file

You can replace 'u' with 'u', 'g', or 'o' (user, group, other respectively), and 'x' with 'r', 'w', or 'x' (you get the idea).

You have to be careful with this. If you did:

chmod -R 777 some_directory

And that file contained sensitive configuration data, then you just gave 'other' (i.e. the outside world) full read permissions (meaning the web server may serve up this information).

It would also be worthwhile for you to have a look at the chown command as well.