In my travels today I came across the Pythian Group’s Seven deadly habits of a DBA… and how to cure them.

Citing such pitfalls as blind faith in backups, lack of monitoring and finger pointing we’ve all seen these symptoms at one point or another, and they’re all worth some attention. While many of these are largely a product of inexperience I’ve seen my favorite, number 4, The Memory Test at all levels. The “if it happens again I’ll remember how we fixed it” syndrome is often a product of another environmental problem, a lack of documentation procedure. This exact problem is one reason I started blogging in the first place!

Check out the whole list, including their suggested cures for these problems.

dba, database, database administration, oracle

By default, Linux and UNIX permissions for new directories are typically set to 755 allowing read, write, and execute permissions to user and only read and execute to group and other users. Conversely, file permissions default to 644 allowing read and write access to user but only read to group and others. These defaults are controlled by the user file-creation mask or umask.

A user or administrator may want to change the Linux default permissions by using the umask command in a login script. The umask command can be used without specifying any arguments to determine what the current default permissions are. The value displayed by umask must be subtracted from the defaults of 777 for directories and 666 for files to determine the current defaults. A typical umask which will generate the permissions listed in the previous paragraph would be 0022. The first digit pertains to the sticky bit which will be explained further later.

The –S option can be used to see the current default permissions displayed in the alpha symbolic format. Default permissions can be changed by specifying the mode argument to umask within the user’s shell profile (.bash_profile for the bash) script.

The following are some examples.

Using umask to Set Default Permissions

$ umask
0022

$ umask -S
u=rwx,g=rx,o=rx

$ umask 033

$ umask
0033

$ umask -S
u=rwx,g=r,o=r

The default umask will cause users to create files which any user can read. In many instances where you have a multi-user system this is not desirable and a more appropriate umask may be 077. That umask will enforce the default permissions to be read, write and execute for the owner and no permissions for the group and other users.

Easy Linux CommandsFor more tips like this check out my book Easy Linux Commands, only $19.95 from Rampant TechPress.

Buy it now!


unix, linux, umask, shell, bash, sysadmin, system administration

My book Easy Linux Commands: Working Examples of Linux Command Syntax has received another 5-star review on Amazon. Here’s what reviewer Ben Prusinski has to say:

After wading through a maze of complex Linux tomes that are geared toward experienced Unix administrators, I finally found an excellent tips and tricks guide that can walk a novice through the maze of Unix commands. This book is easy to follow and makes using Linux operating system a breeze rather than a painful austerity. Highly recommended!

I’m glad people are finding the book useful! Thanks for the feedback Ben.

Easy Linux CommandsCheck out Easy Linux Commands for yourself, only $19.95 from Rampant TechPress.

Buy it now!


linux, unix, linux commands, command line, redhat, ubuntu, book, technology, information technology, system administration, sysadmin

The read, write and execute permissions apply slightly differently to directories than they do to files. The read permission on a directory controls the ability to list the contents of that directory. In this example we’ll create a directory and place a blank file in it. We’ll then modify the permissions on the directory so the owner cannot see the contents.

$ mkdir secret_dir
$ touch secret_dir/my_secret.txt
$ ls secret_dir/
my_secret.txt
$ chmod u-r secret_dir/
$ ls secret_dir/
ls: secret_dir/: Permission denied
$ cd secret_dir/
$ ls
ls: .: Permission denied
$ cd ../

We see that we get a Permission denied error when trying to view the contents of the directory when the read permission has been revoked. Despite not being able to see what is in the directory we can still change our working directory to that directory.

The write permission on a directory behaves somewhat as expected. If a user has write on a directory they can create or remove files from that directory even if they are not the owner of the files. This is important to note as giving a user, group or other users write on a directory with other user’s files in it will allow them to delete other users files.

Now we’ll give read permissions back to the owner and revoke the execute permission:

$ chmod u+r secret_dir/
$ chmod u-x secret_dir/
$ ls secret_dir/
my_secret.txt
$ cd secret_dir/
-bash: cd: secret_dir/: Permission denied

We can now view the contents of the directory again but look at what happened when we tried to cd into it! Not having the execute permission on a directory will prevent you from changing into that directory even though you can view the contents. It is understandable how this can cause some confusion.

Easy Linux CommandsFor more tips like this check out my book Easy Linux Commands, only $19.95 from Rampant TechPress.

Buy it now!


unix, linux, system administration, sysadmin, security, file security, permissions, owner, group

Sooner or later it you will need to change access to a file or directory for the user (owner), group or other users. Often permissions are removed to restrict who can update or even view a file. Conversely you may want to grant more permissions to a file to encourage collaboration by allowing more people to view and edit files. It is also not unusual for an application to require specific permissions as a prerequisite for installation.

There are two methods of changing file permissions: with the abbreviations and with the numbers. Both have been described above, so now we’ll look at a couple examples of changing permissions using the chmod command.

The following example will demonstrate how to change permissions for the user (u), group (g), or others (o) using the alpha designations (r, w, x) for the permissions preceded by a + to add the permission or a to remove the permission. Adding and removing permissions can be combined into a single command as we see below.

Using the chmod Command with Alpha Designations to Change File Permissions:

$ ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
$ chmod o+w declaration.txt
$ ls -l
total 12
-rw-rw-rw- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
$ chmod go-w declaration.txt
$ ls -l
total 12
-rw-r--r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt

The first example of the chmod command here adds write permission to the file declaration.txt for other users. We can see in the second ls –l the w indication in the second to last column of the permissions in the directory listing. This illustrates the typical format of the chmod command where you specify user (owner), group and/or other, + to add permissions or – to remove them and read, write and/or execute followed by the filename. Notice that there is not a space on either side of the + or – with the chmod command.

In the second example we revoke write from both the group and other users. This demonstrates that we can affect more than one level of permissions with a single chmod command. We see this change reflected in the permissions listed in the last ls listing.

The next example makes the same permission changes as the previous example, but this time numeric permission designations are used.
Using the chmod Command with Numeric Designations

$ ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
$ chmod 666 declaration.txt
$ ls -l
total 12
-rw-rw-rw- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
$ chmod 644 declaration.txt
$ ls -l
total 12
-rw-r--r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt

Here we see the 666 mode being used to indicate that read (designated as 4) and write (designated as 2) but not execute (designated as 1) are combined (4+2+0=6) to grant read and write permissions to user, group and other. We then used the 644 mode to change the permissions so the owner could still read and write, but the group and other could only read.

It can be quicker to modify multiple permissions using the numeric designations but they tend to be much harder to remember. Using the abbreviations you can also easily change the group permissions, for example, without affecting the user or other permissions. The –R (recursive) option is also available for the chmod command allowing you to modify permissions on a directory and its contents. This should be done with caution as it is easy to lock lots of people out of files and directories, including yourself.

These permissions have a special meaning when applied to directories. Next week I’ll go over how these differ from files.

Easy Linux CommandsFor more tips like this check out my book Easy Linux Commands, only $19.95 from Rampant TechPress.

Buy it now!


unix, linux, system administration, sysadmin, security, file security, permissions, owner, group

« Previous PageNext Page »