If a file has permissions 000, who or what can access the file? What can they do to it?
What, exactly, does 000 (---------) permissions on a file mean in practice?
8 Answers
root can do everything, others (with userid != 0) can't do anything. But anyone who has write access to the containing folder is allowed to delete the file. The owner can of course always change the flags and regain access anytime.
greybox:~ septi$ touch foo greybox:~ septi$ chmod 000 foo greybox:~ septi$ ls -l foo ---------- 1 septi staff 0 Apr 8 12:28 foo greybox:~ septi$ cat foo cat: foo: Permission denied greybox:~ septi$ sudo ls -l foo Password: ---------- 1 septi staff 0 Apr 8 12:28 foo greybox:~ septi$ 6File with 000 permission can be read / written by root.
Everybody else cannot read / write / execute the file.
3Root can do anything but execute the file (outside removing the file if the file-system is mounted read-only or the file has some immutable flag set).
Non root users might change the file permission if they own it. They can still access the file if ACLs are set to allow it.
1Everyone is accurate above unless it is the following command.
sudo chmod -R 000 /* At this point, your computer is dead in the water because no commands can be executed since you have removed all RWX from every file. There is no safeguard when running this command. If you are curious run it inside a Vagrant box.
1If file/dir has permissions 000, then only root can do any changes to that file. Neither the owner nor others can make any changes. Owner can't even access the file/dir or delete the same.
1Permission can be XYZ in which first X is for Owner, second Y is for Group (a group of other users that you set up), third Z is for World (anyone else browsing around on the file system). They can have any of following permissions level:
0 = no permissions whatsoever; this person cannot read, write, or execute the file 1 = execute only 2 = write only 3 = write and execute (1+2) 4 = read only 5 = read and execute (4+1) 6 = read and write (4+2) 7 = read and write and execute (4+2+1) So in your example: File with 000 permission can be accessible [read/write] by root. Other than that no one can access[read/write] it.
- As root, change the permissions of a file to 000. This file and its contents can only be accessed by root.
- As a user, change the permissions of your own file. The file and its contents cannot be accessed by the user. But the root has full privileges on the file.
I love you all but ...
**root**@bob:~# ls -lah /etc/ total 24K drwxr-xr-x 2 root root 4.0K Jun 16 05:23 . drwxr-xr-x 110 root root 12K Aug 25 21:26 .. **---------- 1 root root 228 Aug 25 21:47 gcc.sh** -rw-r--r-- 1 root root 102 Jun 11 2015 .placeholder **root**@bob:~# rm -Rf /etc/ **rm: cannot remove ‘/etc/ Operation not permitted** so to remove this file (which is a trojan)
I did :
root@bob:~# lsattr /etc/ -----a---------- /etc/ root@bob:~# **chattr -a /etc/ root@bob:~# lsattr /etc/ ---------------- /etc/ then
rm -Rf /etc/ was working
2