Who can access a file with octal permissions "000" on Linux/UNIX?

If a file has permissions 000, who or what can access the file? What can they do to it?

What, exactly, does 000 (---------) permissions on a file mean in practice?

8 Answers

root can do everything, others (with userid != 0) can't do anything. But anyone who has write access to the containing folder is allowed to delete the file. The owner can of course always change the flags and regain access anytime.

greybox:~ septi$ touch foo greybox:~ septi$ chmod 000 foo greybox:~ septi$ ls -l foo ---------- 1 septi staff 0 Apr 8 12:28 foo greybox:~ septi$ cat foo cat: foo: Permission denied greybox:~ septi$ sudo ls -l foo Password: ---------- 1 septi staff 0 Apr 8 12:28 foo greybox:~ septi$ 
6

File with 000 permission can be read / written by root.

Everybody else cannot read / write / execute the file.

3

Root can do anything but execute the file (outside removing the file if the file-system is mounted read-only or the file has some immutable flag set).

Non root users might change the file permission if they own it. They can still access the file if ACLs are set to allow it.

1

Everyone is accurate above unless it is the following command.

 sudo chmod -R 000 /* 

At this point, your computer is dead in the water because no commands can be executed since you have removed all RWX from every file. There is no safeguard when running this command. If you are curious run it inside a Vagrant box.

1

If file/dir has permissions 000, then only root can do any changes to that file. Neither the owner nor others can make any changes. Owner can't even access the file/dir or delete the same.

1

Permission can be XYZ in which first X is for Owner, second Y is for Group (a group of other users that you set up), third Z is for World (anyone else browsing around on the file system). They can have any of following permissions level:

0 = no permissions whatsoever; this person cannot read, write, or execute the file 1 = execute only 2 = write only 3 = write and execute (1+2) 4 = read only 5 = read and execute (4+1) 6 = read and write (4+2) 7 = read and write and execute (4+2+1) 

So in your example: File with 000 permission can be accessible [read/write] by root. Other than that no one can access[read/write] it.

  1. As root, change the permissions of a file to 000. This file and its contents can only be accessed by root.
  2. As a user, change the permissions of your own file. The file and its contents cannot be accessed by the user. But the root has full privileges on the file.

I love you all but ...

**root**@bob:~# ls -lah /etc/ total 24K drwxr-xr-x 2 root root 4.0K Jun 16 05:23 . drwxr-xr-x 110 root root 12K Aug 25 21:26 .. **---------- 1 root root 228 Aug 25 21:47 gcc.sh** -rw-r--r-- 1 root root 102 Jun 11 2015 .placeholder **root**@bob:~# rm -Rf /etc/ **rm: cannot remove ‘/etc/ Operation not permitted** 

so to remove this file (which is a trojan)
I did :

root@bob:~# lsattr /etc/ -----a---------- /etc/ root@bob:~# **chattr -a /etc/ root@bob:~# lsattr /etc/ ---------------- /etc/ 

then

rm -Rf /etc/ 

was working

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like