[SOLVED] Changing permission for enclosed files?

[InChrist]

Logged in normal user (admin) I opened a folder as root from the context menu in nemo.
Then I changed the permission and also clicked "Apply permissions also to enclosed files".
Will this also include folders and all data inside?

I tried to do so but only the folder itself was changed not the included files or folders.

Also when I used the terminal to start Nemo as root the encluded files and folders permissions do not change.

[catweazel]

Check the -R option of the chmod command.

Code: Select all

chmod -R <permissionsettings> <dirname>

In the future, you can save a lot of time by checking man pages first:

Code: Select all

man <command name>

So, in this particular case:

Code: Select all

man chmod

[karlchen]

Hello, InChrist.

In addition to catweazel's advice, here is a warning which you should take into consideration when changing permissions on files and directories:
Do not fiddle around with permissions of system directories and system files, unless you you know what you are doing and what the consequences will be or unless explicitly told to do so by an experienced Linux user.

Best regards,
Karl

[InChrist]

Thanks Karl, I just want to access my external drive files and folders and copy them to the computer. But the all are owned by root (I guess because I copied them while running Linux with the live-cd).

Does

Code: Select all

chmod -R <permissionsettings> <dirname>

change it for all files and folders in the folder structure?

The files and folders in the external disk still show root as owner and group.

Even this did not work:

Code: Select all

find /media/kl/ext4-1T/ \( -type d -exec chmod 755 {} + \) -o \( -type f -exec chmod 644 {} + \)

And this also had no effect:

Code: Select all

chmod -R rwx /media/kl/ext4-1T/

[karlchen]

Hello, InChrist.

As the files and directories in question are all owned by user root, only user root can change their permissions. - Would be a nice security hole if it were otherwise.
Grant all users (owner - group - other) read-write-execute permissions on directories.

Code: Select all

sudo find /media/kl/ext4-1T -type d -exec chmod a+rwx {} \;

Grant all users (owner - group - other) read-write permissions on files.

Code: Select all

sudo find /media/kl/ext4-1T -type f -exec chmod a+rw {} \;

Note:
sudo will prompt for your password. While you type it there will be no visual feedback. This is by design. Type the password. Press enter.

Karl

[InChrist]

Yor advice - all of you - and the man pages for chown and chmod really helped to understand. Thank you for the encouragement also by helping out.

The solution which solved my problems:

Terminal >

Code: Select all

sudo -i

Changed owners to me (kl) and groups to the group where kl is in (see: man chown), c shows changes, R = recursive to reach subfolders and files

Code: Select all

chown -cR kl: /media/kl/ext4-1T

Afterwards I was able to change the permissions (see: man chmod)

Code: Select all

chmod -cR 755 /media/kl/ext4-1T

Ah, happy about this.

[altair4]

The only problem with the chmod command you gave is you made every existing file executable since the octal form ( 755 ) isn't smart enough to differentiate a file from a directory.

Had you done it the way karlchen did or even like this:

Code: Select all

sudo chmod -R a+rwX,go-w /media/kl/ext4-1T

Note the big "X" there.
Then all your folders would get the execute bit but none of the files.

[InChrist]

Hm, is there a problem if a file in documents ... becomes executable?

[altair4]

There is probably a very sophisticated way of determining which file should have the execute bit and which one should not but I am not a sophisticated person.

So if I found myself in a situation where I mistakenly did a recursive octal chmod and everything ended up executable I would probably resort to this:

Code: Select all

chmod -R a-x+X /path/to/folder

The "-x" would remove the execute bit on everything including folders. The "+X" will add it back for folders only.

[Termy]

I'm not saying do this, unless you're comfortable doing so, as running these find commands in the wrong place could be very, very bad, but this would be my approach:

I'd cd into the directory to have all permissions fixed, then I'd run these two commands, to make all files a safe (RHEL recommended) permission, and all folders equally safe, but openable:

Code: Select all

sudo find -type f -exec chmod 600 "{}" \;
sudo find -type d -exec chmod 700 "{}" \;

I've done this sort of thing many times, particularly on $HOME, but recursively set $HOME/bin to an appropriate 755.

And yes, every single file being executable is definitely an issue.

You might also want to add this to your $HOME/.bashrc file:

Code: Select all

umask 0077

It equates to 700 and 600 for directories and files, respectively. Again, RHEL recommended. I use it myself in my Ubuntu-based setup, and have to say it's a blessing! The default umask I tend to see these days on distros makes me cringe.

By the way, the octal, but not the above 0077 (it's different), is:

4=read
2=write
1=execute

The three numbers signify owner, group, and others.

So, 444 would mean the file's owner, group, and everyone else would have only read access.

[InChrist]

Thanks to all of you.

In my user folder inside home there are my folders for documents, pictures ..
And the hidden files and folders which are made by the system.
Like in documents: .~lock.filename.odt#

Are the commands you suggested also affecting the hidden files? And is this OK?

(And what about the complete user folder inside the home folder including .config, .cinnamon, .cache and so on? I guess I should not change any permissions here?

Greetings, Klaus

[InChrist]

Some more explanations and questions as I want to do it right now. I needed the time for other things and want to go on now creating better permissions as you wrote above, including files not to be executable anymore. I realized that in my Docments (in home/kl) and I guess also in Pics, Videos and so on I have different permissions on each file. There are files and folders changed with the commands I reported in this thread to have them had executed, then new created or downloaded files and folders.

I want to be able to work with the files whereever I copy them or mail them. And also that others whom I give the files or folders (mail, copy via external disk ...) can work with them on whatever system.
I want to be able to back them up and overwrite them with luckybackup and normal copying.

And I found out that I have many groups on my system made by the system also.

I would be very interested to understand why to choose which permission for groups and other users.

What is good for files and what for directories?
What result to aim at?
For files rw rw r? (Or simply rw for all?)
For folders rwx rwx rx? (Or simply rwx for all?)
Right now I did this via the context menu - properties - permissions.
Would there be any difference if I run Nemo with sudo and do this?

And I would be happy to understand:
What does {} \; do in the code of @karlchen mean?

Code: Select all

sudo find /path/to/folder -type d -exec chmod a+rwx {} \;
sudo find /path/to/folder -type f -exec chmod a+rw {} \;

Thank you for your time and efforts. I only can give you back by pointing you to http://www.1herz.net/english or http://www.good-leading.com and praying for you.

[Termy]

Hi there.

Sorry I got back to this so late. :\

Klaus,

I'm out of the loop and not clear on the issue here, so I'll imagine your 2nd-to-last post is a completely separate issue.

Although I was the previous poster, you may have directed your question at someone else. In any case, "recursively" means all files and directories within it, all the way down to the very furthest you can go. This can, however, exclude dot-files. But yeah, using chmod with the -R flag (R = recursive) will make those changes recursively, and so too will using find, which by default works recursively unless the -maxdepth flag is used.

There could be uncommon cases in which you need special permissions for certain files in your HOME directory. (/home/yourusername/) Although probably anecdotal, I can tell you that, as mentioned, I've done this many times without issue. If there are any issues, you'll probably be told what it is; it's usually easy enough to fix. If you have $HOME/bin/ in which you store some executable files, then you'll want to set them as executable after using one of those recursive commands.

By the way, at least for me, find picks up hidden files by default. I don't think chmod would, though; if not, you'd want to specify both hidden and non-hidden files, either separately, in the same command, or run the command after executing shopt -s globstar, which will temporarily allow the use of * to pick up hidden files as well; be careful with this.

I'll now look at your last post.

Transferring files between Linux and Windows should eliminate any permission issues, as they get stripped, since they talk a different language. Granted, this could well be an issue itself! You might have some formatting issues if it's something like plain text, but that can be sorted.

If, however, you transfer files to a Mac, BSD, Linux, or other similar UNIX-like machine, such as through an E-Mail to a friend, then they'll likely keep the permissions you've set. They might not though. For example, I can tar (archive) a few files from one of my Linux file systems, such as ext4, and use the -p flag to ensure tar saves the permission information. Then when I transfer that to another similar setup, it should restore those permissions.

If your E-Mail client, or whatever it is, has some other method of storing and/or transferring, then I guess it's possible for the permissions to be stripped. In any case, those with whom you share your files will find a way; worst case scenario is that they would need to quickly get root privileges to give the files appropriate permissions; no biggy, provided they have that privilege. I think a good way to ensure the permissions are saved (and other things like timestamps) would be to archive them, then send the archive.

Multiple system groups and users is a normal thing in the Linux world -- please don't remove them without good reason! It can break important things.

What permission to use for files and directories depends on your usage and security needs. As stated, I use 600 for files and 700 for directories; this is a much safer approach, but isn't much use for something like an executable in your PATH, since other users wouldn't be able to execute or even read the data. By the way, 600 is -rw------- and 700 is drwx------, in non-octal format.

Regarding karichen's code...

Using {} with find's -exec, -ok, and other similar flags acts as a placeholder for the file or directory it's currently processing. So basically, imagine it's the filename of what it's currently working on. Using \; is just a way to indicate (in a specific way) it's the end of that -exec command. You can also use \+ but you'll usually probably find \; preferable. \+ can just speed things up quite a bit in certain situations. By the way, the \ is to escape the character proceeding it, to ensure the shell doesn't try to interpret it, as many characters have special shell meaning.

Best of luck to you. Remember you can always open up a terminal and run man followed by the command of choice.

[InChrist]

There is probably a very sophisticated way of determining which file should have the execute bit and which one should not but I am not a sophisticated person.

So if I found myself in a situation where I mistakenly did a recursive octal chmod and everything ended up executable I would probably resort to this:

Code: Select all

chmod -R a-x+X /path/to/folder

The "-x" would remove the execute bit on everything including folders. The "+X" will add it back for folders only.

Is this secure to do also with the whole home folder, e.g. also .cache, .config ... or does any of the files in there need to be executable?

[altair4]

You shouldn't be doing anything recursively to the permissions of your home folder.

[InChrist]

You shouldn't be doing anything recursively to the permissions of your home folder.

I have done already unfortunately with

Code: Select all

chmod -R a-x+X /home/myhomefolder

Should I better replace it with a backup now? Or what else to do? I had made a backup with Luckybackup with the following task properties set for the whole home folder:
Excluded: Temporary files, cache folders, trash, system mount folders, system folders, lost-found, .gvfs.
Not excluded: Backup files
As options I had choosen: Preserve ownership, times; preserve permissions; preserve symlinks; recurse into directories; delete files on the destination.
Are these settings useful?
Which settings should I use for the home folder to backup to be able to go on working fast if I need to restore my home folder?
Would be very grateful about detailed help here ...