Go to main content

Securing Files and Verifying File Integrity in Oracle® Solaris 11.4

Exit Print View

Updated: August 2018
 
 

How to Change Special File Permissions in Absolute Mode

Before You Begin

If you are not the owner of the file or directory, you must be assigned the Object Access Management rights profile. To change a file that is a public object, you must assume the root role.

For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  1. Change special permissions in absolute mode.
    $ chmod nnnn filename
    nnnn

    Specifies the octal values that change the permissions on the file or directory. The leftmost octal value sets the special permissions on the file. For the list of valid octal values for special permissions, see Figure 6, Table 6, Setting Special File Permissions in Absolute Mode.

    filename

    Specifies the file or directory.


    Note -  When you use the chmod command to change the file group permissions on a file with ACL entries, both the file group permissions and the ACL mask are changed to the new permissions. Be aware that the new ACL mask permissions can change the permissions for additional users and groups who have ACL entries on the file. Review the "ACL Operation" section of the chmod(1) man page.

    Use the ls -v command to make sure that the appropriate permissions are set for all ACL entries. For more information, see the ls(1) man page.


  2. Verify that the permissions of the file have changed.
    % ls -l filename
Example 5  Setting Special File Permissions in Absolute Mode

In this example, the administrator sets the setuid permission on the dbprog file.

# chmod 4555 dbprog
# ls -l dbprog
-r-sr-xr-x   1 db     staff        12K May  6 09:29 dbprog

In this example, the administrator sets the setgid permission on the dbprog2 file.

# chmod 2551 dbprog2
# ls -l dbprog2
-r-xr-s--x   1 db     staff       24K May  6 09:30 dbprog2

In this example, the administrator sets the sticky bit on the public_dir directory.

# chmod 1777 public_dir
# ls -ld public_dir
drwxrwxrwt   2 jdoe   staff          512 May 15 15:27 public_dir