Stupid chmod tricks

Coming from a long history of being a Linux user, I've had plenty of familiarity with using chmod, chattr and setfacl to modify how the system behaved around particular files.  After a few years of using SmartOS, I'm rather happy to have found out that Sun appears to have folded all of this functionality into their chmod.  A brief read through the man page will likely be a much better-written experience, but for now, here are the highlights.

Unfortunately, this version of chmod is now only available in the Global Zone, as the GNU version of chmod is being used in SmartMachine zones.

Absolute & Symbolic Mode

Solaris' chmod does everything you'd expect chmod to do, namely changing the absolute file modes for the standard user, group, and everyone else.

ACL Operation

In addition to standard behavior, chmod also allows for the setting of ACL permissions, ie:

  • chmod A+user:admin:rwx ./file grants the user admin the full set of permissions on ./file.
  • chmod A+group:nobody:r ./file grants the group nobody read access to ./file.

NFSv4 style ACLs are also supported, which have much finer grained permissions.  This is excellently documented in the man pages, so I will keep this section short by just pointing in that direction.

Attribute Operation

The part that caused me to take note enough to write a blog post on it, attribute operation is chattr like functionality.  It's actually quite poorly documented, which is why we're going to focus on that for a bit.

  • hidden or H removes a file from the directory listing of the directory it resides in.
  • system or S
  • readonly or R file cannot be written to (cannot change or append)
  • archive or A
  • nounlink or u file cannot be unlinked.
  • immutable or i makes a file completely immutable (cannot change, append, truncate, or unlinked.)
  • appendonly or a can only append to an existing file.
  • nodump or d file will not be included in a filesystem dump.
  • av_quarantined or q file has been quarantined by the antivirus subsystem.
  • av_modified or m file has been modified by the antivirus subsystem.
  • offline or O
  • sparse or s does not apply to ZFS file systems, as sparsity is standard.