I just came across two pages that I think may have finally gotten it through to me:
Quote:
You can give read, write and execute permissions to the owner, groups and others separately.
So lets say you have a folder named ""Folder"" and a file named ""File"".
You want to: 1) allow anyone who has access to the system to be able to look at the file 2) allow any logged in user that is assigned to the group ""group"" to change the file 3) allow only the owner of the file to be able to delete the file.
drwxr-xr-x 2 user group 4096 May 28 13:05 Folder
-rw-rw-r-- 1 user group 1024 May 28 13:05 Folder/File
The reason this works is that:
The folder pernmissions allow all users to browse the content inside the folder, because they can read and cd into it. The ""rwx"" for the owner allows the owner to create and/or delete files within the folder. No-one else can create or delete files. This is because they cannot ""write"" the directory file itself, which is a list of files in that particular folder.
The file is set to read access only for others, and read/write for anyone assigned to the group ""group"" and the owner. So this, in combination with the folder permissions, achieves the objective.
|
Difference between users and groups for folder permissions
and:
Quote:
Files
...
A small explanation needs to be made as to what read, write, and execute actually mean. For files, a user who has read permission can see the contents of the file, a user who has write permission can write to it, and a user who has execute permission can execute the file. If the file to be executed is a script, the user must have read and execute permissions to execute the file. If the file is a binary, just the execute permission is required to execute the file.
Directories
The permissions on a directory are the same as those used by files: read, write, and execute. The actual permissions, however, mean different things. For a directory, read access provides the capability to list the names of the files in the directory but does not allow the other attributes to be seen (owner, group, size, and so on). Write access provides the capability to alter the directory contents. This means the user could create and delete files in the directory. Finally, the execute access enables the user to make the directory the current directory.
|
InformIT: Red Hat Linux 7 Unleashed > File and Directory Permissions
So I'm thinking the OOTP exports/reports folder can safely be set to 744 (read, write, execute for the user who uses the ftp account; only read for everyone else). We had it at 755 before, but if I'm understanding it correctly then everything (7) is necessary for the "user", but only reading (4) is necessary when not using the account. I tried to set the user to just 6 (r&w), but using my ftp client to test upload reset it to 7.