Tutorial on CHMOD
                       By John O'Donnell

From the manual page on chmod(1L)
       chmod changes the permissions of each given file according
       to mode, which can be either a symbolic representation  of
       changes  to  make, or an octal number representing the bit
       pattern for the new permissions.
(.. snip ..)

I am only going to explain the numeric mode of setting permissions.
There are 4 permission bits belonging to every file, directory, device,
link, FIFO, etc. that are set using octal numbers.  I will explain what they
do first, then I will explain the numbers...

The first is kinda special.  I won't explain that here.  If curious, look at
the man page.  But the others, in order, are "user", "group", and "world".
This is shown when you do a "ls -l" and you'll see the "-rwxr-xr-x" stuff
in the beginning of the line.  This particular set of permissions you might
find on an executable shell script program or a directory, but not a data
file like your pppd options file.  

The first set of "rwx" is read, write, and execute permissions for the user
that owns that file shown in the "ls -l".  The second set of permissions,
the "r-x", is the read and execute for the "group" , also shown is the
"ls -l".  Now anyone belonging to the group can run the program, but they
are NOT allowed to change it.  They have no write permissions.  The last
set of permissions "r-x" is the same as the group, but these rules apply
to the rest of the world.

You would find these particular permissions in my example (-rwxr-xr-x) on
a shell script as the shell itself needs read access to read through the
file and execute your commands.  A compiled executable only needs "execute"
permissions.  (Interesting:  I was just looking at my /usr/bin directory
from my Slackware Linux and I notice that compiled programs there are
"-rwxr-xr-x" and on my SCO Open Server 5 box they are "-rwx--x--x" - I'd
be curious to know what you RedHat users see...)  Anyway, on datafiles
you'd typically see "-rw-r--r--" giving read/write access to the user and
ONLY read access to anyone else in the "group" as well as the rest of the
world.  If you wanted to lock down a data file so that no one could read
it but you, you'd set "-rw-------" and make sure you were the owner of the
file.  Check your pppd executable and options file for this.

Now directories are a little different.  If the user does not have access
to the directory itself, then they cannot see any of the files nor run
them.  Let me stray for a second and remind you to keep in mind that a
directory is nothing but a file itself that has a list of files and
inodes in it.  I ran a SCO Unix program called "hd" (hex dump) on my
Linux box (thanks to iBCS2) to create this partial output of my /usr/bin
directory:

0000    01 50 2e 00 00 00 00 00  00 00 00 00 00 00 00 00  .P..............
0010    01 48 2e 2e 00 00 00 00  00 00 00 00 00 00 00 00  .H..............
0020    02 50 6d 74 6f 6f 6c 73  00 00 00 00 00 00 00 00  .Pmtools........
0030    03 50 75 6e 7a 69 70 00  00 00 00 00 00 00 00 00  .Punzip.........
0040    04 50 7a 69 70 00 00 00  00 00 00 00 00 00 00 00  .Pzip...........
0050    05 50 7a 69 70 6e 6f 74  65 00 00 00 00 00 00 00  .Pzipnote.......
0060    06 50 7a 69 70 73 70 6c  69 74 00 00 00 00 00 00  .Pzipsplit......

You can see the first 2 entries are the usual "." and ".." and from there it
is the unsorted list of files and the 2 byte inodes with all the information
about the file.  Each new file that get created in the directory gets
appended to this file unless a file before it was deleted.  Deleted files
still show up here, but the inode is zeroed out (Hex: 0x00 0x00).
Long filenames start with 0xff 0xff and continue until the inode is reached.

Example:
1880    ff ff 69 33 38 36 2d 70  63 2d 6c 69 6e 75 78 2d  ..i386-pc-linux-
1890    25 52 67 6e 75 6c 69 62  63 31 2d 67 63 63 00 00  %Rgnulibc1-gcc..
results in "i386-pc-linux-gnulibc1-gcc"...  Ok enuf directory crap...

Now the permissions work almost in the same way for directories.  The same
"user", "group", and "world" sets.  If you have read permission you can
open the directory and know/see the contents.  If you have write, you can
add to the directory or delete files!  But, without execute, you cannot
actually change to the directory and do anything.  So if you really wanted
to lock a directory out so that people could open a file but not be able
to see or delete it you could set "---x--x--x" permissions and lock it down.
Granted they would have to know the exact name of the file becaus you just
restricted them from doing a "ls"...  If you want full open access set it
to "-rwxrwxrwx".

To set these bits using the octal numbers all you have to do is keep in
mind these 3 numbers:
4 - READ
2 - WRITE
1 - EXECUTE
All you need to do is add up the bits you want.  If you want Read/Write:
(4+2 = 6).  If you want Read/Execute: (4+1 = 5).  To use this with chmod
and achive "-rwxr-xr-x" you would type: chmod 755 [file/directory].
If you were changing a data file to "-rw-r----" (Owner: Read/Write,
Group: Read Only, World: LOCKED OUT) you would type: chmod 640 [file].

Johnny O  (johnod[at] voicefx[dot] com)