dstat - Directory access status
dstat [ opcode-permission ] [ directory ] …
Without any arguments, dstat displays the directory access status for the current working directory. By giving one or more directory names as arguments, dstat reports their associated access statuses.
(The access status pertains only to other users who do not own the specified directories. This is because the owner of a directory holds full access for its contents.)
When a directory is first created, it has no access permission levels assigned. By using dstat with permission flags, however, the following statuses can be set or cleared:
Read permission - viewing, searching, downloading, and copying to other files.
Write permission - creating files (but not modifying existing files).
Delete permission - complete removal and destruction of files.
Execute permission - the ability to execute programs and shell scripts.
To make changes, prefix the permission characters with an opcode as follows:
Removes permissions
Sets absolute permissions
Adds permissions
Examples:
dstat +rw # add read and write access dstat =x # set only execution permission dstat -d # remove delete permission dstat + # (same as = alone) grant full access dstat - # remove all permissions
You can give more than one permission at a time by including multiple permission characters after the opcode. If permission characters are omitted, full access is either granted (+/=) or removed (-).
When dstat is told to adjust a permission level, it assumes the current working directory if no directory argument is given. Multiple directories can be set to the same permission levels by specifying more than one directory in the command line.
The system administrator should NOT allow both WRITE AND EXECUTE permission in a directory outside of the $/usr hierarchy! Doing this would allow a user to upload a program or binary file, execute it, and cause potential havoc, catastrophic event, cataclysmic disaster, or worse. The shell limits execution to shell script files by non-root users within the $/usr hierarchy. Therefore, write+execute permission is safe here.
Directory permission settings are stored in the lower 4 bits of the auxiliary field in the directory’s file information. Arbitrarily changing these bits could have disastrous effects should it allow for “destroy” permission in a system directory. The bit assignments are:
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| | | | | | | | | | | | | x| d| w| r|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Auxiliary Field in Directory Files
Bits 4 through 15 are reserved for future use.