chmod

Use the setgid bit to automatically set the shared group ownership on files.
This is how to set it with octal notation: chmod -v 2775 /shared-directory

You can also use symbolic notation: chmod -v +s /shared-directory

Keep in mind that +s sets both the setgid and setuid bits, which could be a security problem if executables or scripts are stored in this directory. chmod 2775 sets only the setgid bit.


Add the sticky bit to prevent anyone but the file owner from deleting the file, by using:
# chmod +t /shared-directory or chmod 3775 /shared-directory

On a historical note , UNIX systems used to use the sticky bit on files to hoard executable files in swap space and avoid reloading.


Setting File and Directory Permissions with chmod's Symbolic Notation


You would like to change specific permission bits, rather than using the all-or-nothing approach of chmod's numeric notation, such as marking a script as executable.

Solution
The most common use for symbolic notation is to add the executable bit to a file's permissions without changing any other permissions:
$ chmod +x scriptname

The default action is a, or all, so the example makes scriptname executable by everyone. This adds the executable bit to the file owner only:
$ chmod u+x scriptname

You can surgically remove a specific mode bit. In this example, the group and other users lose their executable bits:
$ chmod go-x scriptname

This is a quick way to set the setgid bit on a directory, for creating a shared directory. All files created in this directory will have the same group ownership as the directory:
$ chmod +s /shared-directory

You can remove all permissions for group and other users by doing the following:
$ chmod go= scriptname

To make group permissions the same as the file owner's, use:
$ chmod g=u scriptname


Doing Batch Operations with chmod

Problem You need to set permissions on all the files or a directory, or on batches of files.

Solution

chmod supports operating on lists of files. You can also use find or shell wildcards to generate a list.

To make several files read-only for everyone, you can use chmod as follows:
$ chmod 444 file.txt file2.txt file3.txt

To make all files in the current directory readable/writable, for the file owner and group, without changing the directory permissions, use:
$ find . -type f -exec chmod -v 660 { } \;

You can also change all files belonging to a particular user. This example starts at the root of the filesystem:
$ find / -user terri -exec chmod -v 660 { } \;

You can set permissions for a directory and its contents, including subdirectories, with the -R (recursive) flag:
$ chmod -R -v 755 /shared

This example makes all the .txt files in the current directory readable/writable to the owner, and world-readable:
$ chmod -v 644 *.txt

To change all files in the current directory that begin with your chosen string, use:
$ chmod -v 644 apt*


access mode symbolic octal

suid s with u 4000
sgid s with g 2000
sticky t 1000


immutable files

ex: touch keep.txt
chattr +i keep.txt


only root user can create an immutable file but cannot delete it until the flag is removed.
making files immutable is often done as a part of security or intrusion detection effort