root can do everything, others (with userid != 0) can't do anything. But anyone who has write access to the containing folder is allowed to delete the file. The owner can of course always change the flags and regain access anytime.

greybox:~ septi$ touch foo
greybox:~ septi$ chmod 000 foo
greybox:~ septi$ ls -l foo
----------  1 septi  staff  0 Apr  8 12:28 foo
greybox:~ septi$ cat foo
cat: foo: Permission denied
greybox:~ septi$ sudo ls -l foo
Password:
----------  1 septi  staff  0 Apr  8 12:28 foo
greybox:~ septi$ 
Answer from tamasgal on Stack Overflow
🌐
Chmod Command
chmodcommand.com › home › chmod 000
Chmod 000
View (u)ser, (g)roup and (o)thers permissions for chmod 000 (chmod a-rwx) or use free online chmod calculator to modify permissions easily.
🌐
Quora
quora.com › What-is-the-result-of-chmod-000-which-chmod-What-exactly-are-the-after-effects
What is the result of chmod 000 `which chmod`? What exactly are the after effects? - Quora
Answer (1 of 5): EDIT: Yes, you can re-install or you can just copy the chmod utility and replace your chmod file. The new utility will be copied with it's default permissions. Unless you specify distro, version and take the trouble of screenshotting there is not much help that we can provide. T...
Discussions

understanding permissions, bypassing chmod 000
Unlike fakeroot (which fakes it), unshare kind of actually makes you root, but in a separate namespace. In that namespace you do have real root-like capabilities such as CAP_DAC_OVERRIDE, it's just that they only work against inodes whose owner and group are mapped into the namespace (capable_wrt_inode_uidgid is the function used to check this in fs/namei.c). And if a non-root user runs unshare -r they're only allowed to map their own UID. (In the initial (boot) namespace, of course, all possible UIDs are just mapped to themselves so CAP_DAC_OVERRIDE applies to everything.) Agreed that it's a weird combination, but ultimately it only allows you access to objects that you're the owner of, i.e. would already be allowed to change their permissions without being privileged with CAP_FOWNER. More on reddit.com
🌐 r/archlinux
3
3
January 6, 2022
linux - What happens if I put these directories chmod 000? - Unix & Linux Stack Exchange
I have this server I administer. I have some users that have email accounts on that server and use stuff like horde to read their emails on that server. The server have a limited space and these us... More on unix.stackexchange.com
🌐 unix.stackexchange.com
May 15, 2012
Chmod 000
Hello, If I am an user on a Solaris 9 system and if I do Chmod 000 on the folder corresponding to my workspace... What will happened??? More on unix.com
🌐 unix.com
0
0
October 20, 2017
permissions - How to recover from a chmod -R 000 /bin? - Unix & Linux Stack Exchange
And now I am unable to chmod it back.. or use any of my other system programs. Luckily this is on a VM I've been toying with, but is there any way to resolve this? The system is Ubuntu Server 12.10... More on unix.stackexchange.com
🌐 unix.stackexchange.com
June 1, 2013
🌐
Reddit
reddit.com › r/archlinux › understanding permissions, bypassing chmod 000
r/archlinux on Reddit: understanding permissions, bypassing chmod 000
January 6, 2022 -

Can someone help me understand the chmod 000 case of Linux filesystem permissions?

Given this example:

mkdir -p hidden/luks

chmod 000 hidden

ls hidden ls: cannot open directory 'hidden': Permission denied

cd hidden bash: cd: hidden: Permission denied

Why is it permission denied? After all, I'm still the owner, and I can still change the chmod anyway.

If it should be permission denied, then why can I bypass it with unshare?

unshare -r

ls hidden # luks

cd hidden # works

So far I used unshare to remove permissions (like no network access with unshare -r -n) but in this case I unexpectedly gained permissions that regular users do not have.

I tried to google this issue but I found generic explanations and also questions on stackexchange that state "only root can do this". But unshare does not really make me root, does it? I can't access the /root directory (thank god) but I'm really root in other aspects such as accessing chmod 000 stuff?

I don't really understand this specific case, is anyone able to explain.

Thanks!

Top answer
1 of 4
3

There is a manual page for chmod here.

Basically, look at this table on that page:

You can change the tick boxes, so that different people have different permissions.

Owner is the permissions on that file of the owner of the folder - usually the user that has created them - can be changed with chown.

Group is the permissions on that file of the group of the folder - can be changed with the chown or the chgrp commands.

Other is the permissions on that file of everyone who does not fall into the above two categories.

So running chmod 600 /PATH/TO/FILE will change the permissions so that only the owner can read the file, and write to it.

You can also do the same for folders, but by using chmod -R 600 /PATH/TO/FILE so the contents of the folder is the same as well.

The thing is, if you try entering it as 000:

Then no one can access or write to the file, except root, and the owner if they change the permissions again. This can work, but there is not much point to it as:

  • Anyone who is logged in as the owner could remove the file.
  • They could change the permissions back again, either by chmod, or by & Properties
  • If they are not the owner of the file, you do not need to chmod 000 .., just use chmod 600 ..

So if you want to stop people accessing the file, encrypting the file with a password would be the better idea. So to stop people accessing a file or folder, open Archive Manager, and click New - create one that you can encrypt (under Other Options) - I use .7z, as then you can encrypt the file list to. Then type the password you want to use.

Then you can add files:

Then you have an encrypted archive with your files secure inside - though it can still be deleted...

2 of 4
2

The owner of the folder will always have to have access.

🌐
JFrog
jfrog.com › home › linux permissions: dos and dont’s
Linux Permissions: Dos and Dont's | JFrog
February 8, 2022 - The middle digit represents the permissions for the group members. The rightmost digit represents the permissions for the others. The digits you can use and what they represent are listed here: · 0: (000) No permission.
Find elsewhere
🌐
Unix.com
unix.com › unix for beginners q & a › unix for dummies questions & answers
Chmod 000 - UNIX for Dummies Questions & Answers - Unix Linux Community
October 20, 2017 - Hello, If I am an user on a Solaris 9 system and if I do Chmod 000 on the folder corresponding to my workspace... What will happened???
Top answer
1 of 5
74

Even as root, you can't execute files that have no x permission bit set. What you can do though is call ld.so on it (provided they're dynamically linked executables):

$ echo /lib/*/ld*.so
/lib/i386-linux-gnu/ld-2.27.so /lib/x86_64-linux-gnu/ld-2.27.so

Use the one that matches the architecture of chmod executable. In my case the x86_64 one:

sudo /lib/x86_64-linux-gnu/ld-2.27.so /bin/chmod 755 /bin /bin/chmod

Or call something in /usr/bin or elsewhere to do the chmod like perl:

sudo perl -e 'chmod 0755, "/bin", "/bin/chmod"

Beware when restoring permissions that some files in /bin like mount or su are meant to have permissions other than 0755.

If you've rebooted, however, you might not be able to get to the point where you can run perl or ld.so though. You can fix things from the initramfs though (pass an incorrect root directory to get a recovery shell in the initramfs; see also the break=bottom or break=init kernel parameter on Debian, for the initramfs to give you a shell after the root file system was mounted (read-only though)). Or boot your VM from a live CD image, or fix by mounting the VM file system on the host as others suggested.

Fixing the initramfs way:

In grub, edit the boot entry and remove the root= parameter from the linux command:

setparams 'Ubuntu, with Linux 3.2.0-27-generic'                          
                                                                         
recordfail                                                               
gfxmode $linux_gfx_mode                                                  
insmod gzio                                                              
insmod ext2                                                              
set root='(hd1)'                                                         
search --no-floppy --fs-uuid --set=root dc02b07c-88ef-4804-afe0-4f02db2\ 
94561                                                                    
linux /boot/vmlinuz-3.2.0-27-generic                                     
initrd /boot/initrd.img-3.2.0-27-generic                                 
                                                                         

Ctrl-X to boot. Ubuntu's initramfs won't find the root file system so start a recovery sh. Then mount the root filesystem (in my case /dev/vdb, adapt to your machine) and fix things there:

Target filesystem doesn't have requested /sbin/init.
No init found. Try passing init= bootarg.


BusyBox v1.18.5 (Ubuntu 1:1.18.5-1ubuntu4) built-in shell (ash)
Enter 'help' for a list of built-in commands.

(initramfs) mkdir /x
(initramfs) mount /dev/vdb /x
[   48.430071] EXT3-fs (vdb): error: couldn't mount because of unsupported optio
nal features (240)
[   48.477406] EXT4-fs (vdb): recovery complete
[   48.477747] EXT4-fs (vdb): mounted filesystem with ordered data mode. Opts: (
null)
(initramfs) chmod -R 755 /x/bin
(initramfs) umount /x
(initramfs) reboot

Once booted, fix the permissions of the files that are not meant to have 755 permissions by comparing with another system.

Fixing by running python as init:

In grub, edit the boot entry, this time keep the root= parameter, change ro to rw and add a init=/usr/bin/python:

setparams 'Ubuntu, with Linux 3.2.0-27-generic'                          
                                                                         
recordfail                                                               
gfxmode $linux_gfx_mode                                                  
insmod gzio                                                              
insmod ext2                                                              
set root='(hd1)'                                                         
search --no-floppy --fs-uuid --set=root dc02b07c-88ef-4804-afe0-4f02db2\ 
94561                                                                    
linux /boot/vmlinuz-3.2.0-27-generic root=UUID=dc02b07c-88ef-4804-afe0-\
4f02db294561 rw init=/usr/bin/python
initrd /boot/initrd.img-3.2.0-27-generic                                 

Then, at the python prompt:

Begin: Running /scripts/init-bottom ... done.
Python 2.7.3 (default, Apr 20 2012, 22:39:59)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> os.chmod('/bin/sh',0755)
>>> os.chmod('/bin/chmod',0755)
>>> os.execl('/bin/sh','sh')
sh: 0: can't access tty; job control turned off
# chmod -R 0755 /bin
# mount -o remount,ro /
[  100.704720] EXT4-fs (vdb): re-mounted. Opts: errors=remount-ro
# exec /sbin/init

Again, once booted, fix the permissions of the files that are not meant to have 755 permissions by comparing with another system.

2 of 5
30

Boot another clean OS, mount the file system and fix permissions.

As your broken file system lives in a VM, you should have your host system available and working. Mount your broken file system there and fix it.

In case of QEMU/KVM you can for example mount the file system using nbd.

🌐
Ars OpenForum
arstechnica.com › forums › operating systems & software › linux kung fu
if the chmod binary was set to 000, how would you fix it? | Ars OpenForum
November 5, 2012 - me@banshee:~$ sudo chmod 000 /bin/chmod me@banshee:~$ sudo chmod 000 /bin/chmod me@banshee:~$ sudo chmod 755 /bin/chmod bash: /bin/chmod: Permission denied me@banshee:~$ sudo apt-get install --reinstall coreutils [apt-get stuff elided] me@banshee:~$ ls -l /bin/chmod -rwxr-xr-x 1 root root 51760 Oct 1 23:23 chmod Win!
🌐
nixCraft
cyberciti.biz › nixcraft › howto › linux › chmod numeric permissions notation linux / unix
Chmod Numeric Permissions Notation Linux / Unix - nixCraft
August 4, 2023 - Explains UNIX / Linux chmod command and how to express permissions using octal numeric notation for new developers and sysadmins.
🌐
FreeBSD
forums.freebsd.org › base system › general
Solved - rm or chmod 000? | The FreeBSD Forums
April 8, 2016 - There are files I don’t like, but need them for a minute. My way is wasting, I’m going to start using chmod 000 so I can switch those files on and off as needed by way of script (such as playing with drivers). Thanks for the idea.
🌐
Click Calculators
clickcalculators.com › chmod › CHMOD~000~---------
CHMOD 000 --------- | CHMOD Generator Explained With Examples
Use our CHMOD Calculator and see that CHMOD 000 is equivalente to the permissions ---------. You can also create any other CHMOD command according to the permissions you want for files and directories.
🌐
Linux Mint Forums
forums.linuxmint.com › board index › main edition support › beginner questions
[Solved] Managed to chmod /usr to 000 - Linux Mint Forums
March 22, 2018 - Hello, Yesterday I managed to chmod my entire usr directory to 000. Obviously this did not go well at all, and it wont't boot.
🌐
InfinityFree
forum.infinityfree.com › hosting support
CHMOD File Permission on 000 - Hosting Support - InfinityFree Forum
July 10, 2020 - User Name epiz_25326694 Error Message ... stupid, but I changed the permissions on one folder to 000. I know the exact same question has been asked before. But back then the recommendation was to just change back the CHMOD to the appropriate permission....
🌐
Unix Community
community.unix.com › shell programming and scripting
Can root user run chmod 000 permission shell script? - Shell Programming and Scripting - Unix Linux Community
May 20, 2011 - Hi, I have a shell script file which is set to access permission 000. When I login as root (sudo su) and try to run this script, I am getting the Permission denied error. I have read somewhere that root admin user can e…