When to use -type d-exec chmod 750 / 640 in docker

Question

I've started to work with Docker for local development moving from installing everything on my mac to containers. Looking through a number of projects I regularly see the following shell commands, particularly

find /www -type d -exec chmod 750 {} \; \
find /www -type f -exec chmod 640 {} \;

Firstly, what are they trying to achieve, secondly what do the commands actually mean and lastly why/ when would you want or need to use this?

I recently duplicated and modified another project and found pulling these commands out seemed to make no difference (fair enough it was no longer based on the same base container.... but still).

Any glimmer of enlightenment would be greatly appreciated.

EDITS:

That handy link in the comments below to explain shell tells us: What: find all the folders in /www and execute the chmod command, changing the permissions to 750 - still unsure of 750, and more importantly why you would do this.

Have you read the documentation for the `find` and `chmod` commands? — Keith Thompson, Oct 03 '16 at 20:07
[find /www -type d -exec chmod 750 {} \;](http://explainshell.com/explain?cmd=find+%2Fwww+-type+d+-exec+chmod+750+{}) — Cyrus, Oct 03 '16 at 20:18
thanks for the awesome link, explain shell is going to be my new best friend. — bigmadwolf, Oct 03 '16 at 20:28

score 2 · Accepted Answer · edited May 23 '17 at 11:54

The commands sets all files and directories to be readable and writable by the owner, and readable by the group but the files can not be executed by anyone.

You might want to read up on unix permissions in a bit more detail first.

find /www -type f -exec chmod 640 {} \;

Find all files under /www and set the user to have read, write access (6) and the group to have read access (4). Other users have no access (0).

find /www -type d -exec chmod 750 {} \;

Find all directories under /www and set the user to have read, write and execute permissions (7) and the group to have read and execute permissions (5) to those directories. Other users have no permissions (0).

The \; after each find terminates the -exec command and must be escaped when run in a shell so it is not interpreted as a regular ; which is the end of the shell command. This can also be achieved with a + which is easier to read as it doesn't need to be escaped and more efficient. The efficiency can cause differences in output, if you are relying on the stdout/stderr somewhere else.

Execute permissions on a directory mean that a user can change into the directory and access the files inside. As a directory can't be executed in the sense of a executable file, the execute bit was overloaded to mean something else.

The link Cyrus posted to explainshell.com is an excellent tool as well.

Thank you for the fantastic answer, and great links, appreciate it. — bigmadwolf, Oct 04 '16 at 16:52
`-exec` has a mandatory last parameter of either `+` or `;` -- so the semicolon here in the OP's original code wasn't a shell directive, but actually a necessary argument. (The `+` form is far more efficient, behaving like `xargs` in that it combines as many arguments as possible onto each command). — Charles Duffy, Oct 04 '16 at 21:53

When to use -type d-exec chmod 750 / 640 in docker

EDITS:

1 Answers1