Unix/Linux 101 – Permissions & Ownerships
Permissions and Ownerships
Each file and directory in the Unix environment has permissions and ownership. When you were given a username you were also put in a Group name. Once you create a file in Unix/Linux, that file will have the markings of your ownership and will show that you belong in a certain group. A line from the output of “ls -l” shows that the user of the “core” file is “root” and the group is “root”:
-rwx—— 1 root root 105534 Aug 6 13:09 core
You can change group using the “chgrp” command, and change ownership using the “chown” command, however, unless you have superuser privileges, you won’t be able to change it back. If a certain file has all permissions granted to only the user, only he/she can change or erase the file. Once you change ownership of the file, you cannot access it any more.
As you can see in the above example from “ls -l”, there are a set of hyphens and letters at the beginning of the line. These characters represent the permissions of the file. This set is broken into 4 parts. The first character represents the type of file/directory. For most files, this would remain a hyphen (“-”). If the listing shows a directory, the first character would be a “d”. If the file is a link, the character would be an “s”:
Link: srwx——
Directory: drwx——
File: -rwx——
The next 3 parts are divided into 3 placements each. They represent the permissions for User, Group and Other in that order. User is you, the owner of the file; Group is the group you belong to; and Other is everyone else. Each one of these parts contain 3 permission placements for Read (“r”), Write (“w”) and Execute (“x”). The following example shows “read”, “write” and “execute” permissions for User, but none for Group or Other:
Type User Group Other
- rwx — —
Here we see permissions granting the User “read”, “write” and “execute” permission, the Group “read” and “execute”, and only “read” for Other:
-rwxr-xr–
When you grant write permissions to Group and Other, you are also allowing people from those groups to erase those files. If you want to share files with others, but want to enable them just to read, make sure your permissions for those files look like this:
-rwxr–r–
This grants you all permissions and only “read” for Group and Other.
Changing permission is done with the “chmod” command. The “chmod” command can be used with the switches corresponding to users (u,g,o) and permission (r,w,x) with “+” and “-” for grant or deny; but can also be entered using a binary system.
Examples:
To grant write permission to the group, and deny read permission from others:
# chmod g+w,o-r filename
To grant read and execute to User and Group:
# chmod ug+rx filename
To grant all read permissions:
# chmod a+r filename
To grant all only execute permission:
# chmod a=x filename
The number system of permissions is a binary system and is read from right to left. Where ” r | w | x ” would normally be, you would read:
|
r
|
w
|
x
|
|
4
|
2
|
1
|
|
(2 to the power of 2)
|
(2 to the power of 1)
|
(2 to the power of 0)
|
If I would grant just the “read” permission I’d use “4″. “2″ for “write”, and “1″ for “execute”. Combinations of permissions are as simple as adding the numbers up. Granting “read” and “execute” would mean granting the number “5″. User Group and Other get their numbers in that order. Examples:
# chmod 400 readme.txt
Will give Read permission only to User
# chmod 755 readme.txt
Will give “read”|”write”|”execute” permission for User, and “read”|”execute” permissions for Group and Others. 7 = 4 + 2 + 1 (r+w+x), 5 = 4 + 1 (r+x).
Tags: Dani Rosen, linux, tutorial, unix
Sat, Jan 5, 2008
Unix/Linux