File Permissions
File Permissions form an integral part of the LINUX/UNIX filesystem and is a great tool for implementing security policies.
USER TYPES
Any directory or file can have three types of user that access it
Owner
-the person who owns the file
Group members
-every file apart from a owner has a group membership , or rather belongs to a group. A group is nothing but a list some users categorized for convenience. All user in the group for that file are called group members for the file
Others
-all user leaving out the owner and group members belong to this category
Thus to define accessibility of a file we must set permissions explicitly for each of these category of users.
chown
to change the ownership of a file or directory
Syntax
[[email protected] root]#chown ownername filename
chgrp
to change the group ownership of a file or directory
Syntax
[[email protected] root]#chgrp newgroupownername filename
TYPES OF PERMISSIONS
For any particular type of user , a file can have three types of permission , namely –READ (r or 4) , WRITE (w or 2) and EXECUTE (x or 1).
Interpretation of permissions for files
Permission | File |
Directory |
---|---|---|
read | User can look at the contents of the file | User can list the files in the directory |
write | User can modify the contents of the file | User can create new files and remove existing files in the directory |
execute | User can run the file as a command | User can change into the directory, but cannot list the files unless (s)he has read permission. User can read files if (s)he has read permission on them. |
Note :
For folders the concept of read and write changes slightly.
To have full read/write rights the user should have read /write as well as execute permission on that directory.
SPECIFYING PERMISSIONS
To view the permissions /owner /group of a file we can use the ls command
Syntax
ls –ld <filename>
The output of the above command is something like this
drwxr-xr-- 2 botskOOl mygroup 0 Sep 6 00:27 abc.txt
the last section gives the filename .
the 10 character string drwxr-xr-- specifies the permissions and are interpreted as
d : indicates a directory (will be a ‘-‘ for a file and ‘l’ for a link )
rwx : read , write ,execute for owner i.e botskOOl
r-x : read and execute for group member (members of mygroup in this case)
r--: read for all other users
thus , the positions in the string denote the following
Position | Represents |
1 | type of item (file/directory/link/device) |
2-4 | owner permissions |
5-7 | group permissions |
7-10 | other |
- the order of writing rwx is immaterial , however conventionally this order is always preferred
Another way of representing permission is by the use of numbers 0-7
As already mentioned
Read :: 4
Write :: 2
Execute ::1
Thus to give any particular permission we simply add the values corresponding to each permission.
For instance a permission of 5 refers to 4+1 i.e. Read +Execute
Number | Permission |
---|---|
0 | --- |
1 | --x |
2 | -w- |
3 | -wx |
4 | r-- |
5 | r-x |
6 | rw- |
7 | rwx |
Thus to specify a full set of permissions we use a triplet , with one digit for each use
For instance 741 imples 7 for owner , 4 for group members and 1 for others
chmod command
To change the permissions of a file use the chmod command
Syntax
chmod new_permissons filename
Example:
ls –ld abc.txt
-rwxr-xr-- 2 botskOOl mygroup 0 Sep 6 00:27 abc.txt
chmod 741 abc.txt
ls –ld abc.txt
-rwxr----x 2 botskOOl mygroup 0 Sep 6 00:27 abc.txt
Another way of using chmod
To change the permissions for only a specific type of user we use the following syntax
Syntax
chmod who=permissions filename
This gives “who” the specified permissions for a given filename.
Who
The “who” is a list of letters that specifies whom you’re going to be giving permissions to. These may be specified in any order.
Letter | Meaning |
u | owner |
g | group |
o | others |
a | all |
Example:
Ls –ld abc.txt
-rwxr-xr-- 2 botskOOl mygroup 0 Sep 6 00:27 abc.txt
Chmod g=rw abc.txt
Ls –ld abc.txt
-rwxrw-r-- 2 botskOOl mygroup 0 Sep 6 00:27 abc.txt
Recent comments
1 year 39 weeks ago
1 year 40 weeks ago
1 year 40 weeks ago
1 year 41 weeks ago
1 year 41 weeks ago
1 year 41 weeks ago
1 year 41 weeks ago
1 year 41 weeks ago
1 year 41 weeks ago
1 year 41 weeks ago