File Permissions

File Permissions form an integral part of the LINUX/UNIX filesystem and is a great tool for implementing security policies.

 

 

USER TYPES

Any directory or file can have three types of user that access it

Owner

-the person who owns the file

Group members

-every file apart from a owner has a group membership , or rather belongs to a group. A group is nothing but a list some users categorized for convenience. All user in the group for that file are called group members for the file

Others

-all user leaving out the owner and group members belong to this category

 

Thus to define accessibility of a file we must set permissions explicitly for  each of these category of users.

 chown

to change the ownership of a file or directory

Syntax

[[email protected] root]#chown ownername filename

 

chgrp

to change the group ownership of a file or directory

Syntax

[[email protected] root]#chgrp newgroupownername filename

TYPES OF PERMISSIONS

 

For any particular type of user , a file can have three types of permission , namely –READ (r or 4) , WRITE (w or 2) and EXECUTE (x or 1).

 

Interpretation of permissions for files 

 

Permission  File

 Directory

read User can look at the contents of the file User can list the files in the directory 
write  User can modify the contents of the file User can create new files and remove existing files in the directory 
execute User can run the file as a command  User can change into the directory, but cannot list the files unless (s)he has read permission. User can read files if (s)he has read permission on them. 

 

 

Note :

For folders the concept of read and write changes slightly. 

To have full read/write rights the user should have read /write as well as execute permission on that directory.

 

SPECIFYING PERMISSIONS

To view the permissions /owner /group of a file  we can use the ls command

Syntax

ls –ld  <filename>

 

The output of the above command is something like this

drwxr-xr--  2   botskOOl    mygroup  0  Sep  6 00:27    abc.txt

 

the last section gives the filename .

the 10 character string drwxr-xr-- specifies the permissions and   are interpreted as

d : indicates a directory (will be a ‘-‘ for a file and ‘l’ for a link )

rwx  : read , write ,execute for owner i.e botskOOl

r-x : read and execute  for group member (members of mygroup in this case)

r--: read for all other users

 

thus , the positions in the string  denote the following

 

Position Represents
1 type of item (file/directory/link/device)
2-4 owner permissions 
5-7  group permissions
7-10 other
  • the order of writing rwx is immaterial , however conventionally this order is always preferred

Another way of representing permission is by the use of numbers 0-7

As already mentioned 

Read :: 4

Write :: 2

Execute ::1

Thus to give any particular permission we simply add the values corresponding to each permission.

For instance a permission of 5 refers to 4+1 i.e. Read +Execute


 

Number Permission
0 ---
1  --x
2 -w-
3 -wx
4 r-- 
5 r-x
6 rw-
7  rwx

 

Thus  to specify a full set of permissions we use a triplet , with one digit for  each use

For instance 741 imples 7 for owner , 4 for group members and 1 for others

 

chmod command

To change the permissions of a file use the chmod command

Syntax 

chmod  new_permissons filename

 

Example: 

ls –ld  abc.txt

-rwxr-xr--  2   botskOOl    mygroup  0  Sep  6 00:27    abc.txt

chmod  741  abc.txt

ls –ld  abc.txt

-rwxr----x  2   botskOOl    mygroup  0  Sep  6 00:27    abc.txt

 

Another way of using chmod

 

To change the permissions for only a specific type of user we use the following syntax

Syntax

chmod who=permissions filename

This gives “who” the specified permissions for a given filename.

Who

The “who” is a list of letters that specifies whom you’re going to be giving permissions to. These may be specified in any order.

 

Letter Meaning
u owner
g group
o others
a all

Example: 

Ls –ld  abc.txt

-rwxr-xr--  2   botskOOl    mygroup  0  Sep  6 00:27    abc.txt

Chmod  g=rw  abc.txt

Ls –ld  abc.txt

-rwxrw-r--  2   botskOOl    mygroup  0  Sep  6 00:27    abc.txt

 

 

Tags: