LINUX FILE PERMISSIONS

As many know Unix (and Linux) are very different from other operating systems. Unix-like operating systems are both multi-user and multitasking systems. Meaning that multiple users can SSH into a Linux box or Unix box and issues commands independently.
Think about it, you could be logged into the machine as a standard user. Meanwhile, an admin could be logged in as root or a privileged user to update and make changes to the system.

When a file is created, the owner of it can choose and adjust the permissions. The owner can give anyone access or nobody access to a file/directory.  The “-” indicates that it is a file. If this was a directory we would see a “d” instead of a “-“.  One thing that should be noted is that execution of a directory is different from a file. It provides control for access to file listings and other things. These permissions are used for security and privacy purposes as a means to prevent unwanted users from access, writing or executing files or see whats in a directory.

If you have seen this before, someone will chmod a file with 777 meaning that everyone can have access to it. After a quick ls -l  the file would look like this -rwxrwxrwx.  But chmod’ing a file and using 774 means that only users and users within the owner’s group could read, write and execute the file or access the directory. Anyone outside of the owner and group can only read.  770 would mean that anyone outside of the owner and group has no access.

Each letter represents a specific function for each permission… “R” stands for Read which means that a user is able to read the file and its number value is 4. “W” stands for write, a user may edit the file and write to it. Its number value is 2. “X”stands is for executable. That means the user execute the file. It has a value of one. Together, if you want a user to have all permission access it would be 7. If you want the user to only have read and write capabilities, it would be a 6. If you want the user to have read and execute capabilities, it would be 7. You see where this is going?

As you have undoubtedly figured out by now, each three letters is part of a “class.” Each digit represents a “class”.   Class meaning that the first three “rwx” belongs to the User who owns the files. The middle set of three is group access. The Last three letters are used for other people outside of the group and owner of the file. (See Below)

mode

User: The owner of a file belongs to this class.
Group: The members of the file’s group belong to this class
Other: Any users that are not part of the user or group classes belong to this class

Directory Permissions:
dir-permissions
File Permissions:
file-premissions

 


Now, someone like root may modify files and change their permissions and access to directories and files as needed. Here are a few hand commands:

chmod – modify file access rights.  It would look like this $ chmod g+x  /downloads/some_file.
Chmod is made up of three components. Who we are changing the permissions for user, group, other  or all? Are we granting or denying permissions? This is indicated by a “+” or “-“. Finally, what permission are we granting, Read, write or execute? chmod can also be used to change the permissions on a directory.

su– Will give you superuser access for a temporary amount of time. If you want unlimited access, I would suggest logging in as root.

chown – This will change the user or the group ownership of the file. $ chrown [option]  [owner]:[group] <some_file>. If only the owner is given, then that user is made owner of the file.  If the owner is followed by a colon and then a group name, the group ownership will change as well. If the owner is specified and there is no group specified after the colon, the group will be set to the new owners login group.

chgrp – Change a file’s group ownership. This can be done with the chown command if one would like. But this command is specifically for groups, you can only change the owning group of the file. chgrp somegroup  somefile.txt.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s