|
Project: Linux  Howtos
Understanding Linux file permissions
By Mayank Sarup <mayank@freeos.com>
Posted: ( 2001-01-05 06:12:50 EST by )
In a secure multi-user environment like Linux, file permissions access
rights are defined. However, these access rights can cause problems for
new users who are used to the access-anything style of DOS/Windows.
This is a short guide aimed at such novice users that explains the
basics and also the commands that are used to manage and administer
these permissions.
Linux is a proper multi-user environment. In a multi-user environment,
security of user and system data is very important. Access should be given
only to users who need to access the data. Since Linux is essentially a
server OS, good and efficient file security is built right into Linux. Of
course, such security does create problems for users, especially novice
users. Many user queries are due to incorrect file permissions or just
because a user ignores that fact that the file permissions do not allow
access. First, let's check out the file permissions. File permissions are defined
for users, groups and others. User would be the username that you are
logging in as. Further more, users can be organized into groups for better
administration and control. Each user will belong to at least one default
group. Others includes anyone the above categories exclude. Given below is the result of an 'ls -l' drwxr-x--- 2 mayank freeos 4096 Dec 28 04:09 tmp
-rw-r--r-- 1 mayank freeos 969 Dec 21 02:32 foo
-rwxr-xr-x 1 mayank freeos 345 Sep 1 04:12 somefile Relevant information in the first column here is the file type followed by
the file permissions. The third and the fourth column show the owner of
the file and the group that the file belongs to. The first entry here is tmp. The first character in the first column is
'd', which means the tmp is a directory. The other entries here are files,
as indicated by the '-'. d rwx r-x ---
file type users group others The next 9 characters define the file permissions. These permissions are
given in groups of 3 each. The first 3 characters are the permissions for
the owner of the file or directory. The next 3 are permissions for the
group that the file is owned by and the final 3 characters define the
access permissions for everyone not part of the group. There are 3
possible attributes that make up file access permissions. r - Read permission. Whether the file may be read. In the case of a
directory, this would mean the ability to list the contents of the
directory. w - Write permission. Whether the file may be written to or modified. For
a directory, this defines whether you can make any changes to the contents
of the directory. If write permission is not set then you will not be able
to delete, rename or create a file. x - Execute permission. Whether the file may be executed. In the case of a
directory, this attribute decides whether you have permission to enter,
run a search through that directory or execute some program from that
directory. Take the permissions of tmp, which are drwxr-x---. The owner of this
directory is user mayank and the group owner of the directory is freeos.
The first 3 permission attributes are rwx. This permission allows full
read, write and execute access to the directory to user mayank. So, mayank
has full access here. The group permissions are r-x. There is no write
permission given here so while members of the group freeos can change into
the directory and list its contents, they cannot create new files or
sub-directories. They also cannot delete any files or make changes to the
directory content in any way. No one else has any access because the
access attributes for others are empty (---). For foo the permissions are -rw-r--r--. Apply the above and you will see
that the owner of the file (mayank) can read and modify the file (Read and
Write access). Members of the group freeos can read the file but cannot
modify it. Everyone else can also read the file but not make any changes
to it. Now that you can read file permissions, you should learn about how you can
set or modify permissions. You would use the chmod program for this. To
change file permissions, you need to be either the user or root. The
syntax of the chmod command is quite simple. File permissions may be
defined for users (u), groups (g) and others (o). An example of the chmod command will be chmod u-x,g+w,o+rw somefile The chmod command here takes away execute permission from the user, sets
the write access bit for the group and also gives read and write access to
everyone else. The file permissions for the file before this command is
executed are -rwxr-xr-. After this command, the file permissions are
-rwxrwx---. First you choose to use 'u','g' or 'o' followed by '+' to add
a permission, '-' to take it away and '=' to wipe out any previous permission bits and set the permission bits to what is specified. You can
also use 'a' to set a permission bit for all users. Let's take permissions of -rwxrwxrwx for somefile and work on them. chmod g-wx somefile We're removing write and execute permission for members of the group. The
file will now have attributes of -rwxr-rwx. You can also specify permissions for users, groups or others in the same
command, separated but commas. chmod g+wx,o-rwx somefile Group members have been given write and execute access but all access has
been removed for users that are not members of that group. File
permissions now are -rwxrwx---. chmod a+x somefile Give everyone execute access. Permissions now are -rwxrwx-x. Specifying
'a' here is not essential. You could simply say '+x' here; 'all' is
assumed by default. So, the command chmod +x somefile is equivalent to the
one above. chmod go-rx somefile If the same permission bits are to be set/unset for users, groups or
others then you can club them together as above. File permissions now are
-rwx-w----. chmod ug=rwx somefile This sets the file permissions to exactly what is specified. Now, the file
permissions become -rwxrwx---. chmod o=g somefile File permissions for others are set at what the permissions for group are
set. Permissions now are -rwxrwxrwx. There is another way in which you can specify the file permissions. The
permission bits r,w and x are assigned a number. r = 4
w = 2
x = 1 Now you can use numbers, which are the sum of the various permission bits.
E.g - rwx will be 4+3+1 = 7. rx becomes 4+1 = 5. The chmod command now
becomes chmod xyz filename where x,y and z are numbers representing the permissions of user, group
and others respectively. Each number is the sum of the permissions to be
set and are calculated as given above. Chmod 644 somefile 6 = 4 + 2 = rw
4 = r
4 = r As you can see, the permissions for somefile are being set to -rwr--r--.
This is a simpler and quicker way of setting the file permissions. Refer
to the table below as a quick reference. 0 - ---
1 - --x
2 - -w-
3 - -wx
4 - r--
5 - r-x
6 - rw-
7 - rwx In addition to the file permission, you can also modify the owner and
group of the file. The chown program is used here and its syntax is very
simple. You need to be the owner of a file or root to do this. chown new-owner somefile chown newbie somefile To change group, user the chgrp command. Syntax is similar to chown. You
will need to be the owner of the file and also belong to the same group as
the file, or you should be root. chgrp new-grp somefile That was a quick look at file permissions under Linux. If you ever face a
problem under Linux, just take a look at the file permissions. In any
case, you just can't avoid running into file permission. This is essential
knowledge that no Linux user must do without. But please remember to use
correct file permissions. Don't take the easy way out and give everyone
access to your files. Even on a single user desktop environment, make sure
you follow good security practices.
Other articles by Mayank Sarup
Current Rating: [ 7.91 / 10 ]
Number of Times Rated: [ 822 ]
|
