Each file and directory in Linux contains a set of permissions that determine who can access them and how.
You set these permissions to limit access in one of three ways:
- You can restrict access to yourself alone,
- you can allow users in a predesignated group to have access, or
- you can permit anyone on your system to have access.
A file or directory may have read, write, and execute permissions.
When a file is created, it is automatically given read and write permissions for the owner, enabling you to display and modify the file. You may change these permissions to any combination you want. A file could also have read-only permission, preventing any modifications.
Three different categories of users can have access to a file or directory: the owner, the group, an all others not belonging to that group.
The owner is the user who created the file. Any file you create, you own.
You can also permit a group to have access to a file. Often, users are collected into groups. For example, all the users for a given class or project could be formed into a group by the system administrator. A user can grant access to a file to the members of a designated group.
Finally, you can also open up access to a file to all other users on the system. In this case, every user not part of the file's group could have access to that file. In this sense, every other user on the system makes up the "others" category. If you want to give the same access to all users on your system, you set the same permissions for both the group and the others.
Each category has its own set of read, write, and execute permissions. The first set controls the user's own access to his or her files—the owner access. The second set controls the access of the group to a user's files. The third set controls the access of all other users to the user's files. The three sets of read, write, and execute permissions for the three categories—owner, group, and other—make a total of nine types of permissions.
The ls command with the -l option displays detailed information about the file, including the permissions. In the following example, the first set of characters on the left is a list of the permissions set for the mydata file:
$ ls -l mydata -rw-r--r-- 1 chris weather 207 Feb 20 11:55 mydata
An empty permission is represented by a dash, -. The read permission is represented by r, write by w, and execute by x. Notice there are ten positions. The first character indicates the file type. In a general sense, a directory can be considered a type of file. If the first character is a dash, a file is being listed. If the first character is d, information about a directory is being displayed.
Changing a File's Owner or Group: chown and chgrp
The chown command transfers control over a file to another user. This command takes as its first argument the name of the other user. Following the username, you list the files you are transferring. In the next example, the user gives control of the mydata file to user robert:
$ chown robert mydata $ ls -l mydata
You can also, if you wish, change the group for a file, using the chgrp command. chgrp takes as its first argument the name of the new group for a file or files. Following the new group name, you list the files you want changed to that group. In the next example, the user changes the group name for today and weekend to the forecast group. The ls -l command then reflects the group change.
$ chgrp forecast today weekend $ ls -l
Setting Permissions: Permission Symbols
The symbolic method of setting permissions uses the characters r, w, and x for read, write, and execute, respectively. Any of these permissions can be added or removed. The symbol to add a permission is the plus sign, +. The symbol to remove a permission is the minus sign, -. In the next example, the chmod command adds the execute permission and removes the write permission for the mydata file for all categories. The read permission is not changed.
$ chmod +x-w mydata $ chmod g+rw mydata $ chmod o+r mydata
Absolute Permissions: Binary Masks
When dealing with a binary mask, you need to specify three digits for all three categories, as well as their permissions. This makes a binary mask less versatile than the permission symbols. To set the owner execute permission on and the write permission off for the mydata file and retain the read permission, you need to use the octal digit 5 (101). At the same time, you need to specify the digits for group and other users access. If these categories are to retain read access, you need the octal number 4 for each (100). This gives you three octal digits, 544, which translate into the binary digits 101 100 100.
$ chmod 544 mydata
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.