quick and dirty guide...
...to Linux file permissions
One of the most confusing issues for a Windows defector is that of file permissions. Home-user Windows systems have no concept of file ownership, which depending on your situation, can be a good or bad thing. You need to keep in mind that Linux is at heart a Unix system, and Unix is built to support multiple users. Even on a home computer permissions are a useful feature which allow you to block sensitive files from being edited, or even read by non-authorized people.
To further illustrate this point, consider your old Windows box. You might have spent hours or days getting your preferences and settings just right, only to find that the next time you sit down at the computer somebody has changed the widget colours to an ungodly lemon yellow, and changed the system time to GMT when you live in New York. Another example: You spend all weekend putting the finishing touches on a report for your boss, but unfortunately it is lost forever because your child has just discovered the joy of "delete". Oops.
These examples may be a bit extreme, but suffice it to say that ensuring your files don't get 'accidently' deleted, or viewed by the wrong eyes provides a great deal of comfort.
overview
In a nutshell, there are three types of permissions, and three entities that receive these permissions. As a quick example type 'ls -l' in a directory. Any directory. You should see something like this:
-rwxr-xr-x 1 bulliver web 664 Feb 9 02:28 ip2name.pl -rw-r--r-- 1 bulliver web 1704 Feb 1 07:29 letter.dvi -rw-r--r-- 1 bulliver web 1185 Feb 5 19:16 letter.latex -rwxrwxrwx 1 bulliver web 192 Feb 6 14:55 darren_says
What we are interested in is the cryptic 'r's 'w's and 'x's on the left side. You probably already know that these are the permissions of the respective files. So what do they mean?
- 'r'
- 'read' permission. This allows you to read, view, or otherwise open the file depending on context.
- 'w'
- 'write' permission. This allows you to edit or delete the file.
- 'x'
- 'execute' permission. This allows you to run the file as a program.
So who receives these permissions? We have three entities: owner, group, and other.
- owner
- Typically the owner is the person who creates the file. The majority of system files are owned by root, ensuring that mortal users cannot erase or edit important system settings.
- group
- Groups create a way to share files between users, for example, a team of designers who are working together on a project. Groups may also be used to allow access to certain devices, such as CDROMs or printers to regular users.
- other
- As the name implies, this permission applies to everybody else. We need to pay particular attention to this permission because if it is set to read or write then anybody can view, edit, or delete the file..
Looking back to our 'ls -l' example you can see that there are 10 slots in the listing. The first slot is usually just a dash (-) which tells us it is a regular file. Sometimes it is a 'd' for directory, 'l' for link, or 'c' for character device. We don't need to worry about that right now. The other 9 slots are our three permissions for our three entities. The first three are for the owner, then group, then other. Perhaps an example:
-rwxrw-r-- 1 bulliver web 192 Feb 6 14:55 darren_says
In this example we can see that the first three are 'rwx' which means the owner of the file can read, write or execute it. The group can read and write (rw-), and everybody else is limited to viewing the file (r--). In this particular example we can see that the file's owner is 'bulliver', and the file's group is 'web'.
ownership and groups :: chown and chgrp
To change the owner of a file, we use the chown command. The format is 'chown [new owner] file'. To change the file's group, we use the chgrp command. The format is the same 'chgrp [new group] file'. To save some typing we can change both in one shot using the dot notation: 'chown [new owner].[new group] file'. Let's have some examples:
[root@localhost]# ls -l anyfile -rw-rw-r-- 1 bulliver web 192 Feb 6 14:55 anyfile [root@localhost]# chown root anyfile [root@localhost]# ls -l anyfile -rw-rw-r-- 1 root web 192 Feb 6 14:55 anyfile [root@localhost]# chgrp bozo anyfile [root@localhost]# ls -l anyfile -rw-rw-r-- 1 root bozo 192 Feb 6 14:55 anyfile [root@localhost]# chown bulliver.web anyfile [root@localhost]# ls -l anyfile -rw-rw-r-- 1 bulliver web 192 Feb 6 14:55 anyfile
Not much to this, right? Let's move on to something complicated.
permissions and chmod
A file's permissions are also known as its 'mode' to gurus and Linux geeks, so to change them we use the 'chmod' command (change mode). There are two ways of specifying the new permissions using chmod: symbolic and absolute.
absolute mode
Because you are dying with suspense, I will just tell you that absolute mode is the one with the numbers. You can use simple arithmetic to arrive at the permission you are looking for. Consider:
----------------------------------------------------------------------------
| owner | group | other |
----------------------------------------------------------------------------
| read | write | execute | read | write | execute | read | write | execute |
----------------------------------------------------------------------------
| 400 | 200 | 100 | 40 | 20 | 10 | 4 | 2 | 1 |
----------------------------------------------------------------------------
So you just add the appropriate mode numbers to arrive at your desired permission. It may be easier to consider each entity as a single digit, in the usual order (owner group other). As always, this theory is best understand with some examples. Let's imagine a hypothetical file named 'myscript'. 'myscript' is a shell script that we are writing that performs a useful function. When we first create it we don't want others to mess around with it, so we set some restrictive permissions while writing it:
[joe@localhost]$ chmod 600 myscript [joe@localhost]$ ls -l myscript -rw------- 1 joe user 192 Feb 6 14:55 myscript
Now let us imagine that we need some help with our script, so we make it available to our programmer friend, who just happens to belong to a group called 'web'. We need to change the group, and change the group permissions:
[joe@localhost]$ chgrp web myscript [joe@localhost]$ chmod 660 myscript [joe@localhost]$ ls -l myscript -rw-rw---- 1 joe web 192 Feb 6 14:55 myscript
Our script is now almost done, and we want to test it. We need it to be executable:
[joe@localhost]$ chmod 770 myscript [joe@localhost]$ ls -l myscript -rwxrwx--- 1 joe web 192 Feb 6 14:55 myscript
Our script is now perfect. We are going to make the script available for all users to run, and we want them to be able to see our handywork so we'll let everybody read and execute it. We don't want users changing it however, so they don't get write permission:
[joe@localhost]$ chmod 775 myscript [joe@localhost]$ ls -l myscript -rwxrwxr-x 1 joe web 192 Feb 6 14:55 myscript
This should give you a good working knowledge of absolute mode. Just remember that to get your permission, add the appropriate mode numbers.
relative mode
As the name implies, relative mode only changes permissions relative to the current permissions. That is, you can add or remove permissions from the existing ones. The format is pretty much the same as absolute mode: 'chmod [new_mode] file'. It is only the mode that is different.
We have three parts, which for lack of better terms, are '[entity][operator][permissions]'. The entities describe who gets the permissions. They are:
- 'u': user, the file's owner
- 'g': group, the file's group
- 'o': other, everybody else
- 'a': all, all three together
The operators decide whether we add, remove, or emulate absolute mode (ie: describe permissions from scratch). They are:
- '+' : add permissions
- '-': remove permissions
- '=': emulate absolute mode
The permissions we have seen already, they are nothing new:
- 'r' : read permission
- 'w': write permission
- 'x': execute permission
There are actually quite a few more options available, but they should not be necessary for casual use. If you are really curious I direct you to 'man chmod'. Perhaps some more examples are in order.
chmod a+x filename # adds execute permissions to all chmod u+x filename # adds execute permissions to the file's owner chmod ug+w filename # adds write permissions to the file's owner and group chmod o-rwx filename # removes read, write, and execute permissions from other chmod a=rx filename # creates a 555 permission from scratch
As you can see pretty much any combination is valid as long as you follow the '[entity][operator][permissions]' formula.
Well, I hope this has helped you get a handle on Linux file permissions. It's really not as hard as it might seem. That's all for now, happy chmoding to you!
stats
It is
Saturday May 10, 2008 2:39 pm
This page served 5653 times
This page last modified: April 14, 2008 11:28 am
Your IP address is: 38.103.63.18
You are browsing using: CCBot/1.0 (+http://www.commoncrawl.org/bot.html)
You are browsing from: United States.
badcomputer.org's uptime: 14:39:47 up 16 days, 15:21, 1 user, load average: 0.00, 0.00, 0.00
local
home | unix stuff | dir2ogg | sneetchalizer | wmainfo | q&d guide to permissions | q&d guide to tar and gzip | code | MS rant | browser shootout | linux & iAudio X5 | photos | music | programming poetry | sieve of Eratosthenes | plea | rain | suffer | archive | about | recipes | compaqr3000 | sitemap
search
credits
This page, and all pages on this site were created and are maintained by Darren Kirby using valid XHTML 1.0 and CSS, and are ©copyright 2002 - 2008. The Penguin image was created by Tukka, and is used by permission. Inspiration for the look of this site was provided by Eric A. Meyer's CSS gallery. This website runs on Gentoo Linux. It is served by Apache. PHP and MySQL hold together the backend.