File Permissions

From CSWiki
Jump to: navigation, search

File permissions are very important in a multi-user environment, such as Linux/Unix. Users familiar with Microsoft Windows may have no idea that file permissions even exist!

By default, only you have permission to view the files you create!

There are a few different ways to change permissions of folders and files, which we will try to detail here.

Contents

[edit] Permissions

A newly created account will have a completely empty home directory. We can view the permissions of the directory by entering the command ls -al from within the home directory. The result will look similar to this:

$ ls -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:42 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..

The first line represents the current directory, indicated by one period. The second line represents the parent directory, indicated by two periods.

As we can see, the permissions for the current directory are drwx------, the owner is a123456z, and the group is students.

If we create a new empty file using the touch command, it will have permissions similar to our home directory:

$ touch bleh
$ la -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rw-------  1 a123456z students    0 2008-05-08 12:51 bleh

Now we can see that the permissions for the new empty file we created (called bleh) are -rw-------, with an owner of a123456z, and a group of students.

Next, lets examine what these permissions mean.

[edit] Permission Definitions

The very first character displays the type of file. d tells us that the file is a directory, or folder. l means the file is a link, or shortcut, to another file. Nothing (indicated with a dash -) means the item is a regular file.

The next three characters represent the permissions for the owner of the file. r stands for read, w stands for write (change or modify), and x stands for execute.

The second set of three characters are the permissions for the group.

The third set of three characters are the permissions for everyone else (others).

Lets take another look at the file bleh from the example above:

-rw-------  1 a123456z students    0 2008-05-08 12:51 bleh

We can see that it is a regular file, and that the owner has read and write permissions. No other users can read the file, write to (or overwrite) it, or execute it.

[edit] Changing Permissions

Now that we can see the permissions on a file, lets take a look at changing them. Changing permissions can be accomplished using the chmod command, followed by the permissions we wish to change, and the name of the file or folder we want to change the permissions of.

[edit] Using Symbolic Notation

Symbolic notation can be a little easier to understand for the beginning user. Symbolic notation uses u for the user (owner), g for the group, and o for others. Symbolic notation also uses r for read, w for write, x for execute, X (capital X) for special execute which applies to directories, s for setuid/gid, and t for sticky. A more detailed description of these modes can be found at http://en.wikipedia.org/wiki/Chmod#Symbolic_modes We can then use our permission definitions from above to set permissions on our example file bleh using the following syntax:

$ chmod u+x bleh
$ ls -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rwx------  1 a123456z students    0 2008-05-08 12:51 bleh

Notice that our file bleh is now executable for the owner! If this file contained a program or script of some sort, it could now be executed.

Lets do another one, allowing the group and all others to read the file:

$ chmod g+r,o+r bleh
$ ls -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rwxr--r--  1 a123456z students    0 2008-05-08 12:51 bleh

Now, everyone can read our file, however the owner is the only one who can write (modify) or execute the file.

Change permissions to allow the group and everyone else to modify and execute the file:

$ chmod g+wx,o+wx bleh
$ ls -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rwxrwxrwx  1 a123456z students    0 2008-05-08 12:51 bleh

Now anyone can read, change, execute, or delete our file.

Finally, lets set the permissions back to the way they originally were:

$ chmod u-x,g-rwx,o-rwx bleh
$ ls -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rw-------  1 a123456z students    0 2008-05-08 12:51 bleh

Much better. Now nobody else can mess with our file!

[edit] Octal Notation

Symbolic notation is nice, but it requires you to add and remove permissions, instead of just setting them as you want. Octal notation can be a little more confusing, but for the advanced user it can be much faster.

Instead of using all the letters with the chmod command, we use numbers. Here is a little table representing what the numbers mean:

Number Description
1 Execute
2 Write
3 Write & Execute
4 Read
5 Read & Execute
6 Read & Write
7 Read, Write, & Execute

Now that seems even more confusing, doesn't it?! Not really. If you can remember the octal notation for execute, write, and read, all the other combinations can be found easily using basic addition. For example, execute = 1 and write = 2. If we add 1 + 2, we get 3! Therefore execute & write = 3!! Similarly, execute (1) + write (2) + read (4) = 7.

Octal notation uses three of these numbers to represent the owner, group, and everyone else. This way we can set the permissions for a file with a single command, without needing to know what the current permissions are!

So, lets do some examples, again using the file bleh from above.

$ chmod 600 bleh
$ ls -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rw-------  1 a123456z students    0 2008-05-08 12:51 bleh

Well, since our file bleh was already set with read & write permissions for the owner, our chmod 600 command didn't actually change anything!

We can make it executable for the owner using the following command:

$ chmod 100 bleh
$ ls -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
---x------  1 a123456z students    0 2008-05-08 12:51 bleh

Well, we made the file executable for the owner, however we can no longer read the file or make changes to it! This is because octal notation sets the permissions; it does not add to the permissions the way symbolic notation does. We can set it to read, write, and execute by the owner with the following:

$ chmod 700 bleh
$ ls -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rwx------  1 a123456z students    0 2008-05-08 12:51 bleh

Now to allow the group and all others to read the file:

$ chmod 744 bleh
$ ls -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rwxr--r--  1 a123456z students    0 2008-05-08 12:51 bleh

Let the group and everyone else to modify and execute the file:

$ chmod 777 bleh
$ ls -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rwxrwxrwx  1 a123456z students    0 2008-05-08 12:51 bleh

And finally, lets set it back to the way it originally was:

$ chmod 600 bleh
$ ls -al
total 8
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rw-------  1 a123456z students    0 2008-05-08 12:51 bleh

[edit] Changing Ownership

Now that we know how to change the permissions of a file, lets take a look at changing the owner and group.

[edit] Change Owner

We can easily change the owner of a file using the chown command, however in order to change the owner, you must be a superuser, or root (administrator). Here is an example, again using our bleh file:

# chown root bleh
# ls -al
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rw-------  1 root     students    0 2008-05-08 12:51 bleh

Now the owner of the file is root, but the group is still students. Note that we are the superuser, because the command prompt is now a pound sign (#).

Lets change it back:

# chown a123456z bleh
# ls -al
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rw-------  1 a123456z students    0 2008-05-08 12:51 bleh

We can also change the owner and group at the same time, like this:

# chown root:root bleh
# ls -al
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rw-------  1 root     root        0 2008-05-08 12:51 bleh

Now, the owner and group are both root.

Finally, lets set it back:

# chown a123456z:students bleh
# ls -al
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rw-------  1 a123456z students    0 2008-05-08 12:51 bleh

Normal users cannot change the owner of a file, however they can change the group of the file using the chgrp command. See more about changing group membershi below...

[edit] Change Group

Using the chgrp command is similar to the chown command listed above, but it can only change the group.

$ chgrp root bleh
$ ls -al
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rw-------  1 a123456z root        0 2008-05-08 12:51 bleh

Now the file bleh has a group of root.

And to change it back:

$ chgrp students bleh
$ ls -al
drwx------  2 a123456z students 4096 2008-05-08 12:51 .
drwxr-xr-x 40 root     root     4096 2008-05-08 12:42 ..
-rw-------  1 a123456z students    0 2008-05-08 12:51 bleh

Note that a user can only change the group membership to a group that they are a member of! Run the id command to see your group membership.

[edit] Folders

Folder permissions, owners, and groups are set and changed the same way as file permissions, however we have an extra option we can use, the recursive -R flag.

Using chmod -R allows us to change the permissions on a folder, along with everything inside that folder.

Using chown -R allows us to change the owner of a folder, along with everything inside that folder.

Using chgrp -R allows us to change the group of a folder, along with everything inside that folder.

[edit] More Information

  1. http://en.wikipedia.org/wiki/File_system_permissions
  2. http://en.wikipedia.org/wiki/Chmod
  3. http://en.wikipedia.org/wiki/Chown
  4. http://en.wikipedia.org/wiki/Chgrp
Personal tools