Linux File Permissions

Discuss everything about Linux here!

Moderator: Community Moderator

Post Reply
User avatar
MrNiitriiX
Premium Uploader
Premium Uploader
Posts: 2197
Joined: 19 Apr 2010, 14:52
Location: between space and time
Has thanked: 24 times
Been thanked: 164 times

Linux File Permissions

Post by MrNiitriiX »

Controlling Access to Your Files with Permissions and Owners

If you share a Linux (or Unix) system, you will undoubtedly have private files that you want to keep private, as well as files that you want to be public. You can control access to your files by setting the permission flags and ownership for your files.

How to Tell What Access Your Files Have

When we discussed using the ls command, you may have been wondering about that gibberish in the first few columns of the ls -l command (stuff like -rw, r--, and so on). Here's an example of output from the ls -l command showing the contents of a directory:

Code: Select all

Permissions     User     Group      Size Date         Name
-rw-r-----   1 hermie   users      64183 Feb 14 22:07 cow_info
-rw-r-----   1 hermie   users     115032 Jan 06 11:14 dog_info
-rw-r--r--   1 hermie   users        248 Jan 16 09:18 pig_info
-rw-r--r--   1 hermie   users      45090 Mar 23 23:17 cat_info
-rwx--x---   1 hermie   users      45198 Jan 23 11:14 zippity
drwxr-x---   1 hermie   friends     1024 Feb 28 06:12 slugs
For each file you see listed a set of permissions; the owning user; a group name; and the size, creation date, and name of the file. We'll focus on the permission first by dissecting the file-access permissions for the cow_info file. Specifically, these permissions are shown in the string of characters preceding the file in the first column: -rw-r-----. Note that the permissions data is made up of ten characters, each of which has meaning.
To understand how to read file permissions, let's start by splitting apart those ten characters for cow_info:

Code: Select all

Directory?       User's Access   Group Access    Others' Access
- 	         r w -	         r - -           r - -
                 | | |           | | |
     Readable ---+ | |           | | +--- Not executable
     Writable -----+ |           | +----- Not writable
 Not executable -----+           +------- Readable

The character in the first position, a hyphen (-), indicates that this is a file and not a directory. Directories are marked with a d, as in drwxr-x--- (this precedes the directory slugs).

The next three characters (rw-) tell us whether the file's owner (hermie) can read, write, and execute the file. An r in the first position means that the file can be read; a w in the second position means that the file can be written to (updated); and an x in the third position means that the file can be executed (run). In all three cases, if a hyphen appears in place of an r, w, or x, that specific privilege is removed. For example, rw- means that the file can be read and written to, but not executed.

The next sets of three characters define read, write, and execute access for the users in a particular group (the users group, in this case), along the same lines as above. For example, the characters r-- that appear in these positions for cow_info tell us that the users group can read this file but can't write to or execute it.

The final set of three characters--all hyphens, in this case--defines access for those who are not the owner or in the listed group. This one's easy: No one outside the listed group has any kind of access to this file.

Note: Groups are a convenient way to give a set of users the same access to a bunch of files. Only a superuser can add to or remove users from groups. To find out what groups you belong to, use the groups command.

In sum, access to the cow_info file is controlled like so: The user (hermie) can read and update the file, but cannot execute it. People in the users group can only read the file, and everybody else on the system gets no access at all.
Here's another example:

-rwx--x--- 1 hermie users 45198 Jan 23 11:14 zippity

The characters that precede the file name zippity tell us that this file is readable, writable, and executable by hermie; only members of the users group can execute it; and others outside the users group have no access to it.
Note: You can give execute permission to any file, but it doesn't make sense to do so unless the file is actually a program.

Look at the listing for slugs:

drwxr-x--- 1 hermie friends 1024 Feb 28 06:12 slugs

You can see first that it's a directory (signified by the d in the first position). User hermie has read and write access, which in the case of a directory translates into the ability to list files and to create and delete files. Hermie also has execute access, which in the case of a directory means the ability to use cd to change to it. Those in the friends group can list files in the directory and use cd to make it the current directory, but others have no access whatsoever to the directory.

Note: Unless you are administering a large Unix system with lots of users, groups are not very important. In these examples, users is just the name of a group that all users belong to by default in a Linux system. If your primary group is users, all files you create will show that as the group name, unless you use the chgrp command to change it. If you're curious, use the man chgrp command to find out more.

Leason 1: The Linux File System
Leason 2: Linux File Names
Leason 3: Linux Directories
Leason 4: Directory Terminology
Leason 5: Navigating the File System
Leason 6: Listing Linux Files
Leason 7: Displaying Linux Files
Leason 8: Copying and Renaming Files
Leason 9: Creating Files and Directories
Leason 10: Deleting Files and Directories
Leason 11: Linux Files - Wildcards
Leason 12: The Nine Deadly Keystrokes
Leason 13: Linux File Permissions
Leason 14: Changing File Permissions
Last edited by MrNiitriiX on 30 Sep 2010, 15:02, edited 1 time in total.
"Injustice anywhere is a threat to justice everywhere." - Martin Luther King
Image
Upload List
Top
Post Reply

Return to “Everything Linux”