This article is the second in the Linux Concepts - Users, Permissions and Groups on the Going Linux site. The first article be found here http://goinglinux.com/articles/UsersAndPermissions_en.htm. I would reccommend that you chck it out.
One of the best wasy to learn about the topic of Linux permissions is to study it. Lets look at an example. In a Linux terminal the ls -l command will generate a list of files in a directory it will also show their permissions.
If we take a file called myfile it will show
- rw- r-- r-- other information about the file myfile
The first part of this (-) signifies that this is a file and not a directory The next three characters (rw-) show the permissions for the file OWNER. In many cases is the person who created this file. The rw- means that the owner has both read and write permissions to the file but is not able to execute the file. This means that the owner is able to read and edit the file but is not able to run the program.
If the values had been r-x the owner would be able to read and run the program but would be unable to modify it.
The second set of three values r-- means that the members of a GROUP linked to this file would be able to read the file but not be able to edit or even run the file.
If you have ever used FTP (File Transfer Protocol) to upload files to a web server, you will have noted that when changing file permissions they will often use a number. Each letter in the permissions has a numeric equivalent. The r has the value 4, w has a value of 2 and the x has the value of 1. The lack of permissions in all cases has a value of 0. Hence the value of rw- would be 6 and the r-- has a value 4 and the second r-- would also be 4. In the example above, permissions would be expressed numerically as 644. To allow full permissions to the file it would be expressed as 777. A word of warning: Allowing full permissions is not a good idea when using Linux, and is to be avoided.
I didn't describe the ROOT user's permissions. The reason for this is that the root user has almost complete permission. However even the root user won't default to having execute permissions for for files it creates. This permission must be added in a seperate step.
Why would this be a two step procedure? The reason for this is security. For example, say you create a file called yourfile, and say the root user has just received an email saying that it contains a virus and it is a executable file. This file could not be run without the permission of the root user. If a user doesn't know what to do they will not be able to run it. Thus the virus won't be run.
Directory permissions are very similar to permissions for files but are not the same. A "read" permission on a directory means you can list the files in there. The write permission will allow you to change its contents either by adding or deleting files. The execute permission allows you to access the directory. This means you will be allowed to make it the current working directory.
You are able to change file and directory permissions by using the chmod command. For example, if you wish to change the file permission of myfile you would use the command chmod 770 myfile which will give permission to read, write and execute to the owner, and to members of the ownership group, but not to anyone else.
Many Linux users prefer not to use the numbers to set permissions, and use the letters and the plus and minus to change permissions. I would reccommend when you try setting file permissions you should pick the one you feel most comfortable with.
The command chmod u-w Perm removes the write permission from the user. To add the execute for others who don't belong to your group use the command chmod o+x. Please note this command only makes sense on executable files. I would like to point out that Linux doesn't check to see if a command makes any sense. It really does what you tell it to do.
The command chown is used to change the ownership of a file or directory. The command chgrp is used to change the group ownership of files and directories. You could use these commands whan a project moves from the development to the testing stage. Only a system administrator will be able to use these command.
There is a lot more to the permissions and groups than is described in this article, but I hope that it has helped you to understand the basics.
Author: Paul Hardy
Originally posted on the Going Linux website: http://goinglinux.com/articles/Groups_en.htm
Paul has granted you the right to reprint this article, but the title and content (including this notice) must remain unchanged and the author's name and contact information must be included.
Theme music for the Going Linux podcast is generously provided by Mark Blasco. http://www.podcastthemes.com
Going Linux Podcast by Larry Bushey is licensed under a Creative Commons Attribution 4.0 International License.