Access to any file or directory is controlled by the permissions. In Linux We have three categories of users to which permissions apply.
First user is the owner of the file. Normally it will be the user who created the file. It is possible to change the ownership anytime.
Second category is the group which own the file. By default it will be the primary group of the user who created the file.
Third category includes all other users that are not the owner or the member of the owning group.
To know about users and groups go to SA1-Chapter12
Different permissions can be applied to each categories. Owner permission override group permissions which override the others permission.
And we have three permissions. they are read, write and execute.
We can have permissions as combination of any of the three.
For a file:-
read says you can read the content of the file.
write says you can edit the file.
execute says you can execute the file as a command.
For a directory:-
read permission allow the user to see the content of the directory but not to access them.
write permission will allow to create or delete any file inside the directory irrespective of the file permissions.(but practically write is working only with execute permission)
execute permission will allow you to access files with respect to the file permissions.
Modifying permission in graphical mode
---------------------------------------
Right click on the file/directory. ->properties->permissions
it is very simple to change from there.
Changing permissions using commands
-----------------------------------
to change the permission the command 'chmod' is used.
This command can change the permission in two methods. One is using symbols and the other is using numbers.
**Using numbers is simple.
using numbers the permission will have a value wich will be the sum of read (4) write (2) and execute (1). for example permission 5 is 4+1 ie, write and execute. And of-course 0 is for no permissions.
So chmod will be used as
#chmod permissions file
eg:- #chmod 756 /home/abc/test.txt
here the permission is 756, here the first digit 7 (4+3+1=r+w+x) for the owner of the file, the second digit 5(4+1=r+x) is for the owning group and the last digit 6 (4+2=r+w)is for others.
**changing using symbols
the syntax for changing permission using symbol is
#chmode WhoWhatWhich file/directory
here
who is u,g,o,a for user, group, other, and all resp.
what is +, -, = for add , remove and set exactly resp.
which is r, w, x for read , write, execute resp
eg:- #chmod go+w /home/abc/test.txt
which means add write permission for group and others for the spwcified file.
you can list the permission using the command ls -l filename
if its a directory it will list the contents of the directory with permission.
if you want to list the same of a directory the option -d can be used.
eg:- #ls -ld /home
Changing the ownership of a file/Directory
------------------------------------------
#chown student testfile
will change the ownership of the file testfile to student. you can do the same with a directory also. If you want to descent into the directory you can use the option -R.
To change the group, command 'chgrp' can be used in the same way.
To change both the owner and the group [where group id the pripmary group of the new owner] you can use the command chown itself as shown below
#chown oracle.oinstall /data/app
here the ownership of the directory /data/app will be changed as owner is oracle and group is oinstall.
Special permissions
-------------------
Apart from the read write and execute permissions there are some special permissions
A permission setuid for executable files
A permission setgid for directories
A permission sticky bit for [global] directories
Special permission setuid(or setgid) can be given to any executable so that the executable will be executed with the permission of the owner of it.
eg:-
root user can read /etc/shadow file
#vim /etc/shadow
Normal user cannot read it will say permission denied
$vim /etc/shadow
set uid for vim
#chmod u+s /usr/bin/vim
Now normal user also can read the shadow file since the vim will be invoked with root permissions
ie,
$vim /etc/shadow .. will open the file.
Normally when a file is created, the owner of the file will be the user who created it, and the default group of the file will be the primary group of the created user. To change this behavior inside a directory, ie, to make the group be the owning group of the directory we can use 'setgid'. For that use a prefixed 2 with the permission of the directory.
eg:- chmod 2756 /home/abc/
or using symbols
#chmod g+s /home/abc/
If you have the w permission on a directory(remember w will work with x only in practical) you can delete any file even if you are not the owner of, or ever if you have 0 permission on it. So for global directories like /temp, its dangereous. So introduces the 'sticky bit' permission. if it is added to a directory only the owner of the file will be able to delete anything from the directory. to add it add a one as preceding bit.
eg:- chomod 1756 /home/abc
using symboles
#chmod o+t /home/abc
First user is the owner of the file. Normally it will be the user who created the file. It is possible to change the ownership anytime.
Second category is the group which own the file. By default it will be the primary group of the user who created the file.
Third category includes all other users that are not the owner or the member of the owning group.
To know about users and groups go to SA1-Chapter12
Different permissions can be applied to each categories. Owner permission override group permissions which override the others permission.
And we have three permissions. they are read, write and execute.
We can have permissions as combination of any of the three.
For a file:-
read says you can read the content of the file.
write says you can edit the file.
execute says you can execute the file as a command.
For a directory:-
read permission allow the user to see the content of the directory but not to access them.
write permission will allow to create or delete any file inside the directory irrespective of the file permissions.(but practically write is working only with execute permission)
execute permission will allow you to access files with respect to the file permissions.
Modifying permission in graphical mode
---------------------------------------
Right click on the file/directory. ->properties->permissions
it is very simple to change from there.
Changing permissions using commands
-----------------------------------
to change the permission the command 'chmod' is used.
This command can change the permission in two methods. One is using symbols and the other is using numbers.
**Using numbers is simple.
using numbers the permission will have a value wich will be the sum of read (4) write (2) and execute (1). for example permission 5 is 4+1 ie, write and execute. And of-course 0 is for no permissions.
So chmod will be used as
#chmod permissions file
eg:- #chmod 756 /home/abc/test.txt
here the permission is 756, here the first digit 7 (4+3+1=r+w+x) for the owner of the file, the second digit 5(4+1=r+x) is for the owning group and the last digit 6 (4+2=r+w)is for others.
**changing using symbols
the syntax for changing permission using symbol is
#chmode WhoWhatWhich file/directory
here
who is u,g,o,a for user, group, other, and all resp.
what is +, -, = for add , remove and set exactly resp.
which is r, w, x for read , write, execute resp
eg:- #chmod go+w /home/abc/test.txt
which means add write permission for group and others for the spwcified file.
you can list the permission using the command ls -l filename
if its a directory it will list the contents of the directory with permission.
if you want to list the same of a directory the option -d can be used.
eg:- #ls -ld /home
Changing the ownership of a file/Directory
------------------------------------------
#chown student testfile
will change the ownership of the file testfile to student. you can do the same with a directory also. If you want to descent into the directory you can use the option -R.
To change the group, command 'chgrp' can be used in the same way.
To change both the owner and the group [where group id the pripmary group of the new owner] you can use the command chown itself as shown below
#chown oracle.oinstall /data/app
here the ownership of the directory /data/app will be changed as owner is oracle and group is oinstall.
Special permissions
-------------------
Apart from the read write and execute permissions there are some special permissions
A permission setuid for executable files
A permission setgid for directories
A permission sticky bit for [global] directories
Special permission setuid(or setgid) can be given to any executable so that the executable will be executed with the permission of the owner of it.
eg:-
root user can read /etc/shadow file
#vim /etc/shadow
Normal user cannot read it will say permission denied
$vim /etc/shadow
set uid for vim
#chmod u+s /usr/bin/vim
Now normal user also can read the shadow file since the vim will be invoked with root permissions
ie,
$vim /etc/shadow .. will open the file.
Normally when a file is created, the owner of the file will be the user who created it, and the default group of the file will be the primary group of the created user. To change this behavior inside a directory, ie, to make the group be the owning group of the directory we can use 'setgid'. For that use a prefixed 2 with the permission of the directory.
eg:- chmod 2756 /home/abc/
or using symbols
#chmod g+s /home/abc/
If you have the w permission on a directory(remember w will work with x only in practical) you can delete any file even if you are not the owner of, or ever if you have 0 permission on it. So for global directories like /temp, its dangereous. So introduces the 'sticky bit' permission. if it is added to a directory only the owner of the file will be able to delete anything from the directory. to add it add a one as preceding bit.
eg:- chomod 1756 /home/abc
using symboles
#chmod o+t /home/abc
Next Chapter