The easiest way to learn Linux permissions is from an example. The ls -l command generates a list of contents, such as files along with their permissions. Let’s take a look at the default values for a file called Filename. We are adding spaces to make the output more legible.
– rw- r– r– other information about the file Filename
The initial – signifies that this is a file (not a directory). The next three characters refer to the file permissions for the file owner, in many cases the person who created the file. The values rw- signify that the owner has read and write (modify) permission but not execute permission. Had these values been r-x the owner would be able to read and execute the file (program) but not modify it. The second set of values r– signify that the members of the group associated with this file have read but not write or execute permission. The third set of values also r– signify that other users have read but not write or execute permission.
Permissions are often handled numerically. The r has a value of 4, the w has a value of 2, and the x has a value of 1. In all cases the lack of permission has the value 0. So rw- has the value 6 and r– has the value 4. In the above example the permissions may be expressed as 644. The full set of permissions for everyone is expressed as 777 (not usually a good idea).
Note that the root user’s permissions aren’t listed. This shouldn’t be surprising because root has essentially complete permissions. But even root’s doesn’t have execute permissions for a file it creates. This permission must be added in a separate step. Why? This two-step procedure has important security implications. Let’s say that someone, perhaps root, has received an email that contains a virus-infested executable program. The program cannot be executed without the explicit permission of root or the recipient. If the user doesn’t know what to do the virus won’t be launched.
Linux defines permissions for directories that are similar to but not exactly the same as the file permissions. A read permission on a directory means that its contents may be listed. A write permission on a directory means that the user can modify its contents, by adding, deleting, or renaming files. An execute permission on a directory means that it may be accessed, in other words made the current working directory.
Permissions may be changed via the chmod command as in the example chmod 770 Junque which gives read, write, and execute permissions to the file owner and members of the ownership group but no permissions to anyone else. Not everyone likes working with these numbers. The symbolic mode uses letters and the plus and minus signs to change permissions.
The following command removes the write permission from the user (owner) of the Perm file chmod u-w Perm. To add the execute permission for others, people who do not belong to the group that owns the file apply the command chmod o+x Perm This command only makes sense if the Perm file is executable. Furthermore, under most circumstances the file owner and his or her group will have more permissions that the others. Linux doesn’t always check to see that your command really makes sense. Do you think that Windows is more intelligent in this respect?
The chown command is used to change the ownership of a file or a directory. The chgrp command is used to change the group ownership of files and directories. These commands might be used when a project passes from the development to the testing stage. Needless to say only the system administrator can execute these commands.
Of course there is more to Linux permissions and groups but we have covered the basics. The next article in this series discusses inodes, a topic that is sorely missing from the Windows bag of tricks.
Levi Reiss has authored or co-authored ten books on computers and the Internet. He loves the occasional glass of wine as exemplified by his wine websites including http://www.theworldwidewine.com. He teaches Linux and Windows operating systems plus other computer courses at an Ontario French-language community college. Visit his new website http://www.linux4windows.com which teaches you how to download and run Damn Small Linux on Windows computers, even if they are “obsolete.”
Article Source: http://EzineArticles.com