Linux
is basically a multi-user system. But nowadays there has been
an increase in the usage of Linux as an OS for single user home
computers as well. But since it was originally meant to be a multi-user
OS, a lot of things that would be necessary in a multi-user system
are built into the Linux core. One such thing is file / directory
permissions.
In Linux every file present on the disk has associated permissions
with it. These permissions decide on who and in what manner these
files should be used. The rest of this article explains these
file / directory permissions in details.
In order to view the permissions associated with a file, you could
use the ' ls ' command. On executing ' ls ' you would be presented
with a directory listing with one filename per line. I shall explain
file permissions with the help of a sample output as shown below
drwxr-xr-x
frwxr-xr-x
frwx------ |
4
4
4 |
david
david
david |
david
david
david |
512
1240
4109 |
Jan
15 11:31
Jan 15 08:12
Jan 15 08:12 |
tutorials
viewresume
privatedata.txt |
Yours
would obviously be different from this one. But this output
should be enough to explain file permissions. The above output
shows that within the current directory there are 3 entries.
Lets start with the 2nd line.
| frwxr-xr-x
|
4
|
david
|
david
|
1240
|
Jan
15 08:12
|
viewresume
|
The first character 'f' indicates that ' viewresume ' is
a file. In case it was the name of a directory there would have
been a 'd' instead of a 'f'
The next part rwxr-xr-x (a total of 9 characters) should
be spilt into 3 parts each consisting of 3 consecutive letters
| Part
1 (User) : rwx |
Part
2 (Group) : r-x |
Part
3 (World) : r-x |
The
meaning of these 3 characters which form this 9 character sequence
is shown in the table below.
|
Description
of r,w,x for Files
|
|
r
|
Read
permissions for the file (whether the contents of the file
can be read or not) |
|
w
|
Write
permissions for the file (whether a file can be modified
or not) |
|
x
|
Execute
permissions (whether a file is an executable/script or not) |
In
Part 1 r,w and x, all the 3 permissions exist. This means that
the the concerned file, ' viewresume ' can be read, written
to as well as executed. Thus in case you want to just read the
contents of that file you could do so. In case you want to modify
the file that too would be allowed. Assuming that ' viewresume
' is some kind of a script it also has execute permissions assigned
to it. So you could execute this program from the shell prompt
as well.
Some of you'll who are really smart must have already started
thinking about how you could protect your data from others (in
a multi-user system) when you have provided r,w and x permissions
to the file. That is exactly why there is a 9 character sequence
present instead of just 3 characters.
Part 1 decides the permissions for the User (the owner of
the file)
Part 2 decides the permissions for other users who belong to
the same Group as the file
Part 3 decides the permissions for Others (rest of the world)
who might access your folder
As
the owner any file you create would be having the r and w permissions
present. In case its a script you should also add the execute
permission. This is explained in a later section of this article.
In case you are a part of a project involving other users, you
should ask the administrator to create a separate group and
include all the project members in that group. Then you could
create all your programs as a part of that group and use the
group permissions so that only those members belonging to your
project group can read, modify your files that concern to that
project.
For others (rest of the world) it is always best to leave the
default permissions which would be generally r and x. Never
ever give w permissions to all, else anyone would be able to
modify your files.
The rest of the fields don't have anything to with file permissions
as such. So they shall not be dealt with in this article. Now
lets consider the 3rd line in the ' ls ' output.
| frwx------ |
4
|
david
|
david |
4109
|
Jan
15 08:12 |
privatedata.txt
|
This shows the permissions for a file aptly named ' privatedata.txt
'. The name itself suggests that this is some important file that
only the owner of the file should be allowed to read, write or
execute. Thus no one else (group or others) should be allowed
to even view the contents of this file. Thus you can see that
the permissions for the file are rwx------
Dividing it into 3 parts you would get ' rwx ' and
' --- ' and ' --- '
The - (hyphen) indicates that the particular property is not
existing for that file or directory.
Thus in this case the 2nd and 3rd Part only consist of hyphens
thus indicating that neither the Group members nor Others would
be allowed to either read, write or execute this file. You on
the other hand have all these 3 properties set so that you are
free to do anything with the file.
Now consider the 1st line in the ' ls ' output
| drwxr-xr-x |
4 |
david |
david |
512
|
Jan
15 11:31 |
tutorials
|
Note that the first character on the line is a ' d ' which
indicates that ' tutorials ' is the name of a directory and not
a file.
Important : The permissions for directories take on a slightly
different meaning than those for files. This is explained in some
detail.
|
Description
of r,w,x for Directories
|
|
r
|
This
means that a directory has read permission, so you are allowed
to see what files are present within that directory. |
|
w
|
This
means that you could either add , delete or rename the files
that exist within that particular directory. |
|
x
|
Execute
would allow you to use the directory name when accessing
files inside that directory. For example (not really the
simplest example), In Article No.
29 I have explained how users could set a directory
for their homepage so that other users can come and see
their homepage. For this to be possible, suppose the other
user types the name of the particular file with the directory
name, unless you have the x permissions set for all the
directories present in the request , that user would not
be able to view the contents of the file he requests.
In case you are confused try experimenting with this.
If you are single home user, create another user account
and try accessing the first users files. Whenever you
get an access denied error, remember to check if you have
the x permission set for the directory within which the
file you are accessing exists.
Sometimes people call the x permission for directories
as Enter permission. Indicating whether or not you are
allowed to Enter the directory. This is correct to a certain
extent.
|
In our example the ' tutorials ' directory has r and x permissions
set for group and world. So basically all the users could view
the files that are present within that directory. Since the w
permission is missing for group and world, they cannot modify
add or delete any of the files within the tutorials directory
(unless there is a situation as described in the Note below).
You on the other hand as usual are allowed to do as you wish.
Doesn't Linux make you feel powerful !!
Now for some technical language. Though I have been calling these
r,w and x as permissions, you would generally call them as bits.
So don't look surprised when a Group members asks you to set the
read bit for a directory. It basically means, set the read permissions
for that directory.
Important : As beginners until you are completely familiar
with file permissions, remember one important rule. Never give
a directory lesser privileges and the files within that directory
more privileges. I mean in case you do not set the x bit
for a directory and set the w bit for the files within
that directory. Though you may expect that since the directory
doesn't have the x bit set, users cannot enter the directory
and so they wont be able to modify your files. Actually the meaning
of the x bit for directories is not so simple to understand.
Setting permissions as above would allow anyone to delete all
your files in that directory. So always give the equal or lesser
privileges to the files within a directory as that to the directory
itself. If you don't want the users to have write permissions
to your files, remember not to set the w permissions for
the files rather than trying to restrict write access using the
directory permissions.
Goto Page 2 of this article
|
|
