File and directory permissions and ownership

From Centre for Bioinformatics and Computational Biology
Jump to: navigation, search

90% of problems with scripts and file handling are due to incorrect file permission and ownership settings. Every system user should familiarise themselves with this important aspect of Linux.

Before a new script can be run, its execute permission must be set by the user. This is by default unset for safety, and causes problems every day.

When a new file is created, it will typically have the following default permissions:

[user@wonko:~]$ ls -al

-rw-r--r-- 1 user users 3 Dec 15 11:58

This file cannot be executed or submitted to the queue.

By changing user permissions and setting the execute flag:

[user@wonko:~]$ chmod u+x

[user@wonko:~]$ ls -al

-rwxr--r-- 1 user users 3 Dec 15 11:58

this script can now be run or submiited.

Permission Groups -:

Each file and directory has three user based permission groups:

owner - The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users.

group - The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users.

all users (world, others) - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most. There's usually no reason to have this set, and for safety we recommend leaving this off.

Permission Types -:

Each file or directory has three basic permission types:

read - The Read permission refers to a user's capability to read the contents of the file.

write - The Write permissions refer to a user's capability to write or modify a file or directory.

execute - The Execute permission affects a user's capability to execute a file or view the contents of a directory.

Viewing the Permissions -:

You can view the permissions by checking the file or directory permissions by reviewing the output of the "ls -al" command while in the terminal and while working in the directory which contains the file or folder.

The permission in the command line is displayed as: _ rwxrwxrwx 1 <owner>:<group>

User rights/Permissions -:

The first character that I marked with an underscore is the special permission flag that can vary. The following set of three characters (rwx) is for the owner permissions. The second set of three characters (rwx) is for the Group permissions. The third set of three characters (rwx) is for the All Users permissions. Following that grouping since the integer/number displays the number of hardlinks to the file. The last piece is the Owner and Group assignment formatted as Owner:Group.

Modifying the Permissions-:

When in the command line, the permissions are edited by using the command chmod. You can assign the permissions explicitly or by using a binary reference as described below.

Explicitly Defining Permissions -:

To explicity define permissions you will need to reference the Permission Group and Permission Types.

The Permission Groups used are: u - Owner g - Group o - Others a - All users The potential Assignment Operators are + (plus) and - (minus); these are used to tell the system whether to add or remove the specific permissions.

The Permission Types that are used are: r - Read w - Write x - Execute

So for an example, lets say I have a file named file1 that currently has the permissions set to rw_rw_rw_, which means that the owner, group and all users have read and write permission. Now we want to remove the read and write permissions from the all users group.

To make this modification you would invoke the command: chmod a-rw file1 To add the permissions above you would invoke the command: chmod a+rw file1

As you can see, if you want to grant those permissions you would change the minus character to a plus to add those permissions.

Using Binary References to Set permissions Now that you understand the permissions groups and types this one should feel natural. To set the permission using binary references you must first understand that the input is done by entering three octal integers/numbers.

A sample permission string would be chmod 640 file1, which means that the owner has read and write permissions, the group has read permissions, and all other user have no rights to the file.

The first number represents the Owner permission; the second represents the Group permissions; and the last number represents the permissions for all other users. The numbers are a binary representation of the rwx string.

r = 4 w = 2 x = 1 You add the numbers to get the integer/number representing the permissions you wish to set. You will need to include the binary permissions for each of the three permission groups.

So to set a file to permissions on file1 to read rwxr_ _ _ _ _, you would enter chmod 740 file1.

Owners and Groups -:

File and directory ownership is usually set by the system defaults, or by the systems administrator, and will be of the form <username>:<primary group>, where the group will typically be "users".

I have made several references to Owners and Groups above, but have not yet told you how to assign or change the Owner and Group assigned to a file or directory. There's usually no need to change these, just take note that they are properly set.

You use the chown command to change owner and group assignments, the syntax is simple chown owner:group filename, so to change the owner of file1 to user1 and the group to family you would enter chown user1:family file1.

One more thing - you should be very careful when copy/pasting code from web pages. They usually do not translate all characters accurately or correctly from web to terminal and can lead to unexpected behaviour and bugs.

The above just touches the tip of the iceberg on this topic, and you really should consult one of the many websites dealing with the subject in detail.