Difference between revisions of "File and directory permissions and ownership"
(Created page with "90% of problems with scripts and file handling are due to incorrect file permission and ownership settings. Every system user should familiarise themselves with this important...") |
|||
Line 3: | Line 3: | ||
Before a new script can be run, its execute permission must be set by the user. This is by default unset. | Before a new script can be run, its execute permission must be set by the user. This is by default unset. | ||
− | Permission Groups - | + | |
+ | '''Permission Groups -:''' | ||
+ | |||
Each file and directory has three user based permission groups: | Each file and directory has three user based permission groups: | ||
Line 10: | Line 12: | ||
all users - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most. | all users - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most. | ||
− | Permission Types - | + | |
+ | '''Permission Types -: ''' | ||
+ | |||
Each file or directory has three basic permission types: | Each file or directory has three basic permission types: | ||
Line 17: | Line 21: | ||
execute - The Execute permission affects a user's capability to execute a file or view the contents of a directory. | execute - The Execute permission affects a user's capability to execute a file or view the contents of a directory. | ||
− | Viewing the Permissions | + | |
+ | '''Viewing the Permissions -:''' | ||
+ | |||
You can view the permissions by checking the file or directory permissions in your favorite GUI File Manager (which I will not cover here) or by reviewing the output of the \"ls -l\" command while in the terminal and while working in the directory which contains the file or folder. | You can view the permissions by checking the file or directory permissions in your favorite GUI File Manager (which I will not cover here) or by reviewing the output of the \"ls -l\" command while in the terminal and while working in the directory which contains the file or folder. | ||
The permission in the command line is displayed as: _rwxrwxrwx 1 owner:group | The permission in the command line is displayed as: _rwxrwxrwx 1 owner:group | ||
− | User rights/Permissions | + | |
+ | '''User rights/Permissions -:''' | ||
The first character that I marked with an underscore is the special permission flag that can vary. | The first character that I marked with an underscore is the special permission flag that can vary. | ||
Line 31: | Line 38: | ||
The last piece is the Owner and Group assignment formatted as Owner:Group. | The last piece is the Owner and Group assignment formatted as Owner:Group. | ||
− | Modifying the Permissions | + | |
+ | '''Modifying the Permissions-:''' | ||
+ | |||
When in the command line, the permissions are edited by using the command chmod. You can assign the permissions explicitly or by using a binary reference as described below. | When in the command line, the permissions are edited by using the command chmod. You can assign the permissions explicitly or by using a binary reference as described below. | ||
− | Explicitly Defining Permissions | + | |
+ | '''Explicitly Defining Permissions -:''' | ||
+ | |||
To explicity define permissions you will need to reference the Permission Group and Permission Types. | To explicity define permissions you will need to reference the Permission Group and Permission Types. | ||
Line 70: | Line 81: | ||
So to set a file to permissions on file1 to read _rwxr_____, you would enter chmod 740 file1. | So to set a file to permissions on file1 to read _rwxr_____, you would enter chmod 740 file1. | ||
− | Owners and Groups | + | |
+ | '''Owners and Groups -:''' | ||
+ | |||
File and directory ownership is usually set by the system defaults, or by the systems administrator, and will be of the form <username>:<primary group>, where the group will typically be "users". | File and directory ownership is usually set by the system defaults, or by the systems administrator, and will be of the form <username>:<primary group>, where the group will typically be "users". | ||
Revision as of 06:55, 15 December 2018
90% of problems with scripts and file handling are due to incorrect file permission and ownership settings. Every system user should familiarise themselves with this important aspect of Linux.
Before a new script can be run, its execute permission must be set by the user. This is by default unset.
Permission Groups -:
Each file and directory has three user based permission groups:
owner - The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users. group - The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users. all users - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.
Permission Types -:
Each file or directory has three basic permission types:
read - The Read permission refers to a user's capability to read the contents of the file. write - The Write permissions refer to a user's capability to write or modify a file or directory. execute - The Execute permission affects a user's capability to execute a file or view the contents of a directory.
Viewing the Permissions -:
You can view the permissions by checking the file or directory permissions in your favorite GUI File Manager (which I will not cover here) or by reviewing the output of the \"ls -l\" command while in the terminal and while working in the directory which contains the file or folder.
The permission in the command line is displayed as: _rwxrwxrwx 1 owner:group
User rights/Permissions -:
The first character that I marked with an underscore is the special permission flag that can vary. The following set of three characters (rwx) is for the owner permissions. The second set of three characters (rwx) is for the Group permissions. The third set of three characters (rwx) is for the All Users permissions. Following that grouping since the integer/number displays the number of hardlinks to the file. The last piece is the Owner and Group assignment formatted as Owner:Group.
Modifying the Permissions-:
When in the command line, the permissions are edited by using the command chmod. You can assign the permissions explicitly or by using a binary reference as described below.
Explicitly Defining Permissions -:
To explicity define permissions you will need to reference the Permission Group and Permission Types.
The Permission Groups used are: u - Owner g - Group o - Others a - All users The potential Assignment Operators are + (plus) and - (minus); these are used to tell the system whether to add or remove the specific permissions.
The Permission Types that are used are: r - Read w - Write x - Execute
So for an example, lets say I have a file named file1 that currently has the permissions set to _rw_rw_rw, which means that the owner, group and all users have read and write permission. Now we want to remove the read and write permissions from the all users group.
To make this modification you would invoke the command: chmod a-rw file1 To add the permissions above you would invoke the command: chmod a+rw file1
As you can see, if you want to grant those permissions you would change the minus character to a plus to add those permissions.
Using Binary References to Set permissions Now that you understand the permissions groups and types this one should feel natural. To set the permission using binary references you must first understand that the input is done by entering three octal integers/numbers.
A sample permission string would be chmod 640 file1, which means that the owner has read and write permissions, the group has read permissions, and all other user have no rights to the file.
The first number represents the Owner permission; the second represents the Group permissions; and the last number represents the permissions for all other users. The numbers are a binary representation of the rwx string.
r = 4 w = 2 x = 1 You add the numbers to get the integer/number representing the permissions you wish to set. You will need to include the binary permissions for each of the three permission groups.
So to set a file to permissions on file1 to read _rwxr_____, you would enter chmod 740 file1.
Owners and Groups -:
File and directory ownership is usually set by the system defaults, or by the systems administrator, and will be of the form <username>:<primary group>, where the group will typically be "users".
I have made several references to Owners and Groups above, but have not yet told you how to assign or change the Owner and Group assigned to a file or directory. There's usually no need to change these, just take note that they are properly set.
You use the chown command to change owner and group assignments, the syntax is simple chown owner:group filename, so to change the owner of file1 to user1 and the group to family you would enter chown user1:family file1.