Changes

Jump to: navigation, search

OPS102 - Permissions

2,752 bytes added, 05:03, 25 September 2023
Created page with "In multi-user operating systems it is important to be able to control access to information. This is usually done at the file and directory levels. == Linux File Permissions..."
In multi-user operating systems it is important to be able to control access to information. This is usually done at the file and directory levels.

== Linux File Permissions ==

Unix-like operating systems, such as Linux, provide a simple model for maintaining file and directory permissions. There is a more advanced model available, called File Access Control Lists (File ACLs or FACLs), but it is more complicated to manage, and experience has shown that the simpler model is more likely to be used.

=== Permission Communities ===

There are three '''communities''' of users for each file:

* ''Owner'' -- the one user that owns the file
* ''Group'' -- the group of users that is the group-owner of the file
* ''Other'' -- every other user of the computer system

=== Permissions ===

Each community has three '''permissions''' for each file which may be individually turned ''on'' or ''off'':

* '''Read''' -- the ability to read a file.
* '''Write''' -- the ability to write to the file, including permission to add to, change, or truncate (shorten) the file.
* '''Execute''' -- the ability to run (execute) a file.

When applied to directories, these permissions are interpreted differently:

* '''Read''' -- the ability to ''see'' the names of the files and subdirectories within the directory. This is also called "search" permission.
* '''Write''' -- the ability to create/delete files and subdirectories within the directory.
* '''Execute''' -- the ability to access files with the directory. If turned off, the files cannot be accessed, and metadata about each file (such as the owner, group owner, file length, permissions, and timestamps) cannot be accessed either.

If execute permission is enabled for a directory but read permission has not been enabled, the affected community cannot view a directory listing to determine filenames, but if they know the name of a file within that directory, they may still access it.

=== Viewing Permissions ===

Permissions may be viewed with the <code>ls -l</code> command (the <code>ls</code> command with the <code>-l</code> ("long detailed listing") option. For example:

$ ls -l /etc/hosts
-rw-r--r--. 1 root root 386 Nov 27 2022 /etc/hosts

Notice that the file's owner is "root", and the file's group owner is also "root".

The first character on this line is the file type ("-" meaning a regular file), and the next nine characters represent the three communities, each having three permissions. The permissions are written as a letter -- "r", "w", or "x" -- if the permission is enabled, or a dash "-" if the permission is disabled. Therefore, in the example above:

rw- the owner has read and write permission
r-- the group has read permission
r-- others have read permission

Navigation menu