Difference between revisions of "Linux Permissions"

From CDOT Wiki
Jump to: navigation, search
(Symbolic Representation =)
m (Symbolic Representation)
Line 57: Line 57:
 
* user permission: rwx (read, write, and execute permission are enabled/granted to the user '''jane''')
 
* user permission: rwx (read, write, and execute permission are enabled/granted to the user '''jane''')
 
* group permission: rw- (read and write permission are granted to users in the '''toronto''' group, but execute permission is denied)
 
* group permission: rw- (read and write permission are granted to users in the '''toronto''' group, but execute permission is denied)
* other permission: 4-- (read permission is granted for all other users, write and execute permission is denied)
+
* other permission: r-- (read permission is granted for all other users, write and execute permission is denied)
  
 
== Octal Representation ==
 
== Octal Representation ==

Revision as of 11:01, 15 September 2008

Linux and Unix systems use a permission mechanism that is simple and robust.

Ownership

Each file has an owner and group-owner. The original file owner is the creator of the file; the superuser (root) can reassign the ownership of the file. The default group of the creator of the file is the original group-owner; the current owner of the file can change the group-owner to be any of the groups to which she belongs, or the superuser can change the group to any group on the sytem.

Here's an example: imagine that the user Jane belongs to the groups toronto (default group), seneca, and baseball. She creates the file "automate"; viewing the file with ls -l shows this display:

-rwxrw-r-- 1 jane toronto 2019 2008-09-15 11:25 automate

Note that jane is the owner, and toronto is the group-owner.

Jane cannot change the user, but the superuser can change it to any user of the system using the chown command.

Jane can change the group-owner to seneca or baseball, or the superuser can change it to any group on the system, using the chgrp command.

Communities

There are three communities of users in the system:

  • user - the owner of the file
  • group - users in the group that is the group-owner of the file
  • other - everyone else

The order and initials of these communities is important: u-g-o

Permissions

Each of the three communities has three permissions:

  • read - the ability to read (view, play, copy) the file
  • write - the ability to write (change, truncate, append) the file
  • execute - the ability to execute (run) the file

These permissions are interpreted slightly differently on a directory:

  • read - the ability to search for files within the directory (e.g., "ls" or use |ambiguous filenames.
  • write - the ability to add files to the directory, remove files from the directory, or change the names of files in the directory.
  • execute - the ability to open files and directories within the directory.

Note that a user with read but not execute permission on a directory may see the files in a directory but not use them; a user with execute but not read permission may use files in the directory but must know the exact filename (because they can't list the directory contents).

Permission Mode

A full permission mode consists of the three permissions for each of the three communities. In addition, there may be some Extended Permissions (see below).

Symbolic Representation

A permission may be represented as a string of nine r, w, x, and - characters. The first three characters represent the permissions for the user, the second set of three represent the permissions for the group, and the last three represent the permissions for others. Each group consists of the letters r, w, and x in order for permissions that are turned on, or - for permissions that are not turned on.j

The output of ls -l starts with character representing the file type (- for regular files, d for directories, and other characters for special files) followed by the 9-character symbolic representation of the permission mode:

-rwxrw-r-- 1 jane toronto 2019 2008-09-15 11:25 automate

In this case, the mode is rwxrw-r--, which breaks down as:

  • user permission: rwx (read, write, and execute permission are enabled/granted to the user jane)
  • group permission: rw- (read and write permission are granted to users in the toronto group, but execute permission is denied)
  • other permission: r-- (read permission is granted for all other users, write and execute permission is denied)

Octal Representation

It is also possible to represent a permission as a group of octal digits. Each digit represents the permission for one community, in u-g-o order. The value of the digit is the sum of the enabled permissions using these values:

  • read: 4
  • write: 2
  • execute: 1

Therefore, the symbolic mode "rwxrw-r--" can be encoded in represented in octal as 764, since:

  • user permission = rwx = 4+2+1 = 7
  • group permission = rw- = 4+2 = 6
  • other permission = r-- = 4

Viewing the Permission Mode

You can view the permission on a file using the -1 argument to the ls command. You can also view file permissions using most graphical file managers, such as Nautilus (GNOME) or Konqueror (KDE), although you will need to change from the default view settings.