Open main menu

CDOT Wiki β

OPS102 - Permissions

Revision as of 05:03, 25 September 2023 by Chris Tyler (talk | contribs) (Created page with "In multi-user operating systems it is important to be able to control access to information. This is usually done at the file and directory levels. == Linux File Permissions...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

In multi-user operating systems it is important to be able to control access to information. This is usually done at the file and directory levels.

Linux File Permissions

Unix-like operating systems, such as Linux, provide a simple model for maintaining file and directory permissions. There is a more advanced model available, called File Access Control Lists (File ACLs or FACLs), but it is more complicated to manage, and experience has shown that the simpler model is more likely to be used.

Permission Communities

There are three communities of users for each file:

  • Owner -- the one user that owns the file
  • Group -- the group of users that is the group-owner of the file
  • Other -- every other user of the computer system

Permissions

Each community has three permissions for each file which may be individually turned on or off:

  • Read -- the ability to read a file.
  • Write -- the ability to write to the file, including permission to add to, change, or truncate (shorten) the file.
  • Execute -- the ability to run (execute) a file.

When applied to directories, these permissions are interpreted differently:

  • Read -- the ability to see the names of the files and subdirectories within the directory. This is also called "search" permission.
  • Write -- the ability to create/delete files and subdirectories within the directory.
  • Execute -- the ability to access files with the directory. If turned off, the files cannot be accessed, and metadata about each file (such as the owner, group owner, file length, permissions, and timestamps) cannot be accessed either.

If execute permission is enabled for a directory but read permission has not been enabled, the affected community cannot view a directory listing to determine filenames, but if they know the name of a file within that directory, they may still access it.

Viewing Permissions

Permissions may be viewed with the ls -l command (the ls command with the -l ("long detailed listing") option. For example:

$ ls -l /etc/hosts
-rw-r--r--. 1 root root 386 Nov 27  2022 /etc/hosts

Notice that the file's owner is "root", and the file's group owner is also "root".

The first character on this line is the file type ("-" meaning a regular file), and the next nine characters represent the three communities, each having three permissions. The permissions are written as a letter -- "r", "w", or "x" -- if the permission is enabled, or a dash "-" if the permission is disabled. Therefore, in the example above:

rw-   the owner has read and write permission
r--   the group has read permission
r--   others have read permission