Levi Reiss asked: st way for you to learn Linux permissions is to study an example. The ls -l command generates a list of contents, such as files along with their permissions. Let’s take a look at the default values for a file called Filename. We are adding spaces to make the output more legible.
- rw- r– r– other information about the file Filename
The initial – signifies that this is a file (not a directory). The next three characters refer to the file permissions for the file owner, in many cases the person who created the file. The values rw- signify that the owner has read and write (modify) permission but not execute permission. Had these values been r-x the owner would be allowed to read and execute the file (program) but could not modify it. The second set of values r– signify that the members of the group associated with this file have read but not write or execute permission. The third set of values once again r– signify that other users have read but not write or execute permission.
Permissions are often handled numerically. The r has a value of 4, the w has a value of 2, and the x has a value of 1. In all cases the lack of permission has the value 0. So rw- has the value 6 and r– has the value 4. In the above example the permissions may be expressed as 644. The full set of permissions for everyone is expressed as 777 (not usually a good idea).
Note that the root user’s permissions aren’t listed. This shouldn’t be surprising because root has essentially complete permissions. But even root doesn’t have execute permissions for a file it creates. This permission must be added in a separate step. Why? This two-step procedure has important security implications. Let’s say that an individual, perhaps root, has received an email that contains a virus-infested executable program. The program cannot be executed without the explicit permission of root or the recipient. If the user doesn’t know what to do the virus won’t be launched.
Linux defines permissions for directories that are similar to but not exactly the same as the file permissions. A read permission on a directory means that its contents may be listed. For directories write permission means that the user can modify its contents by adding, deleting, or renaming files. An execute permission on a directory means that it may be accessed, in other words made the current working directory.
Permissions may be changed via the chmod command. For example chmod 770 Junque which gives read, write, and execute permissions to the file owner and members of the ownership group but no permissions to anyone else. Many people prefer not to use these numbers. The symbolic mode uses letters and the plus and minus signs to change permissions.
The following command removes the write permission from the user (owner) of the Perm file chmod u-w Perm. To add the execute permission for others, those people who do not belong to the group that owns the file, apply the command chmod o+x Perm. This command only makes sense if the Perm file is executable. Furthermore, often the file owner and his or her group are granted more permissions that the others. Linux doesn’t check to see that your command really makes sense. Do you think that Windows is more intelligent in this respect?
The chown command is used to change the ownership of a file or a directory. The chgrp command is used to change the group ownership of files and directories. These commands might be used when a project passes from the development to the testing stage. Needless to say only the system administrator can execute these commands.
Of course there are additional aspects of Linux permissions and groups but we have covered the basics. The next article in this series discusses inodes, a topic that is sorely missing from the Windows bag of tricks.