File attributes and permissions
From Linux 101, The beginner's guide to all things Linux.
Contents |
[edit] Permissions
Each file or directory on your system has two owners:
- A user owner
- A group owner
And several permissions:
- Read Permissions
- Write Permissions
- Execute Permissions
Permissions are granted on three levels:
- To the owner user
- To the owner group
- To the world (every user on the system)
That is to say, you could grant the owner user read, write, and execute permissions; the owner group read and write permissions; and the world read permissions to a file.
In your home directory run the command ls -l and follow along.
As an example, for each file or directory you see a line like this:
-rw-r--r-- 1 travis travis 53432 Jul 5 16:47 test2.html drwxr-xr-x 2 travis travis 472 Jul 2 17:05 trav -rw-r--r-- 1 travis travis 6890202 Nov 20 2003 winex3_3.2-1.i386.tgz
Notice the first grouping of information. It is telling you file permissions. The first character tells you the file type, which will discuss later in this article. The next 9 are the permissions.
The first 3 are for the user, the next 3 for the group, and the last three for the world. This is fairly standard to always see it as user-group-world. It is also always listed in order as read-write-execute (rwx).
[edit] Octal Permissions
Although it's less common to see permissions in the form of octal any more, it's still a good thing to know. Octal is base 8, so it has values from 0 to 7.
- Read is 4
- Write is 2
- Execute is 1
You will see octal permissions as 3 digits, the first represents the user, the second the group, and the last the world. For example, if a file has permissions of 760 then the user can read, write, or execute (4+2+1 = 7) and the group can read or write (4+2 = 6) and the world has no permissions (0).
[edit] Setting Permissions
Changing permissions is done with the chmod command. The easiest form is to use chmod <permission-octal> <file>
For example, chmod 640 test2.html will modify the test2.html permissions.
There is another nice way to change permissions, but it is best explained in the chmod man page. (See Man pages for help)
[edit] Access Control Lists
You may be familiar with ACL's from using Windows NT and above. Linux distributions, usually by default, do not use ACL's like Windows does. However, they are available. To use them, your kernel must be compiled with ACL's enabled for your filesystem. They are available for the most common filesystems out there. To enable them at boot by default, add acl as one of the filesystem options in /etc/fstab.
- Warning
- if the kernel is not compiled with ACL support, the partition will fail to mount until you remove the
acloption or remount the partition. If you added it to your/etc/fstaband are now unable to boot your system, enter your system's single user mode and remove the option or compile your kernel with ACL's.
You will also need the package installed which provides the ACL utilities. If you have the program getfacl then you are ready to go!
The program used to list ACL's is getfacl. The program used to modify them is setfacl.
A simple example would be to give a user, janet, access to change a file. Use the -m option, for modify:
-
setfacl -m u:janet:rw <file>
Perhaps you always want Janet to be able to read and write files that are added to the directory. Therefore, you want to create a set of "default ACL's" that will be copied to files when they are created. You add the -d option, default, for this. So the above would become:
-
setfacl -dm u:janet:rwx <folder>
We add the exectuable bit (x) so that she can enter any newly created directories, too.
Finally, let's say user janet no longer needs access to these files. Simply use the -x option instead of -m:
-
setfacl -x u:janet <folder>
You can also use ACL's to assign multiple groups different permissions. They take on the same syntax as modifying users.
ACL's are a very in-depth topic and only the very basics have been covered here. For more details, refer to the man pages as well as SuSE's ACL Guide (PDF).
