Category: Linux • Tutorial Type: text • Added: 1267973460 •
Axxess Clients will only be able to change their file permissions through the their control panels or via FTP.
A Brief Overview on File Permissions 0400 read by user 0200 write by user 0100 execute by user 0040 read by group 0020 write by group 0010 execute by group 0004 read by world 0002 write by world 0001 execute by world
In GNU/Linux every user has his own user account, and is a member of one or more user groups. Similarly, each file belongs to a user and to a user group. For restricting file access, GNU/Linux (and Unix in general) defines three different types of rights:
- Read (symbolized by the letter r), which means that the file can be read; - Write (symbolized by the letter w), which means that the content of the file can be changed; - Execute (symbolized by the letter x), which means that the file can be executed.
For each file, each of these rights (Read, Write and Execute) are defined for three sets of users :
- The user (symbolized by the letter u), who is the owner of the file. - The group (symbolized by the letter g), who represents all the users who are members of the group which the file belongs to (as a file belongs both to a user, and a user group). - The others (symbolized by the letter o), who basically represent all the users that are neither members of the group nor the owner of the file.
For instance, if a file belongs to George (as the owner) and Administrators (as the group), it can define different Read, Write and Execute permissions for George, for members of the "Administrators" group, and for all other users.
All information related to file permissions is contained within the file and can be viewed by the "ls -l" command:
ls -l myfile-rwxr-x--- 1 george administrators 10 2006-03-09 21:31 myfile
As you can see in this example, the "ls -l" command gives a lot of information about the file "myfile":
- Its name, "myfile"; - Its permissions, "-rwxr-x---"; - Its owner, "george"; - Its group, "administrators"; - And other information which is not relevant to this article.
The way permissions are shown can seem a bit confusing if you're new to GNU/Linux or Unix, but don't be mistaken, it is very simple. The first character simply indicates the type of file as indicated in the table below:
In this case myfile is a regular file. Let's have a look at the other nine characters: "rwxr-x---".
The first three characters indicate whether or not the read, write and execute permissions are given to the owner (in this case, George). If they are, their character representation appear (r, w or x), otherwise they are replaced by the character "-". In the same manner, the next three characters indicate whether or not these permissions are given to the group (in this case, Administrators). Finally, the last three characters indicate whether the same rights are given to the others (in this case, people who are not members of the Administrators group).
So, in our example myfile features the following set of permissions : "
rwxr-x---
". This means that George has all three rights on it, that members of the Administrators group can only read (R) and execute (X) the file, and that everybody else can't do anything with the file.
You could imagine that this file, written and maintained by George could be an executable script dedicated to the administrators and not made available to other users.. but hey.. this is only an example, so let's not assume too much :) The important thing is that you now understand the concept of file permissions and that you know how to read them using the "ls -l" command. The next step is to learn how to change them.
You can change the permissions of your files (or other people's files if you're the root superuser) by using the command "chmod". The syntax is very simple. For instance if George decides to give write permissions to the administrators, he will type:
chmod g+w myfile
g represents the group of the file (administrators). w represents the write permission. + represents the fact that the permission is added.
If George then lists the permissions using ls -l he obtains:
ls -l myfile-rwxrwx--- 1 george administrators 10 2006-03-09 21:31 myfile
As you can see, the administrators now have write access to the file, and permission to change its content.
The "chmod" command takes 4 parameters:
- The type of users to apply the change of permissions for (u for user, g for group, o for others, a combination of them or a for all three of them). - The type of change to make (+ to add permissions, - to remove permissions, = to define permissions) - The type of permissions to apply the change with (r for read, w for write, x for execute) - The file or group of files to apply the change on (filename for a precise file, but wildcard characters for multiple files)
Let's have a look at a few examples:
- chmod o+r myfile adds read permission to the others on myfile; - chmod ug+rx myfile adds read and execute permissions to both the owner (user) and the group on myfile; - chmod a-rwx myfile removes all permissions to everybody (all) on myfile; - chmod a=rx *.txt defines permissions to be read and write to everybody on all files suffixed by .txt.
The chmod command also accepts another syntax which is quite popular among system administrators: the octal system. Rather than using letters such as u, g, o, a, r, w and x.. you can use octal numbers. The main advantage is that once you're used to it, it is faster to use. Also, because it sets permissions rather than adding or removing them, you don't accidentally overlook anything. Here is how the octal numbers work:
Each permission is given a value:
Values add up when you combine permissions. Consequently the total value can go from 0 (no permission at all) to 7 (full permissions):
Finally a value is given for each of the three types of users (User, Group and Other) and these three numbers ranging from 0 to 7 are put together to form the octal number. This is the number you can use with "chmod".
For instance:
chmod 750 myfile
750 means 7 (rwx) for the owner, 5 (r-x) for the group and 0 (---) for others. As a result, the permissions of myfile will be "rwxr-x---". As seen above this command is equivalent to:
chmod u=rwx,g=rx myfile; chmod o-rwx myfile;
Here are some common uses of the octal numbers:
- chmod 755 myfile : rwxr-xr-x, all rights to the owner, other people only read and execute; - chmod 644 myfile : rw-r--r--, owner car read and write, other people only read; - chmod 777 myfile : can be considered bad practice in some cases, full permissions to everybody.
When a file is created, its permissions are set by default depending on the umask setting. This value is usually set for all users in /etc/profile and can be obtained by typing:
umask
The default umask value is usually 022. It is an octal number which indicates what rights will be removed by default to all new files. For instance, 022 indicates that write permissions will not be given to group and other.
By default, and with a umask of 000, files get mode 666 and directories get mode 777. As a result, with a default umask value of 022, newly created files get a default mode 644 (666 - 022 = 644) and directories get a default mode 755 (777 - 022 = 755).
In order to change the umask value, simply use the umask command and give it an octal number. For instance, if you want all new directories to get permissions rwxr-xr--- and files to get permissions rw-r----- by default (modes 750 and 640), you'll need to use a umask value which removes all rights to other, and write permissions to the group : 027. The command to use is:
umask 027
