File Permissions#
Command |
Action |
---|---|
|
Print the user’s UID and group memberships |
|
Change the access permissions of a file |
|
Chnage the default permissions of new files |
|
Run a shell as |
|
Run a command as |
|
Change the owner of a file |
|
Change the group of a file |
|
Change your password |
|
Add and remove users from the system |
|
Modify user attributes |
The Power of root
#
The root
user of a Linux system is the administrator, also called the superuser. The root
user is allowed to perform all functions that are available to Linux, many that are unavailable to unprivileged users. On Debian/Ubuntu systems you can access the power of root
one command at a time using sudo
(pronounced soo-doo).
File and Directory Permissions#
Files and directories have permissions settings that control who can access them. The permissions in the UNIX file system are more primitive than Windows, which uses an access control list. On a UNIX system there are three subjects that are important for controlling access.
Subject |
Description |
---|---|
User |
The owner of the file or directory |
Group |
The group the file or directory belongs to |
Others |
Anyone that’s not the owner or in the group |
When you run the ls -l
command you see three sets of permissions that contain a letter or a dash (-
). The letters indicate what the subject is allowed to do. Possible accesses are:
Access |
Description |
---|---|
Read ( |
For files this allows the subject to read the file. For directories allows |
Write ( |
For files this allows the subject to change the contents of the file (but not delete it). For directories this allows you to create and remove files in the directory. |
Execute ( |
For files this allows them to be executed. For directories this allows |
Here’s an example of ls -l
:
simben90@opus3:~$ ls -l
total 76
drwxr-xr-x 2 simben90 simben90 4096 Mar 1 22:27 bin
-rw-r----- 1 simben90 simben90 0 Dec 3 22:12 butt
-rw-r--r-- 1 simben90 simben90 30 Dec 3 22:07 cis90.contribution
drwxrwxr-x 4 simben90 simben90 4096 Mar 1 21:58 class
-rw------- 1 simben90 simben90 373 Feb 12 08:07 dead.letter
drwxrwxr-x 2 simben90 simben90 4096 Mar 1 22:28 docs
Here’s how to understand the permissions on the cis90.contribution
file:
User ( |
Group ( |
Other |
---|---|---|
|
|
|
Read/Write |
Read Only |
Read Only |
File Permissions and Binary#
File permissions are expressed in binary. Counting in binary is easy once you get the hang of it. It’s just like counting in decimal but you use powers of two instead of powers of 10. Let’s start with powers of 10. Let’s consider the number 237. Each number is in a place that has a place value.
Hundred’s Place |
Ten’s Place |
One’s Place |
---|---|---|
2 |
3 |
7 |
Add the value of all of the places together and you get the number. Binary works the same way, but instead of multiplying each place by 10 you multiply each place by 2. Here’s the number 237 in binary:
128’s Place |
64’s Place |
32’s Place |
16’s Place |
8’s Place |
4’s Place |
2’s Place |
1’s Place |
---|---|---|---|---|---|---|---|
1 |
1 |
1 |
0 |
1 |
1 |
0 |
1 |
In each place where there is a 1 you add the pace value. When you add all the places in the number above you get:
\(128 + 64 + 32 + 8 + 4 + 1 = 237\)
Not clicking for you? This table will help you remember the binary numbers to permissions mapping.
Permission Decimal |
Permission Binary |
Permission Flags |
Description |
---|---|---|---|
0 |
000 |
|
No access |
1 |
001 |
|
Execute only. Not generally useful |
2 |
010 |
|
Write only. Not generally useful |
3 |
011 |
|
Write and execute. Not generally useful |
4 |
100 |
|
Read only. |
5 |
101 |
|
Read and execute. Common for directories. Allows the use of directories. Files can be changed but cannot be created or deleted. |
6 |
110 |
|
Read write. Common for files. |
7 |
111 |
|
Read, write and execute. For files allows the execution of a file as a program. For directories allows full access. |
Changing File Permissions#
There are two ways to change the file permissions. You can do it absolutely using a binary number that represents the file permission. For example:
$ chmod 640 dead.letter
$ ls -l dead.letter
-rw-r----- 1 simben90 simben90 373 Feb 12 08:07 dead.letter
You can also change permissions relatively by adding or subtracting access. For example to add the ability for the group to write the dead.letter
file you would run the command:
$ chmod g+w dead.letter
To subtract the ability for the group and everyone to read or write the dead.letter
file you would run the command:
$ chmod go-rw dead.letter
Controlling Default Permissions with umask
#
The umask
command controls the permissions of files and directories when they are created. The “mask” in umask
signifies that bits in the umask
disable or mask the corresponding permission bits. That means that the umask
shows you the opposite of the permissions that will be created. Run umask
without arguments on opus3
and you can see what the default umask
is.
$ umask
0002
This says that new files and directories will not be writable. This table will help you remember umask
values.
|
|
Default Permission Flags |
---|---|---|
0 |
000 |
|
1 |
001 |
|
2 |
010 |
|
3 |
011 |
|
4 |
100 |
|
5 |
101 |
|
6 |
110 |
|
7 |
111 |
|