Tuesday, November 25, 2008

File Permissions In Linux

Writen by Sergio Roth

Linux operating system uses a permissions schema to define user rights for each file. These permissions establish:

-who can read the file. If the file is a directory, read means list the contents of the directory.

-who can write/modify the file. If the file is a directory, this permission defines if you can make any changes to the directory contents, for example create or delete files.

-who can execute the file. If the file is a directory, this permission defines if you can enter the directory and access its contents, for example run a search in the directory or execute a program in it.

Permissions are assigned to the file owner, to the file owner group, and to all users. For example, you can set a document to be readable and writable by the owner only, and just readable by everybody else.

When you issue an ls –l command, to list all contents of a directory, you will see file permissions like this next to each file:

-rwxrwxrwx

This means this file can be read, written and executed by anybody. The first dash means this file is not a directory. For directories, there will be a d letter instead of a dash.

The first set of "rwx" refers to the file owner. The second set, to the owner group. The last set, to all other users. Let's look at some examples:

-rwxr - - r - -

This file can be read, written and executed by its owner. It can only be read by other users. When a permission is not set, you see a dash in its place.

-rw-rw-r- -

This file can be read and written by its owner and the owner group. It can only be read by other users.

You can set these permissions using the chmod command. For example, this command:

chmod ugo=rwx filename

assigns read, write and execute permissions to file owner user(u), group(g) and others (o). This other example:

chmod ug=rw,o=r filename

assigns read and write permissions to user and group, and only read permission to others.

Permissions can also be expressed and set using the octal numeric system. Each permission is associated to a number:

Read = 4
Write = 2
Execute = 1

You need to come up with a number for the file owner, another number for the group and a last one for the other users. If you want to assign read, write and execute permissions to file owner, you add up the three values, thus getting a 7. If you want to assign same permissions to group and others, you come up with three sevens. You can set these permissions like this:

chmod 777 filename

If you set permissions for a file with the following command:

chmod 764 filename

then you're establishing these permissions: read, write and execute for file owner (4+2+1=7), read and write for group (4+2=6) and only read for others (4).

The following commands are equivalent:

chmod ug=rw,o=r filename

chmod 664 filename

The file permissions schema lets you implement security policies. It is not a good idea to set file permissions high (e.g.: 777) for all files. It is important to think about it and assign the right permissions to the files, so users can do their job, and we are sure each file is accessed only by the right people.

Sergio Roth is an experienced freelance web programmer. You can contact him for Linux hosting and website development services at http://www.ayreshost.com.

No comments: