So, we now know our way around the Unix filesystem now and we know how to read, move or delete files. We also know how to ask for help if we’re stuck. This post in the Unix 101 series will teach you about file permissions.
We’ve been talking about Unix being a multi-user, multiprocessing system, but we haven’t really though of security yet, have we ? I mean, if there are several users using a system at the same time, your personal data can’t be safe, right ?
The designers of Unix also faced this problem … and fortunately they were smart enough to devise a solution for this.
We learned earlier ( did we ? ), that everything in Unix is a file. Well, it is, and every file has certain attributes associated with it. These attributes define the permissions that the file has, or rather, the permissions that a particular user has to access that file. All this getting too complicated ? An example would be perfect here:
$ ls -l
drwx–x–x 13 sharninder sharninder 4096 Sep 29 02:53 ./
drwxr-xr-x 3 root root 4096 Mar 6 2008 ../
drwxr-x— 3 sharninder mail 4096 Mar 7 2008 etc/
-rwxrw-r– 10 sharninder sharninder 4096 Apr 4 01:52 test.sh
This is the listing you get when you look at a directory with the long listing option ( -l ) to ls. This listing can be broken down into 7 sections. Each line describes one line and from left to right, the various columns give the: the permissions, the number of links, the owner, the group owner, the size in bytes, the date and time of the last modification, and the file’s name.
The first character of the permission column tells us what kind of file this is. ‘d’ stands for directory, hyphen (-) for regular file. The next three triplets of three characters each tell us, in order, the permissions on the file that apply to the file’s owner, the file’s group and the public.
So, for example, the file test.sh is a regular file (-), the owner has the permissions, rwx, the group has the permission, rw, and the public has only the ‘r’ permission. ‘r’ stands for read-only, ‘w’ stands for writing (which implies reading) and ‘x’ stands for executable. For directories, ‘x’ means that the directory can be browsed through.
Before, we learn how to set permissions, we should know what the third and fourth columns stand for. The third column of the file listing is name of the owner of the file and the fourth column lists the group the file owner belongs to.
Now, we’ll learn how to set permissions ourselves.
To set or change the permissions on a file, we use the chmod command. For example:
$ chmod a+rw test.sh
The above command will set the read-write (+rw) permission for the public (a – all) on the file test.sh. Similarly:
$ chmod a-rw test.sh
will remove the read-write (-rw) permission for the public (a -all) from the test.sh file.
$ chmod u+x test.sh
This will set the executable permissions on the test.sh file for the user who owns the file (u – user).
$ chmod g-rw test.sh
Will take away the read-write permissions from the test.sh file for the user who belong to the group (g -group) of the file’s owner.
With the chmod command we can only deal with the permissions imposed on the owner/group of the file. What if we need to the owner/group itself. That is taken care of by the chown command.
$ chmod sharninder.root test.sh
The above command will set the user of the test.sh file as sharninder and the group as root. Basically, the format to use is <user>.<group>
Thats all for today. With those two commands in hand, you should be able to handle almost all Unix permissions. Read the man pages for both the commands and you should be good to go.