Getting file permissions linux

Ubuntu Documentation

Understanding and Using File Permissions

In Linux and Unix, everything is a file. Directories are files, files are files and devices are files. Devices are usually referred to as a node; however, they are still files. All of the files on a system have permissions that allow or prevent others from viewing, modifying or executing. If the file is of type Directory then it restricts different actions than files and device nodes. The super user «root» has the ability to access any file on the system. Each file has access restrictions with permissions, user restrictions with owner/group association. Permissions are referred to as bits.

To change or edit files that are owned by root, sudo must be used — please see RootSudo for details.

If the owner read & execute bit are on, then the permissions are:

There are three types of access restrictions:

Permission

Action

chmod option

There are also three types of user restrictions:

User

ls output

Note: The restriction type scope is not inheritable: the file owner will be unaffected by restrictions set for his group or everybody else.

Folder/Directory Permissions

Directories have directory permissions. The directory permissions restrict different actions than with files or device nodes.

Permission

Action

chmod option

(view contents, i.e. ls command)

(create or remove files from dir)

(cd into directory)

read restricts or allows viewing the directories contents, i.e. ls command

write restricts or allows creating new files or deleting files in the directory. (Caution: write access for a directory allows deleting of files in the directory even if the user does not have write permissions for the file!)

execute restricts or allows changing into the directory, i.e. cd command

» height=»16″ src=»/moin_static198/light/img/icon_cool.png» title=»Info » width=»16″/> Folders (directories) must have ‘execute’ permissions set (x or 1), or folders (directories) will NOT FUNCTION as folders (directories) and WILL DISAPPEAR from view in the file browser (Nautilus).

Permissions in Action

Using the example above we have the file «/etc/hosts» which is owned by the user root and belongs to the root group.

What are the permissions from the above /etc/hosts ls output?

Changing Permissions

The command to use when modifying permissions is chmod. There are two ways to modify permissions, with numbers or with letters. Using letters is easier to understand for most people. When modifying permissions be careful not to create security problems. Some files are configured to have very restrictive permissions to prevent unauthorized access. For example, the /etc/shadow file (file that stores all local user passwords) does not have permissions for regular users to read or otherwise access.

Источник

Getting to Know Linux File Permissions

One of the most basic tasks in Linux is setting file permissions. Understanding how this is done should be considered a must-know, first step in your travels through the Linux ecosystem. As you might expect, such a fundamental issue within the operating environment hasn’t changed much over the years. In fact, the Linux file permission system is taken directly from the UNIX file permission (and even uses many of the same tools). Figure 1: The format of the permissions file created by acl.

But, don’t think for a second that understanding file permissions is something you’ll wind up having to spend days and days studying…it’s actually quite simple. Let’s walk through what you need to know and how to put it all together.

The Bits and Pieces

The first thing you need to understand is what file permissions apply to. Effectively what you do is apply a permission to a group. When you break it down, the concept really is that simple. But what are the permissions and what are the groups?

There are three types of permissions you can apply:

read — gives the group permission to read the file (indicated with r)

write — gives the group permission to edit the file (indicated with w)

execute — gives the group permission to execute (run) the file (indicated with x)

To better explain how this is applied to a group, you could, for example, give a group permission to read and write to a file, but not execute the file. Or, you could give a group permission to read and execute a file, but not write to a file. You can even give a group full permission to read, write, and execute a file or strip a group of any access to a file by removing all permissions.

Now, what are the groups? There are four:

user — the actual owner of the file

group — users in the file’s group

others — other users not in the file’s group

For the most part, you will only really ever bother with the first three groups. The all group is really only used as a shortcut (I’ll explain later).

So far so simple, right? Let’s layer on a bit of complexity.

If you open up a terminal window and issue the command ls -l, you will see a line-by-line listing of all files and folders within the current working directory (Figure 1 above).

If you look in the far left column, you’ll notice listings like -rw-rw-r–.

That listing should actually be looked at like so:

As you can see, the listing is broken into three sections:

The order is quite important…for both permissions and for groups. The order is always:

User Group Others — for groups

Read Write Execute — for permissions

In our permissions listing example above, the User has read/write permission, the Group has read/write permission, and Others has only read permission. Had any of those groups been given executable permissions, it would have been represented with an x.

Numerical Equivalent

Let’s make this even more complex. Each permission can also be represented by a number. The numbers are:

The numerical substitution isn’t an apples to apples change. You can’t drop in:

Instead, what you do is add up the numbers you want for each group. Let’s stick with our example above (-rw-rw-r—). To give the User group read and write permission, you would add up 4+2 to get 6. For the Group, you need the same permissions, so they get the same number. You only want Others to have read permissions, so they get 4. The numerical equivalent is now:

So, if you want to give a file 664 permissions, you’d issue the chmod command like this:

where FILENAME is the name of the file.

Changing Permissions

Now that you understand the actual permissions of files, it’s time to learn how to change those permissions. This is done with the chmod command. One of the first things you must understand is that, to be able to change the permissions of a file, either you must be the owner of the file or you must have permission to edit the file (or have admin access by way of su or sudo). Because of that, you cannot just jump around in the directory structure and change permissions of files at will.

Let’s stick with our example (-rw-rw-r–). Suppose this file (we’ll name it script.sh) is actually a shell script and needs to be executed…but you only want to give yourself permission to execute that script. At this point, you should be thinking, “Ah, then I need the permission listing to read -rwx-rw-r–!”. To get that x bit in there, you’d run the chmod command like so:

At this point, the listing will be -rwx-rw-r–.

If you wanted to give both User and Group executable permission, the command would look like:

See how this works? Let’s make it interesting. Say, for whatever reason, you accidentally give all groups executable permissions for that file (so the listing looks like -rwx-rwx-r-x). If you want to strip Others of executable permissions, issue the command:

What if you want to completely remove executable permission from the file? You can do that two ways:

That’s where all comes into play. This is used to make the process a bit more efficient. I prefer to avoid using a as it could lead to issues (such as, when you accidentally issue the command chmod a-rwx script.sh).

Directory Permissions

You can also execute the chmod command on a directory. When you create a new directory as a user, it is typically created with the following permissions:

NOTE: The leading d indicates it is a directory.

As you can see, both User and Group have executable permission for the folder. This does not mean that any files created in the folder will have the same permissions (files will be created with the default system permissions of -rw-rw-r–). But, suppose you do create files in this new directory, and you want to strip Group of write permissions. You don’t have to change into the directory and then issue the chmod command on all the files. You can add the R option (which means recursive) to the chmod command and change the permission on both the folder and all the containing files.

Now, suppose our example is a folder named TEST and within it is a number of scripts — all of which (including the TEST folder) have permissions -rwxrwxr-x. If you want to strip Group of write permissions, you could issue the command:

If you now issue the command ls -l, you will see the TEST folder now has a permission listing of drwxr-xr-x. Group has been stripped of its write permissions (as will all the files within).

Permission to Conclude

At this point, you should now have a solid understand of the basic Linux file permissions. There are more advanced issues that you can now easily study, such as setuid and setgid and ACLs. Without a good foundation of the basics, however, you’d quickly get lost with those next-level topics.

Linux file permissions haven’t changed much, since the early days. And, they most likely won’t change much going into the future.

Источник

Linux File Permission Tutorial: How to Check and Change Permissions

Home » SysAdmin » Linux File Permission Tutorial: How to Check and Change Permissions

Linux, like other Unix-like operating systems, allows multiple users to work on the same server simultaneously without disrupting each other.

Individuals sharing access to files pose a risk exposing classified information or even data loss if other users access their files or directories. To address this, Unix added the file permission feature to specify how much power each user has over a given file or directory.

In this tutorial, you will learn how to view and change file permissions in Linux.

How to View Check Permissions in Linux

To start with file permissions, you have to find the current Linux permission settings. There are two options to choose from, depending on your personal preference: checking through the graphical interface or using the command.

Check Permissions using GUI

Finding the file (directory) permission via the graphical user interface is simple.

1. Locate the file you want to examine, right-click on the icon, and select Properties.

2. This opens a new window initially showing Basic information about the file.
Navigate to the second tab in the window, labeled Permissions.

3. There, you’ll see that the permission for each file differs according to three categories:

• Owner (the user who created the file/directory)
• Group (to which the owner belongs to)
• Others (all other users)

For each file, the owner can grant or restrict access to users according to the categories they fall in.

In our example, the owner of the file test.txt has access to “Read and write”, while other members of its group, as well as all other users, have “Read-only” access. Therefore, they can only open the file, but cannot make any modifications.

To alter the file configuration, the user can open the drop-down menu for each category and select the desired permission.

Additionally, you can make the file executable, allowing it to run as a program, by checking the Execute box.

Check Permissions in Command-Line with Ls Command

If you prefer using the command line, you can easily find a file’s permission settings with the ls command, used to list information about files/directories. You can also add the –l option to the command to see the information in the long list format.
To check the permission configuration of a file, use the command:

For instance, the command for the previously mentioned file would be:

As seen in the image above, the output provides the following information:

• file permission
• the owner (creator) of the file
• the group to which that owner belongs to
• the date of creation.

It shows the permission settings, grouped in a string of characters (-, r, w, x) classified into four sections:

1. File type. There are three possibilities for the type. It can either be a regular file (–), a directory (d) or a link (i).
2. File permission of the user (owner)
3. File permission of the owner’s group
4. File permission of other users

The characters r, w, and x stand for read, write, and execute.
The categories can have all three privileges, just specific ones, or none at all (represented by –, for denied).

Users that have reading permission can see the content of a file (or files in a directory). However, they cannot modify it (nor add/remove files in a directory). On the other hand, those who have writing privileges can edit (add and remove) files. Finally, being able to execute means the user can run the file. This option is mainly used for running scripts.

In the previous example, the output showed that test.txt is a regular file with read and write permission assigned to the owner, but gives read-only access to the group and others.

Using Chmod Command to Change File Permissions

As all Linux users, you will at some point need to modify the permission settings of a file/directory. The command that executes such tasks is the chmod command.

The basic syntax is:

There are two ways to define permission:

1. using symbols (alphanumerical characters)
2. using the octal notation method

Define File Permission with Symbolic Mode

To specify permission settings using alphanumerical characters, you’ll need to define accessibility for the user/owner (u), group (g), and others (o).

Type the initial letter for each class, followed by the equal sign (=) and the first letter of the read (r), write (w) and/or execute (x) privileges.

To set a file, so it is public for reading, writing, and executing, the command is:

To set permission as in the previously mentioned test.txt to be:
• read and write for the user
• read for the members of the group
• read for other users

Use the following command:

Note: There is no space between the categories; we only use commas to separate them.

Another way to specify permission is by using the octal/numeric format. This option is faster, as it requires less typing, although it is not as straightforward as the previous method.

Instead of letters, the octal format represents privileges with numbers:

• r(ead) has the value of 4
• w(rite) has the value of 2
• (e)x(ecute) has the value of 1
• no permission has the value of 0

The privileges are summed up and depicted by one number. Therefore, the possibilities are:

• 7 – for read, write, and execute permission
• 6 – for read and write privileges
• 5 – for read and execute privileges
• 4 – for read privileges

As you have to define permission for each category (user, group, owner), the command will include three (3) numbers (each representing the summation of privileges).

For instance, let’s look at the test.txt file that we symbolically configured with the chmod u=rw,g=r,o=r test.txt command.

The same permission settings can be defined using the octal format with the command:

Define File Permission in Octal/Numeric Mode

Note: If you need a more in-depth guide on how to use Chmod In Linux to change file permissions recursively, read our Chmod Recursive guide.

Changing User File and Group Ownership

Aside from changing file permissions, you may come across a situation that requires changing the user file ownership or even group ownership.

Performing either of these tasks requires you first need to switch to superuser privileges. Use one of the options outlined in the previous passage.

To change the file ownership use the chown command:

Instead of [user_name] type in the name of the user who will be the new owner of the file.

To change the group ownership type in the following command:

Instead of [group_name] type in the name of the group that will be the new owner of the file.

Learning how to check and change permissions of Linux files and directories are basic commands all users should master. To change file’s group permissions, you might find helpful our article on how to use the chgrp command.

No matter whether you prefer using the GUI or command-line, this article should help you better understand how to use file permissions.

Источник