Linux rights to folder

Give user write access to folder [duplicate]

How do i give the user ‘testuser’ write privileges on the folder: /var/www/test/public_html

1 Answer 1

The simplest way is to use chown :

This will make the user & group testuser the owner of the file. IF YOU ARE USING A DIFFERENT USERNAME (run whoami or look before the @ of your terminal promp, or be lazy and replace testuser with $USER ), use that username instead. For instance user Flora colossus may have the username groot , in which case you would run sudo chown -R groot:groot . . If in doubt use the manual pages linked below.

or to use chmod (read and use carefully):

Which will allow read-write-execute permissions for the owner, group, and any other users. The execute bit is required for directories to work, files can get by with 666 permissions (strictly speaking most files shouldnt need the execute permission, but this is least likely to break stuff and does not require find etc). chmod is much more difficult to ‘undo’ if needed that the other options.

Here are manual pages on chown and chmod (these can also be found by running man chown and man chmod .)

I should add you can give groups of users write access as well (examples here and here).

Also beware giving global write access with the chmod command if you have not as trustworthy users/scripts running on the server etc — I recommend changing the group or the user permissions instead. If using chmod please read up on this and understand what it is doing.

Источник

granting write permissions to a group to a folder

How can I grant write permission to one group?

I have two users ( alex and ben ).

alex is member of group alex and of group consult .

ben is member of group ben and of group consult .

I want to grant read-write access to both alex and ben on the folder consult_documents .

If I make alex the owner of the directory consult_documents and I grant 775 access to the directory consult_documents , ben and alex will be able to access the folder, I think.

But will this allow ben access to alex ‘s other folders as well? If a user is in two groups, does that mean that all the members from both groups get the same permissions on all folders?

4 Answers 4

Granting 775 permissions on a directory doesn’t automatically mean that all users in a certain group will gain rwx access to it. They need to either be the owner of the directory or to belong to the directory’s group:

So, in order to allow both alex and ben to have write access to some_dir , the some_dir directory itself must belong to the consult group. If that’s not the case, the directory’s owner (alex in your example), should issue the following command:

or to change group ownership of everything inside the directory:

This will only work if alex is a member of the consult group, which seems to be the case in your example.

This will not allow ben to access all of alex’s directories for two reasons:

1. Not all of alex’s directories will belong to the consult group
2. Some of alex’s directories may belong to the consult group but alex may not have chosen to allow rwx group access to them.

In short, the answer depends both on group ownership and on the group permission bits set for the directory.

All of this is provided you don’t use any additional mandatory access control measures on your system.

Источник

How to create a new folder from a terminal with administrative permissions?

I want to install JAVA, but the installation instructions ask me to create a new folder, called /java/ , into the standard /usr/ folder.

But this folder is blocked. I mean, I can not to create a new folder on it, with the PCManFM file manager, because that option is grey.

So I guess there should be a command to create it from a Terminal session. (With sudo , maybe?)

How can I get it? Which is the right command to get it?

4 Answers 4

Create the folder from a command line terminal using:

You need sudo to make changes to /usr because /usr is owned by the root user.

I’m going to address two parts of your question: java installation and folder creation.

Java installation

We already have a question about that: How can I install Sun/Oracle’s proprietary Java JDK 6/7/8 or JRE?.All of the necessary commands are there, and I strongly suggest you read their manual pages with man COMMAND in terminal.

There’s also open-source version of Java, Open JDK. Installation of that is somewhat simpler

That’s pretty much it — apt-get will take care of everything. When you install some package with apt-get or dpkg there should be preinstall and postinstall scripts that come along with the package, and run automatically to set up whatever program you’re getting.

Folder Creation

Folder ( in linux terminology — directory ) creation, just like file creation, depends on the permissions. If a folder has the following permissions,

that means the owner of that folder testuser can read-write-execute stuff there (first rwx ), and group testuser can only read and execute stuff there — that’s the r-x part, and final r-x part means read execute for any other groups or users.

/usr folder is owned by root user, so only root can write there, that means create files or folder. Hence for that you need sudo to gain root privileges temporarily.

Источник

Linux File & Folder Permissions

Written by Administrator. Posted in Introduction To Linux

File & folder security is a big part of any operating system and Linux is no exception!

These permissions allow you to choose exactly who can access your files and folders, providing an overall enhanced security system. This is one of the major weaknesses in the older Windows operating systems where, by default, all users can see each other’s files (Windows 95, 98, Me).

For the more superior versions of the Windows operating system such as NT, 2000, XP and 2003 things look a lot safer as they fully support file & folder permissions, just as Linux has since the beginning.

Together, we’ll now examine a directory listing from our Linux lab server, to help us understand the information provided. While a simple ‘ls’ will give you the file and directory listing within a given directory, adding the flag ‘-l’ will reveal a number of new fields that we are about to take a look at:

It’s possible that most Linux users have seen similar information regarding their files and folders and therefore should feel pretty comfortable with it. If on the other hand you happen to fall in to the group of people who haven’t seen such information before, then you either work too much in the GUI interface of Linux, or simply haven’t had much experience with the operating system 🙂

Whatever the case, don’t disappear — it’s easier than you think!!

So what does all this output mean ? Especially all those ‘rwx’ lines?!

Let’s start from scratch, analysing the information in the previous screenshot.

In the yellow column on the right we have the file & directory names (dirlist.txt, document1, document2 etc.) — nothing new here. Next, in the green column, we will find the time and date of creation.

Note that the date and time column will not always display in the format shown. If the file or directory it refers to was created in a year different from the current one, it will then show only the date, month and year, discarding the time of creation.

For example, if the file ‘dirlist.txt’ was created on the 27th of July, 2004, then the system would show:

Jun 27 2004 dirlist.txt

Jun 27 11:28 dirlist.txt

A small but important note when examining files and folders! Lastly, the date will change when modifying the file. As such, if we edited a file created last year, then the next time we typed ‘ls -l’, the file’s date information would change to today’s date. This is a way you can check to see if files have been modified or tampered with.

The next column (purple) contains the file size in bytes — again nothing special here.

Next column (orange) shows the permissions. Every file in Linux is ‘owned’ by a particular user.. normally this is the user (owner) who created the file.. but you can always give ownership to someone else.

The owner might belong to a particular group, in which case this file is also associated with the user’s group. In our example, the left column labeled ‘User’ refers to the actual user that owns the file, while the right column labeled ‘group’ refers to the group the file belongs to.

Looking at the file named ‘dirlist.txt’, we can now understand that it belongs to the user named ‘root’ and group named ‘sys’.

Following the permissions is the column with the cyan border in the listing.

The system identifies files by their inode number, which is the unique file system identifier for the file. A directory is actually a listing of inode numbers with their corresponding filenames. Each filename in a directory is a link to a particular inode.

Links let you give a single file more than one name. Therefore, the numbers indicated in the cyan column specifies the number of links to the file.

As it turns out, a directory is actually just a file containing information about link-to-inode associations.

Next up is a very important column, that’s the first one on the left containing the ‘-rwx—-w-‘ characters. These are the actual permissions set for the particular file or directory we are examining.

To make things easier, we’ve split the permissions section into a further 4 columns as shown above. The first column indicates whether we are talking about a directory (d), file (-) or link (l).

In the newer Linux distributions, the system will usually present the directory name in colour, helping it to stand out from the rest of the files. In the case of a file, a dash (-) or the letter ‘f’ is used, while links make the use of the letter ‘l’ (l). For those unfamiliar with links, consider them something similar to the Windows shortcuts.

Column 2 refers to the user rights. This is the owner of the file, directory or link and these three characters determine what the owner can do with it.

The 3 characters on column 2 are the permissions for the owner (user rights) of the file or directory. The next 3 are permissions for the group that the file is owned by and the final 3 characters define the access permissions for the others group, that is, everyone else not part of the group.

So, there are 3 possible attributes that make up file access permissions:

r — Read permission. Whether the file may be read. In the case of a directory, this would mean the ability to list the contents of the directory.

w — Write permission. Whether the file may be written to or modified. For a directory, this defines whether you can make any changes to the contents of the directory. If write permission is not set then you will not be able to delete, rename or create a file.

x — Execute permission. Whether the file may be executed. In the case of a directory, this attribute decides whether you have permission to enter, run a search through that directory or execute some program from that directory.

Let’s take a look at another example:

Take the permissions of ‘red-bulb’, which are drwxr-x—. The owner of this directory is user david and the group owner of the directory is sys. The first 3 permission attributes are rwx. These permissions allow full read, write and execute access to the directory to user david. So we conclude that david has full access here.

The group permissions are r-x. Notice there is no write permission given here so while members of the group sys can look at the directory and list its contents, they cannot create new files or sub-directories. They also cannot delete any files or make changes to the directory content in any way.

Lastly, no one else has any access because the access attributes for others are —.

If we assume the permissions are drw-r—r— you see that the owner of the directory (david) can list and make changes to its contents (Read and Write access) but, because there is no execute (x) permission, the user is unable to enter it! You must have read and execute (r-x) in order to enter a directory and list its contents. Members of the group sys have a similar problem, where they seem to be able to read (list) the directory’s contents but can’t enter it because there is no execute (x) permission given!

Lastly, everyone else can also read (list) the directory but is unable to enter it because of the absence of the execute (x) permission.

Here are some more examples focusing on the permissions:

-r—r—r— :This means that owner, group and everyone else has only read permissions to the file (remember, if there’s no ‘d‘ or ‘l‘, then we are talking about a file).

-rw-rw-rw- : This means that the owner, group and everyone else has read and write permissions.

-rwxrwxrwx : Here, the owner, group and everyone else has full permissions, so they can all read, write and execute the file ( — ).

Modifying Ownership & Permissions

So how do you change permissions or change the owner of a file?

Changing the owner or group owner of a file is very simple, you just type ‘chown user:group filename.ext‘, where ‘user’ and ‘group’ are those to whom you want to give ownership of the file. The ‘group’ parameter is optional, so if you type ‘chown david file.txt‘, you will give ownership of file.txt to the user named david.

In the case of a directory, nothing much changes as the same command is used. However, because directories usually contain files that also need to be assigned to the new user or group, we use the ‘-R‘ flag, which stands for ‘recursive’ — in other words all subdirectories and their files: ‘chown -R user:group dirname‘.

To change permissions you use the ‘chmod’ command. The possible options here are ‘u‘ for the user, ‘g‘ for the group, ‘o‘ for other, and ‘a‘ for all three. If you don’t specify one of these letters it will change to all by default. After this you specify the permissions to add or remove using ‘+‘ or ‘—‘ . Let’s take a look at an example to make it easier to understand:

If we wanted to add read, write and execute to the user of a particular file, we would type the following ‘chmod u+rwx file.txt‘. If on the other hand you typed ‘chmod g-rw file.txt‘ you will take away read and write permissions of that file for the group .

While it’s not terribly difficult to modify the permissions of a file or directory, remembering all the flags can be hard. Thankfully there’s another way, which is less complicated and much faster. By replacing the permissions with numbers, we are able to calculate the required permissions and simply enter the correct sum of various numbers instead of the actual rights.

The way this works is simple. We are aware of three different permissions, Read (r), Write (w) and Execute (x). Each of these permissions is assigned a number as follows:

r (read) — 4

w (write) — 2

x (execute) — 1

Now, to correctly assign a permission, all you need to do is add up the level you want, so if you want someone to have read and write, you get 4+2=6, if you want someone to have just execute, it’s just 1.. zero means no permissions. You work out the number for each of the three sections (owner, group and everyone else).

If you want to give read write and execute to the owner and nothing to everyone else, you’d get the number 7 0 0 . Starting from the left, the first digit (7) presents the permissions for the owner of the file, the second digit (0) is the permissions for the group, and the last (0) is the permissions for everyone else. You get the 7 by adding read, write and execute permissions according to the numbers assigned to each right as shown in the previous paragraphs: 4+2+1 = 7.

Источник