You must keep in mind Linux is designed to be a multi-user environment. In an environment with more than one users(like Linux), it is crucial to have a secure system for deciding which files are yours and who can fiddle with them. So, file permissions are defined separately for users, groups, and others as following:
User: The username of the person who owns the file. By default, the user who creates the file will become its owner.
Group: The usergroup that owns the file. All users who belong into the group that owns the file will have the same access permissions to the file. This is useful if, for example, you have a project that requires a bunch of different users to be able to access certain files, while others can't. In that case, you'll add all the users into the same group, make sure the required files are owned by that group, and set the file's group permissions accordingly.
Other: A user who isn't the owner of the file and doesn't belong in the same group the file does. In other words, if you set a permission for the "other" category, it will affect everyone else by default. For this reason, people often talk about setting the "world" permission bit when they mean setting the permissions for "other."
That was the categories where you set permissions. The following are THE permissions and they are defined separately for the file's owner, group and all other users.
Read permission. On a regular file, the read permission bit means the file can be opened and read. On a directory, the read permission means you can list the contents of the directory.
Write permission. On a regular file, this means you can modify the file, and write new data to the file. In the case of a directory, the write permission means you can add, remove, and rename files in the directory. This means that if a file has the write permission bit, you are allowed to modify the file's contents, but you're allowed to rename or delete the file only if the permissions of the file's directory allow you to do so.
Execute permission. In the case of a regular file, this means you can execute the file as a program or a shell script. On a directory, the execute permission (also called the "search bit") allows you to access files in the directory and enter it, with the cd command, for example. However, note that although the execute bit lets you enter the directory, you're not allowed to list its contents, unless you also have the read permissions to that directory.
You can view the access permissions of a file by doing the long directory listing with the ls -l command.
$ ls -l
The first character can be any of these(type of file):
d = directory
- = regular file
l = symbolic link
s = Unix domain socket
p = named pipe
c = character device file
b = block device file
For each file you can add the following:
r = read permission
w = write permission
x = execute permission
- = no permission
User: The username of the person who owns the file. By default, the user who creates the file will become its owner.
Group: The usergroup that owns the file. All users who belong into the group that owns the file will have the same access permissions to the file. This is useful if, for example, you have a project that requires a bunch of different users to be able to access certain files, while others can't. In that case, you'll add all the users into the same group, make sure the required files are owned by that group, and set the file's group permissions accordingly.
Other: A user who isn't the owner of the file and doesn't belong in the same group the file does. In other words, if you set a permission for the "other" category, it will affect everyone else by default. For this reason, people often talk about setting the "world" permission bit when they mean setting the permissions for "other."
That was the categories where you set permissions. The following are THE permissions and they are defined separately for the file's owner, group and all other users.
Read permission. On a regular file, the read permission bit means the file can be opened and read. On a directory, the read permission means you can list the contents of the directory.
Write permission. On a regular file, this means you can modify the file, and write new data to the file. In the case of a directory, the write permission means you can add, remove, and rename files in the directory. This means that if a file has the write permission bit, you are allowed to modify the file's contents, but you're allowed to rename or delete the file only if the permissions of the file's directory allow you to do so.
Execute permission. In the case of a regular file, this means you can execute the file as a program or a shell script. On a directory, the execute permission (also called the "search bit") allows you to access files in the directory and enter it, with the cd command, for example. However, note that although the execute bit lets you enter the directory, you're not allowed to list its contents, unless you also have the read permissions to that directory.
You can view the access permissions of a file by doing the long directory listing with the ls -l command.
$ ls -l
The first character can be any of these(type of file):
d = directory
- = regular file
l = symbolic link
s = Unix domain socket
p = named pipe
c = character device file
b = block device file
For each file you can add the following:
r = read permission
w = write permission
x = execute permission
- = no permission
You can set file permissions with the chmod command. Both the root user and the file's owner can set file permissions. chmod has two modes, symbolic and numeric.
Symbolic...
First, you decide if you set permissions for the user (u), the group (g), others (o), or all of the three (a). Then, you either add a permission (+), remove it (-), or wipe out the previous permissions and add a new one (=). Next, you decide if you set the read permission (r), write permission (w), or execute permission (x). Last, you'll tell chmod which file's permissions you want to change.
Which user?
Numeric...
4 = read (r)
2 = write (w)
1 = execute (x)
0 = no permission (-)
Which user?
- u user/owner
- g group
- o other
- a all
- + add this permission
- - remove this permission
- = set exactly this permission
- r read
- w write
- x execute
Numeric...
4 = read (r)
2 = write (w)
1 = execute (x)
0 = no permission (-)
Change the owner of a file
You can change the owner and group of a file or a directory with the chown command. Please, keep in mind you can do this only if you are the root user or the owner of the file.
Set the file's owner: $ chown username somefile
After giving this command, the new owner of a file called somefile will be the user username. The file's group owner will not change. Instead of a user name, you can also give the user's numeric ID here if you want. You can also set the file's group at the same time. If the user name is followed by a colon and a group name, the file's group will be changed as well.
$ chown username:usergroup somefile
After giving this command, somefile's new owner would be user username and the group usergroup.
Set the owner of a directory
$ chown username somedir
Note that after giving this command, only the owner of the directory will change. The owner of the files inside of the directory won't change.
In order to set the ownership of a directory and all the files in that directory, you'll need the -R option:
$ chown -R username somedir
Here, R stands for recursive because this command will recursively change the ownership of directories and their contents. After issuing this example command, the user username will be the owner of the directory somedir, as well as every file in that directory.
$ chown -v username somefile
Here, v stands for verbose. If you use the -v option, chown will list what it did (or didn't do) to the file.
You can change the owner and group of a file or a directory with the chown command. Please, keep in mind you can do this only if you are the root user or the owner of the file.
Set the file's owner: $ chown username somefile
After giving this command, the new owner of a file called somefile will be the user username. The file's group owner will not change. Instead of a user name, you can also give the user's numeric ID here if you want. You can also set the file's group at the same time. If the user name is followed by a colon and a group name, the file's group will be changed as well.
$ chown username:usergroup somefile
After giving this command, somefile's new owner would be user username and the group usergroup.
Set the owner of a directory
$ chown username somedir
Note that after giving this command, only the owner of the directory will change. The owner of the files inside of the directory won't change.
In order to set the ownership of a directory and all the files in that directory, you'll need the -R option:
$ chown -R username somedir
Here, R stands for recursive because this command will recursively change the ownership of directories and their contents. After issuing this example command, the user username will be the owner of the directory somedir, as well as every file in that directory.
$ chown -v username somefile
Here, v stands for verbose. If you use the -v option, chown will list what it did (or didn't do) to the file.
Change the group ownership of a file
In addition to chown, you can also use the chgrp command to change the group of a file or a directory. You must, again, be either the root user or the owner of the file in order to change the group ownership.
chgrp works pretty much the same way as chown does, except it changes the file's user group instead of the owner, of course.
$ chgrp usergroup somefile
After issuing this command, the file somefile will be owned by a user group usergroup. Although the file's group has changed tousergroup, the file's owner will still be the same.
The options of using chgrp are the same as using chown. So, for example, the -R and -v options will work with it just like they worked withchown:
No comments:
Post a Comment