Why Strict file Permissions and Ownership:
Linux OS is designed for aÃ‚Â multi-userÃ‚Â environment. An environment where more than one users are access the same file system and other resources at the same time. In such an environment file permissions and ownership would be a problem if you don’t configure it properly.
For example, one user have created a file and someone else deleted it mistakenly orÃ‚Â deliberately, then first user would lose all the data he has compiled. This can be handled if you configure user rights properly.
Second example, one user executed a process and that process is gonna take a long time to be completed. Meanwhile somebody elseÃ‚Â stoppedÃ‚Â it, then the first user would not happy about this. For such things user permissions should be configured properly.
Understanding file Ownership in linux:
Each file/directory in linux is own by a specific user and a group. Therefore, permissions areÃ‚Â separatelyÃ‚Â defined for User, Group and Others.
User:Ã‚Â User name of who owns the file/directory. By default the user who creates the file/directory is owner of that.
Group: The usergroup that owns the file. All the users in this group would have same file permissions.
Group permissions are usableÃ‚Â if multiple users in a group are using some common file/directory. You need to make sure that the file is owned by the right group you want to give permissions to.
Others: A user who is not the owner of the file/directory and he also is not in the owner group.
Some people call it ‘world’ permissions.
Understanding File permissions in linux:
There are three types of file permissions in linux Read, Write and Execute. These permissions areÃ‚Â separatelyÃ‚Â defined for User, Group and Others.
Read:Ã‚Â On a regular file, the read permission bit means the file can be opened and read. On a directory, the read permission means you can list the contents of the directory.
Write: On a regular file, this means you can modify the file means you can write new data to the file. In the case of a directory, the write permission means you can add, remove, and rename files in the directory.
This means that if a file has the write permission bit, you are allowed to modify the file’s contents, but you’re allowed to rename or delete the file only if the permissions of the file’sÃ‚Â directoryÃ‚Â allow you to do so.
Execute: In the case of a regular file, this means you can execute the file as a program or a shell script. On a directory, the execute permission (also called the “search bit”) allows you to access files in the directory and enter it, with the “cd” command, for example.
However, note that although the execute bit lets you enter the directory, you’re not allowed to list its contents, unless you also have the read permissions to that directory.
Viewing file permissions in Linux:
You can list down directory contents with “ls” command but to see permissions of contents you need to get long listing of a directory contents with “ls -l” or “ll” command.
Following are the views with different listing types.
haris@harisaltaf-vaio:~/Downloads$ ls DBs.zip images.jpg pc2-9.1.6.rar Scraper dl haris@harisaltaf-vaio:~/Downloads$ haris@harisaltaf-vaio:~/Downloads$ haris@harisaltaf-vaio:~/Downloads$ haris@harisaltaf-vaio:~/Downloads$ ls -l total 2276 -rw-r--r-- 1 haris haris 19527 2011-12-02 18:09 DBs.zip -rw-r--r-- 1 haris haris 4712 2011-12-20 14:19 images.jpg -rw-r--r-- 1 haris haris 2295246 2011-12-23 21:41 pc2-9.1.6.rar drwxr-xr-x 2 haris haris 4096 2011-12-09 18:16 Scraper dl haris@harisaltaf-vaio:~/Downloads$ haris@harisaltaf-vaio:~/Downloads$ haris@harisaltaf-vaio:~/Downloads$ haris@harisaltaf-vaio:~/Downloads$ ll total 2284 drwxr-xr-x 3 haris haris 4096 2011-12-23 21:43 ./ drwxr-xr-x 55 haris haris 4096 2011-12-31 14:16 ../ -rw-r--r-- 1 haris haris 19527 2011-12-02 18:09 DBs.zip -rw-r--r-- 1 haris haris 4712 2011-12-20 14:19 images.jpg -rw-r--r-- 1 haris haris 2295246 2011-12-23 21:41 pc2-9.1.6.rar drwxr-xr-x 2 haris haris 4096 2011-12-09 18:16 Scraper dl/ haris@harisaltaf-vaio:~/Downloads$
What does the long listing output means. The first column, having values likeÃ‚Â drwxr-xr-x, shows file permissions. Second column having an integer value shows number of links to the file. Third column shows file owner. Fourth column shows owner group. Fifth column shows size of file in bytes. Sixth column shows file’s last modification date and time. Seventh column shows file name.
The first column which shows file permissions is organised into four parts. Four parts are divided as dÃ‚Â rwxÃ‚Â r-xÃ‚Â r-x.Ã‚Â The First part shows File Type. Second part shows Owner permissions. Third part shows Group permissions. Fourth part shows Other permissions.
dÃ‚Â = directory
–Ã‚Â = regular file
lÃ‚Â = symbolic link
bÃ‚Â = block device file
pÃ‚Â = named pipe
cÃ‚Â = character device file
sÃ‚Â = Unix domain socket
Permission character Meaning:
rÃ‚Â = read permission
wÃ‚Â = write permission
xÃ‚Â = execute permission
–Ã‚Â = no permission
To see hot to Set File Permissions in Linux see my next post.