The easiest way to learn Linux permissions is from an example. The ls -l command generates a list of contents, such as files along with their permissions. Let's take a look at the default values for a file called Filename. We are adding spaces to make the output more legible.
- rw- r-- r-- other information about the file Filename The initial - signifies that this is a file (not a directory). The next three characters refer to the file permissions for the file owner, in many cases the person who created the file. The values rw- signify that the owner has read and write (modify) permission but not execute permission. Had these values been r-x the owner would be allowed to read and execute the file (program) but could not modify it. The second set of values r-- signify that the members of the group associated with this file have read but not write or execute permission. The third set of values also r-- signify that other users have read but not write or execute permission.
Permissions are often handled numerically. The r has a value of 4, the w has a value of 2, and the x has a value of 1. In all cases the lack of permission has the value 0.
So rw- has the value 6 and r-- has the value 4. In the above example the permissions may be expressed as 644. The full set of permissions for everyone is expressed as 777 (not usually a good idea). Note that the root user's permissions aren't listed. This shouldn't be surprising because root has essentially complete permissions.
But even root doesn't have execute permissions for a file it creates. This permission must be added in a separate step. Why? This two-step procedure has important security implications. Let's say that an individual, perhaps root, has received an email that contains a virus-infested executable program.
The program cannot be executed without the explicit permission of root or the recipient. If the user doesn't know what to do the virus won't be launched. Linux defines permissions for directories that are similar to but not exactly the same as the file permissions. A read permission on a directory means that its contents may be listed. A write permission on a directory means that the user can modify its contents by adding, deleting, or renaming files. An execute permission on a directory means that it may be accessed, in other words made the current working directory.
Permissions may be changed via the chmod command. For example chmod 770 Junque which gives read, write, and execute permissions to the file owner and members of the ownership group but no permissions to anyone else. Not everyone likes working with these numbers. The symbolic mode uses letters and the plus and minus signs to change permissions.
The following command removes the write permission from the user (owner) of the Perm file chmod u-w Perm. To add the execute permission for others, those people who do not belong to the group that owns the file, apply the command chmod o+x Perm. This command only makes sense if the Perm file is executable. Furthermore, often the file owner and his or her group are granted more permissions that the others. Linux doesn't check to see that your command really makes sense. Do you think that Windows is more intelligent in this respect? The chown command is used to change the ownership of a file or a directory.
The chgrp command is used to change the group ownership of files and directories. These commands might be used when a project passes from the development to the testing stage. Needless to say only the system administrator can execute these commands. Of course there is more to Linux permissions and groups but we have covered the basics. The next article in this series discusses inodes, a topic that is sorely missing from the Windows bag of tricks.
Levi Reiss has written ten computer and Internet books either alone or with a co-author. The books are over, at least for the time being, replaced by a multitude of websites, including global wine, Italian wine, Italian travel, and health and nutritional aspects of wine (www.wineinyourdiet.com). He has taught various and sundry computer courses including Linux and Windows operating systems at an Ontario French-language community college for decades. His new website http://www.linux4windows.com teaches you how to download and run Damn Small Linux even on that outdated Windows computer which you have been meaning to throw out.
