 |
|
Because Linux is a multiuser sytem, files can be created by individual users, and are then ``owned'' by by that user until they either delete them, or give them to another user. Each user belongs to one or more ``groups'' and can share files with other members of that group. Permission determine how users on the system can use files and directories.
Write and execute permissions for directories go together. Generally, if you allow users to write files to a directory, you also allow them to remove files from that directory. There exists a mechanism to allow users to only delete files from a directory, that they wrote. (See discussion below of the save program text attribute on directories)
To facilitate file sharing, Linux has three levels of permission, user, group and others. The user is generally the person who created the file. The group is determined by the /etc/group file and is often created by an administrator to create colaborative groups, for working on things in a cooperative way, such as groups of programmers working on a single project.
To examine the attributes of files use ls -l like this:
joe@localhost $ ls -l
drwxr-xr-x 2 joe joe 1024 Mar 27 18:17 bin/
-rw-rw-rw- 1 joe joe 0 Mar 26 19:22 firstfile
-rw-rw-rw- 1 joe joe 0 Mar 26 19:22 fourfile
-rw-rw-rw- 1 joe joe 0 Mar 26 19:22 lastfile
-rw-rw-rw- 1 joe joe 0 Mar 26 19:22 onefile
-rw-rw-rw- 1 joe joe 29 Mar 27 01:37 thatfile
-rw-rw-rw- 1 joe joe 29 Mar 26 19:23 thisfile
-rw-rw-rw- 1 joe joe 0 Mar 26 19:22 thosefiles
-rw-rw-rw- 1 joe joe 0 Mar 26 19:22 threefile
-rw-rw-rw- 1 joe joe 0 Mar 26 19:22 twofileWorking from right to left you can see the attributes of the files. First on the right, is the name of the file or directory. Second from right is the date and time of creation. Third is the file size. The fourth column is the group and fifth is owner for the file. Then we come to the first column, which is the file attributes. Each file has three levels of permissions or modes, owner, group and user. Owner The owner is the the user who created the file. The chown command is used to change this.
Group Files can be grouped together for access under /etc/group for projects where group access is neccessary. For security the default setup in Red Hat is to create a group for each user.
User Sometimes refered to as Public. All other users on the system. Anyone who has a username and can gain access to the system. There are three basic commands to manipulate these file attributes, in Linux. chown to change the ownership of the files. chgrp is used to change the group attributes. And chmod is used to change permissions or modes of files and directories.
There are three attributes for each level. The permissions have slightly different meaning in directories than they do for regualar files. Read If the read permission is set on a file, the user can look at the contents of the file. A user how has read permissions for a directory can list what files are in that directory. To get detailed information (ls -l) about the files in the directory, the execute permissions on the directory must also be set for that user. The read permissions on the files themselves determine if the user can read the contents of the files in the directory.
Write File write permissions determine whether the user will be allowed to modify the file. Write permissions on directories determine whether the user will be able to change files in the directory. That is whether the user will be able to add or remove files from the directory. The ability to remove files is determined by the permissions on the individual files in the directory.
Execute If the execute permission is set for the user, that user can use the file as a Linux system command. Execute permissions on a directory, means that a user can change directories to that directory and copy files from that directories, providing the read permissions are also set for that directory. The x permission for a directory is sometimes called the ``search'' permission.
By combining the three different levels of permissions and three user levels, there are nine different combinations of permisssions possible.
- r w x r w x r w x 2 joe joe 29 19:22 file or directory name
| | | | | | | | | | | | | | |-- Date of creation
| | | | | | | | | | | | | - -- Size (bytes)
| | | | | | | | | | | | - - -- group
| | | | | | | | | | | - - - -- owner (user)
| | | | | | | | | | - - - - -- number of links
| | | | | | | | | - - - - - -- execute for public (other)
| | | | | | | | - - - - - - -- write for public (other)
| | | | | | | - - - - - - - -- read for public (other)
| | | | | | - - - - - - - - -- execute for group
| | | | | - - - - - - - - - -- write for group
| | | | - - - - - - - - - - -- read for group
| | | - - - - - - - - - - - -- execute for owner (user)
| | - - - - - - - - - - - - -- write for owner (user)
| - - - - - - - - - - - - - -- read for owner (user
- - - - - - - - - - - - - - -- suid & sticky bit & directory
The left three letters refer to the owner of the file, the middle three to the group, and the right three refer to the users (public). Missing permissions are refered to as ``protection'' and are indicated by a dash ``-``. The nine protections are collectively the ``mode'' of the file or directory and can be changed wiht the chmod command.