File Permissions Linux Article
File Permissions Linux Article
http://www.linuxforums.org/articles/file-permissions_94.html
Home
Forums
Articles
Marketplace
Downloads
Hosting
Freebies
Jobs
Login
Applications | Desktop | Installation | Misc | Multimedia | Network | Programming | Reviews | Security | Servers
Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Entire Site
Are you a Linux Guru who is willing to share your in-depth Linux knowledge? Try our new Article submission system.
Any member can post an article to share with the rest of the community. All submissions become eligible for our monthly giveaways. Become a respected contributor to the ever-growing Linux family.
Site Navigation
Linux Forums Linux Articles Product Showcase Linux Downloads Linux Hosting Free Magazines Job Board IRC Chat RSS Feeds
File Permissions
User Score Editor Score Contributed by: Clement Lefebvre Category: Security Distribution: All Views: 433176 License: Linux Forums Article License Posted: 05 April, 2006 Tools Bookmark Share Comment
Free Publications
In GNU/Linux, file access is restricted. Users don't necessarily have the same rights when it comes to deleting, executing or even reading files. In fact, every file contain data such as its owner, its permissions and other information which defines exactly what can be done with it, and by whom.
Note: GNU/Linux treats everything as a file. As a consequence, directories use the same permission scheme.
1 of 9
11/24/2012 3:54 PM
http://www.linuxforums.org/articles/file-permissions_94.html
- And other information which is not relevant to this article. The way permissions are shown can seem a bit confusing if you're new to GNU/Linux or Unix, but don't be mistaken, it is very simple. The first character simply indicates the type of file as indicated in the table below: Character d l s p c b Type of file regular file directory symbolic link socket named pipe character device file (unbuffered) blocked device file (buffered)
In this case myfile is a regular file. Let's have a look at the other nine characters: "rwxr-x---". The first three characters indicate whether or not the read, write and execute permissions are given to the owner (in this case, George). If they are, their character representation appear (r, w or x), otherwise they are replaced by the character "-". In the same manner, the next three characters indicate whether or not these permissions are given to the group (in this case, Administrators). Finally, the last three characters indicate whether the same rights are given to the others (in this case, people who are not members of the Administrators group). Letter r w x Permission Read Write Execute, Go through (for directories) No permission
Letter u g o a
Type of users User (owner of the file) Group (group to which belong the file) Other (users who are neither a member of the Group nor the owner of the file) All (everybody)
So, in our example myfile features the following set of permissions : " rwxr-x--". This means that George has all three rights on it, that members of the Administrators group can only read (R) and execute (X) the file, and that everybody else can't do anything with the file. You could imagine that this file, written and maintained by George could be an executable script dedicated to the administrators and not made available to other users.. but hey.. this is only an example, so let's not assume too much :) The important thing is that you now understand the concept of file permissions and that you know how to read them using the "ls -l" command. The next step is to learn how to change them.
Let's have a look at a few examples: chmod chmod chmod chmod o+r myfile adds read permission to the others on myfile; ug+rx myfile adds read and execute permissions to both the owner (user) and the group on myfile; a-rwx myfile removes all permissions to everybody (all) on myfile; a=rx *.txt defines permissions to be read and write to everybody on all files suffixed by .txt.
The chmod command also accepts another syntax which is quite popular among system administrators: the octal system. Rather than using letters such as u, g, o, a, r, w and x.. you can use octal numbers. The main advantage is that once you're used to it, it is faster to use. Also, because it sets permissions rather than adding or removing them, you don't accidentally overlook anything. Here is how the octal numbers work: Each permission is given a value: Permission Value
2 of 9
11/24/2012 3:54 PM
http://www.linuxforums.org/articles/file-permissions_94.html
x w r
0 1 2 4
Values add up when you combine permissions. Consequently the total value can go from 0 (no permission at all) to 7 (full permissions): Permission Value ----x -w-wx r-r-x rwrwx 0 1 2 3 4 5 6 7
Finally a value is given for each of the three types of users (User, Group and Other) and these three numbers ranging from 0 to 7 are put together to form the octal number. This is the number you can use with "chmod". For instance: chmod 750 myfile 750 means 7 (rwx) for the owner, 5 (r-x) for the group and 0 (---) for others. As a result, the permissions of myfile will be "rwxr-x---". As seen above this command is equivalent to: chmod u=rwx,g=rx myfile; chmod o-rwx myfile; Here are some common uses of the octal numbers: - chmod 755 myfile : rwxr-xr-x, all rights to the owner, other people only read and execute; - chmod 644 myfile : rw-r--r--, owner car read and write, other people only read; - chmod 777 myfile : can be considered bad practice in some cases, full permissions to everybody.
Setting SUID and SGID attributes on executable files : chmod u+s, chmod g+s
By default, when a user executes a file, the process which results in this execution has the same permissions as
3 of 9
11/24/2012 3:54 PM
http://www.linuxforums.org/articles/file-permissions_94.html
those of the user. In fact, the process inherits his default group and user identification. If you set the SUID attribute on an executable file, the process resulting in its execution doesn't use the user's identification but the user identification of the file owner. For instance, consider the script myscript.sh which tries to write things into mylog.log : ls -l -rwxrwxrwx -rwxrwx--10 george administrators 10 george administrators 4096 2006-03-10 12:50 myscript.sh 4096 2006-03-10 12:50 mylog.log
As you can see in this example, George gave full permissions to everybody on myscript.sh but he forgot to do so on mylog.log. When Robert executes myscript.sh, the process runs using Robert's user identification and Robert's default group (robert:senioradmin). As a consequence, myscript fails and reports that it can't write in mylog.log. In order to fix this problem George could simply give full permissions to everybody on mylog.log. But this would make it possible for anybody to write in mylog.log, and George only wants this file to be updated by his myscript.sh program. For this he sets the SUID bit on myscript.sh: chmod u+s myscript.sh As a consequence, when a user executes the script the resulting process uses George's user identification rather than the user's. If set on an executable file, the SUID makes the process inherit the owner's user identification rather than the one of the user who executed it. This fixes the problem, and even though nobody but George can write directly in mylog.log, anybody can execute myscript.sh which updates the file content. Similarly, it is possible to set the SGID attribute on an executable file. This makes the process use the owner's default group instead of the user's one. This is done by: chmod g+s myscript.sh By setting SUID and SGID attributes the owner makes it possible for other users to execute the file as if they were him or members of his default group. The SUID and GUID are represented by a "s" which replaces the "x" character respectively in the user and group permissions: chmod u+s myscript.sh ls -l -rwsrwxrwx 10 george administrators chmod u-s myscript.sh chmod g+s myscript.sh ls -l -rwxrwsrwx 10 george administrators
excellent
Rate it!
useful
writen by: Ashish on 2006-04-06 11:33:05 quite good in content. the last part was new to me
mr.
writen by: Anatoly on 2006-04-07 02:56:04 please, correct the article, to change line "ls -l | grep tmp" to "ls -ld tmp" , it's no good to teach people to bad behaviour... thanks
4 of 9
11/24/2012 3:54 PM
http://www.linuxforums.org/articles/file-permissions_94.html
answers
writen by: Lauri on 2006-04-09 08:59:39 I recommend you use ls -l tmp instead of pipes 10 tells that the folder tmp/ contains 10 files and 4096 is the size of the file
10 and 4096
writen by: Chris on 2006-04-09 16:35:01 10 are the number of symbolic links where this dir/file pointed to, and 4096 is the size in byte.
Typo?
writen by: Florian on 2006-04-12 16:19:57 About half way through the article is this line... [i] - chmod a=rx *.txt defines permissions to be read and write to everybody on all files suffixed by .txt.[/i] Wouldn't it be a=rw instead for write?
yup
writen by: Blitze105 on 2006-06-07 03:45:21 typos happen. Excellent guide, i bought a book on linux just to see if it was for me and i thought after i read about half the book that i would never get it.. my advice to you is this: write a book make money you taught me more than about 450 pages of that moron's writing :D
Administrator
writen by: Pravat on 2006-10-27 00:45:04 [b]Damn good for newbies...[/b]
umask
writen by: Heiko Rommel on 2006-11-29 10:38:12 In the explanation of umask above I read "666 - 022 = 644" That's ok if you subtract from 777 or 666 (that's where umask starts), but the notion is somewhat misleading. I think it would be better to use the symbolic names like "umask u=rwx,g=rx,o=x" for "umask 0026" For displaying the current settings, use "umask -S" In addition, the use of the symbolic names is more like positive thinking since it expresses what rights you want to give to users/groups/others in contrast to what rights you want to take away ;)
typo ?
writen by: Izwalito on 2007-01-08 10:54:48 Last chapter reads: [quote]For instance, if you want all new directories to get permissions rwxr-x[b]r[/b]--and files to get permissions rw-r----- by default (modes 750 and 640),[/quote] Seems to me that 'r' is a typo and should be ignored. you can tell sumthing wrong cause there are 10 characters instead of 9, and you can tell that 'r' shouldn't be there by crosscheking mode 750 with octal values shown before in the article. that said, this is a nice simple article that covers pretty much everything one needs to know to understand file permissions. kudos.
thx
writen by: Sheik on 2007-01-12 22:25:12 Omg thank you so much. This is one of those things that would be covered in some 500 page book that I would never understand. You have told me everything i need to know and saved me countless hours of screwing around. Thanks heaps :D
Permission
writen by: Jitendra on 2007-01-19 06:19:51
need help
writen by: saurav on 2007-02-06 21:58:04 1. a umask that would give no permissions (r, w, and x) to group users and other users. 2. perl script that submits messages (you can use any example messages) to syslog with facility user. (May require root access) 3. Perl script which goes through the password file /etc/passwd entries one by one and points out possible problems. The potential problems to check for are: Find any entries that have UID 0; Find any entries that have no password (need to access /etc/shadow) Find any set of entries that have duplicate UIDs Find any set of entries that have duplicate login names Find any entries that have no expiration date (need to access /etc/shadow) After you finish this perl script and test that it works correctly, use cron to schedule this script to run at 3:00am everyday. By default, you will get an email each time your cron job runs. Configure the crontab file to disable this feature (i.e., do not send emails). 4. Using man pages for du, sort, and head commands as references, write a perl script that determines which 10 directories have the largest file space usage on your system. 5. perl script that finds all the hard links on a filesystem.
5 of 9
11/24/2012 3:54 PM
http://www.linuxforums.org/articles/file-permissions_94.html
Device Permissions
writen by: Osric on 2007-02-21 09:36:43 What do the rwx permissions mean when applied to device files?
Device permissions
writen by: me on 2007-03-08 22:05:26
mad
writen by: jyotsna on 2007-04-27 05:12:04
file permissions
writen by: mbanks on 2007-04-29 14:57:57
none
writen by: Bayard on 2007-07-16 23:24:27 From what I have read you can't change permissions for files in VFAT volumes.
report
writen by: vedakumar on 2007-10-04 06:03:57
Teacher
writen by: mike on 2008-01-05 12:53:31 Hello, One of my students pointed out a useful video tutorial on file permissions for all those newbies. http://www.veoh.com/videos/v2078094HhAcWKp8 hope this helps. Mike
RE: Teacher
writen by: disccomp on 2009-12-09 15:15:45 Correct URL: http://www.veoh.com/browse/videos/category/educational/watch /v2078094HhAcWKp8#watch=v2061669XeXtWJd5
Linux
writen by: john on 2008-02-21 11:27:22
lin
writen by: michaek on 2008-02-21 14:39:16
hbighi
6 of 9
11/24/2012 3:54 PM
http://www.linuxforums.org/articles/file-permissions_94.html
permission
writen by: DEEPAK SHARMA on 2008-06-27 11:14:18 how to give permission to user
Mr
writen by: Pradeep on 2008-07-16 00:09:27 Hey guys, Can you please tell me if 1. "!!" means that the password is expired and the user will not be able to login? 2. "*" means that the userid is locked?
linux beginner
writen by: faisal on 2008-09-21 12:24:22
linux beginner
writen by: faisal on 2008-09-21 13:17:01
app admin
writen by: Jason on 2009-03-02 12:50:05 I'm not sure if anyone else has mentioned this since I haven't read all comments but there's a typo in the last paragraph: "In order to change the umask value, simply use the umask command and give it an octal number. For instance, if you want all new directories to get permissions rwxr-xr--- and files to get permissions rw-r----- by default (modes 750 and 640),... " rwxr-xr--- should actually read rwxr-x--- if the mode should be set to 750 in this example. It looks more like 754 as is.
the gui says i am in the motion group but am i really? adduser says The user `david' is already a member of `motion'. so why cant i read or edit the file? :confused:
Gud article
writen by: mohiyadeen on 2010-03-14 12:19:30 It explains about SUID with a simple example...Thanks!
7 of 9
11/24/2012 3:54 PM
http://www.linuxforums.org/articles/file-permissions_94.html
8 of 9
11/24/2012 3:54 PM
http://www.linuxforums.org/articles/file-permissions_94.html
hello, i am searching for a way to set permissions on folder and the contents. The rule is as such that the only the superUser can delete contents of the folder. Users can add, view, modify But NOT delete the files in the directory. Please tell me if you got any solution for this. Thank you
Submit comment
Advertise
About Us
Contact Us
Write For Us
Forum Archive
Privacy
Top
All Areas
SEARCH
9 of 9
11/24/2012 3:54 PM