Tips For Linux

>> Understanding file permissions and modifying them using chmod

Linux is basically a multi-user system. But nowadays there has been an increase in the usage of Linux as an OS for single user home computers as well. But since it was originally meant to be a multi-user OS, a lot of things that would be necessary in a multi-user system are built into the Linux core. One such thing is file / directory permissions.

In Linux every file present on the disk has associated permissions with it. These permissions decide on who and in what manner these files should be used. The rest of this article explains these file / directory permissions in details.

In order to view the permissions associated with a file, you could use the ' ls ' command. On executing ' ls ' you would be presented with a directory listing with one filename per line. I shall explain file permissions with the help of a sample output as shown below

Jan 15 11:31
Jan 15 08:12
Jan 15 08:12

Yours would obviously be different from this one. But this output should be enough to explain file permissions. The above output shows that within the current directory there are 3 entries. Lets start with the 2nd line.

frwxr-xr-x 4 david david 1240
Jan 15 08:12

The first character 'f' indicates that ' viewresume ' is a file. In case it was the name of a directory there would have been a 'd' instead of a 'f'

The next part rwxr-xr-x (a total of 9 characters) should be spilt into 3 parts each consisting of 3 consecutive letters

Part 1 (User) : rwx Part 2 (Group) : r-x Part 3 (World) : r-x

The meaning of these 3 characters which form this 9 character sequence is shown in the table below.

Description of r,w,x for Files
Read permissions for the file (whether the contents of the file can be read or not)
Write permissions for the file (whether a file can be modified or not)
Execute permissions (whether a file is an executable/script or not)

In Part 1 r,w and x, all the 3 permissions exist. This means that the the concerned file, ' viewresume ' can be read, written to as well as executed. Thus in case you want to just read the contents of that file you could do so. In case you want to modify the file that too would be allowed. Assuming that ' viewresume ' is some kind of a script it also has execute permissions assigned to it. So you could execute this program from the shell prompt as well.

Some of you'll who are really smart must have already started thinking about how you could protect your data from others (in a multi-user system) when you have provided r,w and x permissions to the file. That is exactly why there is a 9 character sequence present instead of just 3 characters.

Part 1 decides the permissions for the User (the owner of the file)
Part 2 decides the permissions for other users who belong to the same Group as the file
Part 3 decides the permissions for Others (rest of the world) who might access your folder

As the owner any file you create would be having the r and w permissions present. In case its a script you should also add the execute permission. This is explained in a later section of this article.

In case you are a part of a project involving other users, you should ask the administrator to create a separate group and include all the project members in that group. Then you could create all your programs as a part of that group and use the group permissions so that only those members belonging to your project group can read, modify your files that concern to that project.

For others (rest of the world) it is always best to leave the default permissions which would be generally r and x. Never ever give w permissions to all, else anyone would be able to modify your files.

The rest of the fields don't have anything to with file permissions as such. So they shall not be dealt with in this article. Now lets consider the 3rd line in the ' ls ' output.

frwx------ 4 david david 4109 Jan 15 08:12 privatedata.txt

This shows the permissions for a file aptly named ' privatedata.txt '. The name itself suggests that this is some important file that only the owner of the file should be allowed to read, write or execute. Thus no one else (group or others) should be allowed to even view the contents of this file. Thus you can see that the permissions for the file are rwx------

Dividing it into 3 parts you would get ' rwx ' and ' --- ' and ' --- '

The - (hyphen) indicates that the particular property is not existing for that file or directory.

Thus in this case the 2nd and 3rd Part only consist of hyphens thus indicating that neither the Group members nor Others would be allowed to either read, write or execute this file. You on the other hand have all these 3 properties set so that you are free to do anything with the file.

Now consider the 1st line in the ' ls ' output

drwxr-xr-x 4 david david 512 Jan 15 11:31 tutorials

Note that the first character on the line is a ' d ' which indicates that ' tutorials ' is the name of a directory and not a file.

Important : The permissions for directories take on a slightly different meaning than those for files. This is explained in some detail.

Description of r,w,x for Directories
This means that a directory has read permission, so you are allowed to see what files are present within that directory.
This means that you could either add , delete or rename the files that exist within that particular directory.

Execute would allow you to use the directory name when accessing files inside that directory. For example (not really the simplest example), In Article No. 29 I have explained how users could set a directory for their homepage so that other users can come and see their homepage. For this to be possible, suppose the other user types the name of the particular file with the directory name, unless you have the x permissions set for all the directories present in the request , that user would not be able to view the contents of the file he requests. In case you are confused try experimenting with this. If you are single home user, create another user account and try accessing the first users files. Whenever you get an access denied error, remember to check if you have the x permission set for the directory within which the file you are accessing exists.
Sometimes people call the x permission for directories as Enter permission. Indicating whether or not you are allowed to Enter the directory. This is correct to a certain extent.

In our example the ' tutorials ' directory has r and x permissions set for group and world. So basically all the users could view the files that are present within that directory. Since the w permission is missing for group and world, they cannot modify add or delete any of the files within the tutorials directory (unless there is a situation as described in the Note below). You on the other hand as usual are allowed to do as you wish. Doesn't Linux make you feel powerful !!

Now for some technical language. Though I have been calling these r,w and x as permissions, you would generally call them as bits. So don't look surprised when a Group members asks you to set the read bit for a directory. It basically means, set the read permissions for that directory.

Important : As beginners until you are completely familiar with file permissions, remember one important rule. Never give a directory lesser privileges and the files within that directory more privileges. I mean in case you do not set the x bit for a directory and set the w bit for the files within that directory. Though you may expect that since the directory doesn't have the x bit set, users cannot enter the directory and so they wont be able to modify your files. Actually the meaning of the x bit for directories is not so simple to understand. Setting permissions as above would allow anyone to delete all your files in that directory. So always give the equal or lesser privileges to the files within a directory as that to the directory itself. If you don't want the users to have write permissions to your files, remember not to set the w permissions for the files rather than trying to restrict write access using the directory permissions.

Goto Page 2 of this article

Tips For Linux © All Copyrights Reserved