A little break in the exams, so we have some time to discover another topic - which is file permissions on Linux. Let's fully understand how they work.
There are three basic permission types:
- read - modifiy whether or not user can read the content of the file.
- write - modifiy whether or not user can write or modify a file/directory.
- execute - modifiy whether or not user can execute the file or view the content of the directory.
Now we can add these permissions to the three types of people:
- owner - permissions apply only to the owner of the file or a directory.
- group - permissions apply only to the group that has been assigned to the file or a directory.
- others - permissions apply to every other user.
In order to view permissions we're going to use ls -l command. Let's take a look at a few examples.
And a directory.
As you can recon first character identifies, if that's the file (-) or a directory (d). Then we have 3 characters specified for a permissions to an owner, 3 to the group and lastly 3 for all the other users. Presence of permission is presented by a coresspondig letter, lack is shown as a dash.
In order to change permissions, we can use tool called chmod with this syntax chmod PERM FILE. Let's take a look at examples. But firstly, let's think to who are we granting with these permissions? Owner - u, group - g, others - o, or all - a. Are we giving these permissions - +, or revoking - -? And lastly, which permissions?
Execute permission for owner? No problem.
Or write permission for others? Easy task. We can also assing multiple permissions at once just like this:
In order to assign specific set of permissions faster, we can assign them as a numbers - in base 8. Firstly, we'll take a look at how to convert character permission into a numerical type.
Looking at that conversion table, we can notice a pattern - it is possible to write combinations of a permission in a single number - for example 7 will stand for read, write and execute, while number 5 will be only read and execute. Each bit in the binary represents the presence of permision. Now we have to only write this number 3 times, to represent each piece of users - owner, group and others.
|755||rwxr-xr-x||Owner has full access, everyone else can read and execute the file|
|700||rwx------||Only owner has full access|
|644||rw-r--r--||Owner can read and write, everyone else can read|
|600||rw-------||Owner can read and write, otherwise no access|
Now we are able to assign multiple permissions at the same time using chmod. Let's take a look at few examples.
Full access to everyone.
After realizing what a mistake it is, we revoked full access from others. Easy, right? We can also take a look at some useful permissions for directories.
|777||rwxrwxrwx||Everyone is able to list files, create new ones and delete them|
|755||rwxr-xr-x||Owner has full access, while all others can only list the directory|
|700||rwx------||Only owner can do anything, others have no access|
Usually, owner is the one who created the file, but we can change the person using chown command. We can also change the group ownership using chgrp command. Remember that in order to change these, you have to be the superuser.
File permissions are great way to improve security on your system, so it's great to know how they work, and how to apply them. See you in the next one!