Tuesday, 8 May 2012

File Permissions in Linux


              In LINUX Each file belongs to a user and to a user group, For restricting file access Linux defines three different types of rights,

Read(r)      - file can be read
Write(w)    - content of the file can be changed
Execute(x) - file can be executed

Each of these rights are defined for three sets of users,

user(u)     - the owner of the file
group(g)   - the users who are members of the group
others(o)  - neither members of the group nor the owner

Example

ls -l testfile
-rw-r--r--. 1 annie team1 0 May  4 16:03 testfile

name           : testfile
permissions : -rw-r--r--
owner          : annie
group          : team1
other           : 0

The first character of permissions indicates,

Character   Type of file

   -           regular file
   d          directory
   l           symbolic link
   s          socket
   p          named pipe
   c          character device file (unbuffered)
   b          blocked device file (buffered)

Letter Permission

  r          Read
  w         Write
  x          Execute
  -          No permission

Letter Type of users

  u         User
  g         Group
  o         Other
  a         All (everybody)

Permission Value

  -                 0
  x                 1
  w                 2
  r                  4

Permission Value

    ---            0
    --x            1
    -w-            2
    -wx           3
    r--             4
    r-x            5
    rw-            6
    rwx           7

Changing the access mod of a file

Example

chmod 752 testfile
or
chmod u=rwx,g=rx,o=w test

chmod u+x testfile   -user execute permission
chmod +x testfile    -everyone execute permission
chmod ugo+x testfile -everyone execute permission

Changing file owner or group

Example

chown glen testfile
chgrp admin testfile
or
chown glen:admon testfile

Special permissions for executables

Setting the sticky bit on a directory

If you have a look at the /tmp permissions,

drwxrwxrwt   10 root root  4096 2006-03-10 12:40 tmp

t is called the sticky bit and indicates that in this directory, files can only be deleted by their owners, the owner of the directory or the root superuser. it is not enough for a user to have write permission on /tmp, he also needs to be the owner of the file to be able to delete it.

In order to set or to remove the sticky bit,

chmod +t tmp
chmod -t tmp

SGID attribute on a directory

chmod g+s directory
chmod g-s directory


Setting SUID and SGID attributes on executable files 

chmod g+s myscript.sh
chmod g-s myscript.sh

chmod u+s myscript.sh
chmod u-s myscript.sh

Setting the default file creation permissions

The default umask value is usually 022.

umask 022

By default umask is 000, files get mode 666 and directories get mode 777. As a result, with a default umask value of 022, newly created files get a default mode 644 (666 - 022 = 644) and directories get a default mode 755 (777 - 022 = 755).

No comments:

Post a comment