Understanding File Permissions in Linux: Owner, Group, and Other, Exercises of Linux skills

The concept of file permissions in linux operating systems, focusing on the owner, group, and other classes of users. It covers the meaning of read (r), write (w), and execute (x) permissions for files and directories, and demonstrates how to change file permissions using the chmod command in symbolic and octal notation.

Typology: Exercises

2011/2012

Uploaded on 07/16/2012

sandeepa
sandeepa 🇮🇳

4.5

(2)

36 documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Figure 1: Permissions
You have already seen that using ls -l you can get a long
listing of the files in the current directory. You home directory
should currently contain at least the file myTimetable.txt and
the directory Admin. The directory Admin should contain a file
myBooks.txt. Executing the commands
ls -l
ls -l Admin
should result in output resembling that shown in Figure 1
(remember: l is the letter `, not the number 1’).
As you can see the output of ls -l consists of several columns with the right-most column
obviously containing the names of files and directories. The third column from the left, the one
containing ullrich in Figure 1, indicates the owner. For your own files, the corresponding column
should show your used id. The fourth column from the left, the one containing csc in Figure 1,
indicates the group. Again, the group shown for your files will be different. The left-most column, a
rather cryptic looking string of characters and dashes, shows the permissions (alternatively called
acccess rights) for each of the files and directories.
All modern operating systems use access control lists to control who can do what with a
particular file system object. To this end, each file system object is associated with such an access
control list that contains access control entries each of which gives an individual user or group the
right to perform an operation such as reading, writing, or executing the file system object.
Linux, like any traditional UNIX operating system, recognises three classes of users with respect
to operations on files: owner,group, and other. Operations are categorised as read (r), write (w),
and execute (x). Finally, the file system distinguishes, amongst others, between files and directories.
Having read (r), write (w), and execute (x) permission takes slightly different meaning for files
and directories:
Permission For a file For a directory
read (r) allowed to view file contents allowed to view directory contents
write (w) allowed to write to file allowed to remove or add new files to directory
execute (x) allowed to execute file allowed to access files in the directory
Some clarification is in order regarding permissions for directories:
To remove or add a file to a directory, or to otherwise modify an already existing file in
a directory, you actually need both write (r) and execute/access (x) permission for the
directory.
1
docsity.com
pf3
pf4
pf5

Partial preview of the text

Download Understanding File Permissions in Linux: Owner, Group, and Other and more Exercises Linux skills in PDF only on Docsity!

Figure 1: Permissions

You have already seen that using ls -l you can get a ‘long listing’ of the files in the current directory. You home directory should currently contain at least the file myTimetable.txt and the directory Admin. The directory Admin should contain a file myBooks.txt. Executing the commands

ls -l ls -l Admin

should result in output resembling that shown in Figure 1 (remember: ‘l’ is the letter `, not the number ‘ 1 ’). As you can see the output of ls -l consists of several columns with the right-most column obviously containing the names of files and directories. The third column from the left, the one containing ullrich in Figure 1, indicates the owner. For your own files, the corresponding column should show your used id. The fourth column from the left, the one containing csc in Figure 1, indicates the group. Again, the group shown for your files will be different. The left-most column, a rather cryptic looking string of characters and dashes, shows the permissions (alternatively called acccess rights) for each of the files and directories. All modern operating systems use access control lists to control who can do what with a particular file system object. To this end, each file system object is associated with such an access control list that contains access control entries each of which gives an individual user or group the right to perform an operation such as reading, writing, or executing the file system object. Linux, like any traditional UNIX operating system, recognises three classes of users with respect to operations on files: owner, group, and other. Operations are categorised as read (r), write (w), and execute (x). Finally, the file system distinguishes, amongst others, between files and directories. Having read (r), write (w), and execute (x) permission takes slightly different meaning for files and directories:

Permission For a file For a directory read (r) allowed to view file contents allowed to view directory contents write (w) allowed to write to file allowed to remove or add new files to directory execute (x) allowed to execute file allowed to access files in the directory

Some clarification is in order regarding permissions for directories:

  • To remove or add a file to a directory, or to otherwise modify an already existing file in a directory, you actually need both write (r) and execute/access (x) permission for the directory.
  • Similarly, while read (r) permission for a directory, without execute (x) permission, does indeed allow you to see what files are in a directory, you will get an error message for each file telling you that you do not have access permission for the file. In addition, you will not be able to see any additional information for these files, e.g. their owners or the permissions for these files.

So, what does the information shown in Figure 1, and repeated below, tell us about permissions for the files and directories involved?

drwx--x--x. Admin -rw-r--r--. myTimetable.txt -rwx------. myBooks.txt

  • The first character indicates the type of the file: ‘d’ stands for ’directory’, ‘-’ for ‘regular file’, ‘l’ for link, etc. So, Admin is a directory, while myTimetable.txt and myBooks.txt are regular files.
  • The next block of three characters indicates the permissions that the owner of the files has. So, ‘rwx’ for Admin and myBooks.txt means that the owner has read, write and execute permission. Remember, since Admin is a directory while myBooks.txt is a regular file, these permissions have a slightly different meaning for each of these. For myTimetable.txt, ‘rw-’ indicates that we have read and write permission, but not execute permission.
  • The next block of three characters indicates the permissions for members of the group. For Admin, the three characters are ‘--x’, so the group csc has execute permission for this directory and only execute permission. For myTimetable.txt, the three characters are ‘r--’, so the group csc has read permission. Finally, for myBooks.txt, the three characters are ‘---’, so the group csc has no rights with respect to this file.
  • The next block of three characters indicates the permissions for other users. As it happens, for the three file system objects considered here, as the third block of three characters is identical to the second block of three characters, other users have the same permissions as the group csc.

2 Changing File Permissions

2.1 Symbolic Notation for File Permissions

To change the permissions for file system objects you use the chmod command. In is simplest form, chmod takes two arguments:

  1. A description of the permissions that you want to set or a description of how you want to change the existing permissions. This description can be given in symbolic notation or numeric notation. (a) In symbolic notation, you need to specify for which user or group of users you want to change the permissions, how you want to change them, and which permissions you want to change:

2

will create a new file called newFile.txt in the directory Admin. Execute this command and use

ls -l Admin

to see what the permissions for newFile.txt are (see Figure 4).

Figure 4: chmod (3)

As you can see, the file is readable and writable by the owner, i.e. yourself, but by nobody else. If you were to create a new file under Windows, then by default the executable permission would also be set for the owner of the file. Give it a try. So far we haven’t seen an example of an executable file. Let us create one.

Figure 5: Shell script

Using your favourite editor, e.g. gedit, create a new file in your home directory, called myFirstShellScript, with the following content (also see Figure 5):

#!/bin/sh

echo "Hello World!"

Here, the first line indicates what interpreter should be used to execute the rest of the file, namely, the file /bin/sh, the system’s default shell. That will be the GNU Bourne-Again SHell or bash for short. Check with ls -l what the permissions are for myFirstShellScript once you have saved it. Not surprisingly, it is readable and writable by the owner, but nothing else. Try to execute the file by using the command

./myFirstShellScript

in the same directory where this file is stored. You should get an error message telling you that you do not have permission to execute the file. This is correct as so far nobody has execute permission for this file.

Figure 6: Executing files

Let us change that using the command

chmod u+x myFirstShellScript

Then try to execute myFirstShellScript again. This time you will succeed and the script will produce the output

Hello World!

See Figure 6. Now that you know how to change the permissions of a file sys- tem object, you can check whether what has been said on page 1 about permissions for directories is true. Do the following:

  1. Change the permissions for directory Admin to ‘r--------’, i.e. read permission for the owner only, no other permissions for the owner, no permissions for group or other. Then use ls -l Admin to see whether you can still obtain a long listing of the contents of the Admin directory.
  1. Now give yourself execute permission for Admin in addition to read permission, i.e. set the permissions to ‘r-x------’. Use ls -l Admin again to see what the long listing of the contents of the Admin directory looks like.
  2. Next, see whether write permission alone allows you to create a file in the the directory Admin. To do so, execute the commands

chmod u=w Admin touch Admin/testFile

The system should deny you the permission to create testFile.

  1. Adding execute permission to the directory should solve this problem:

chmod u+x Admin touch Admin/testFile

This time creating the file testFile should succeed.

2.2 Octal Notation for File Permissions

chmod also allows to change permissions using a numeric notation. For example

chmod 640 myTimetable.txt

will give the owner of myTimetable.txt read and write permission, the group read permission, and others no permissions. In numeric notation, permissions are given by three digits: The first digit is for owner/user permissions, the second digit for group permissions, and the third digit for the permissions of others. Each digit is the sum of one or more of the following values:

4 set read permission 2 set write permission 1 set execute permission

In our example above, the first digit was 6 , the sum of 4 and 2. Thus, we were instructing chmod to set read and write permission for the owner. The second digit was 4 , so the group was given read permission. Finally, the third digit was 0 , meaning other users have no permissions with respect to the file. Execute the command chmod 640 myTimetable.txt and check whether the permissions change as described above. Then, using numeric notation for permissions, set the permissions for the file myTimetable.txt back to ‘rw-------’.