Saturday, March 17, 2012

Files and Directory permissions in LINUX














 
Every file or folder created on the Linux file system has 3 sets of permissions.
Each set has 3 permissions for a total of 9 permissions.

The 3 permissions are:
r ->   read
w -> write
x ->  execute

Each of these permissions have been assigned numerical values,
r =  4
w = 2
x =  1

To view the rights assigned to a file or folder :
-rw-r--r--    1 root     root             34  Aug  31  11:49  abc
-rw-r--r--    1 root     root         1254  Aug  29  18:48  anaconda-ks.cfg
-rw-------    1 root     root           375  Sep    2  09:50  asiainfotech.vcf
drwxr-xr-x  6 501      501          4096 Sep    6  18:14  DB_File-1.810

The first column indicates the rights assigned to that particular file or folder.

Each set of three permissions (rights) can have a maximum value of rwx i.e.
rwxrwxrwx (777).
The first set of 3 permissions (rwx) is for the user owner, the second set (rwx) is for the group owner and the third set (rwx) is for others.

For eg. take the first file abc. It has the following rights assigned :
-rw-r--r--     root   root   

The first column indicates that the user owner has been granted the rights read (r) & write (w) but not execute (x). the missing permission execute is replaced with a dash (-).
The group owner has been granted only the read (r) permission but no write (w) ad execute (x). the missing permissions have been replaced with dashes (--).
All others have been granted only read (r) permission.

User Owner : The user that creates a file or folder becomes the user owner of that file or folder.

Group Owner : The primary group of that user becomes the group owner.

Others : All other users who do not belong to the primary group of the user owner fall into the others category.

A file will have a dash (-) as the first character of the `ls -l' output.
A directory or folder will have a `d' as the first character.

[ The third column denotes the name of the user owner, the fourth column indicates the name of the group owner, the rest of the fields indicate the size of the file, date & time of creation & the name of the
file ]

Before modifying the rights assigned to files or folders it is important to know what rights are assigned to a file or folder when it is first created.
The rights assigned to a file or folder when it is first created depend upon which user has created that particular file or folder, the root user or an ordinary user. This is because of a parameter called the umask setting whose value differs for the root user and an ordinary user.
The default umask value for the root user is 022 and that for an ordinary user is 002.

When the root user creates a file the umask setting is subtracted from 666,
i.e. 666-022 = 644.
Hence when a root user creates a file the file gets permissions of 644,i.e.
-rw-r--r--.

When the root user creates a folder the umask setting is subtracted from 777,
i.e. 777-022 = 755.
Hence when a root user creates a folder the folder gets permissions of 755,i.e.
drwx-r-xr-x.

When an ordinary user creates a file the umask setting is subtracted from 666,
i.e. 666-002 = 664.
Hence when an ordinary user creates a file the file gets permissions of 664,i.e.
-rw-rw-r--.

When an ordinary user creates a folder the umask setting is subtracted from 777,
i.e. 777-002 = 775.
Hence when an ordinary user creates a folder the folder gets permissions of 775,i.e.
drwx-rwxr-x.

With this background knowledge it now becomes easier for us to manipulate file and folder permissions and user and group ownership.

Take the example of the previous file `abc'.
# ls -l abc
   -rw-r--r--    1 root     root           34 Aug 31 11:49 abc

To give `w' permission to `others' :
# chmod 646 abc
or
# chmod o+w abc

Granting permissions the alphabetical way is relatively easier than assigning rights the numerical way.

To take away the `w' right from others :
# chmod o-w abc

To grant the `x' permission to the user owner, write permission to the group owner and x permission to others :
# chmod u+x,g+w,o+x abc

To assign permissions on folders follow the same procedure with the addition of the -R (recursive) switch which forces permissions to be inherited by the underlying files and folders in the subdirectory structure.

Take the example of the `/evolution' folder :
drwx------    8 root     root         4096 Sep  7 13:07 evolution

# chmod -R o+w /evolution
   drwx---w        root     root         evolution


# chmod -R u-x,g+rx,o+r /evolution
   drw-r-xr--      root     root         evolution

To change user and group ownership :

Consider the file abc

# ls -l  abc
   -rw-r--r--    root   root      abc

[ Here the user owner is ‘root’ and the group owner is ‘root’ ]

Changing user and group ownership using  chown and chgrp commands :

Requirement :
We want to assign the `x' permission to only three users ryan, santosh and shaji. In this scenario we cannot assign the `x' permission to others because that would give all other users the `x' permission.

Solution :
Add the three users ryan, santosh and shaji into a group, for eg. sales.
Change the group ownership of the file abc to sales.

[root@akhisar /]# gpasswd -M ryan, santosh, shaji sales

[root@akhisar /]# chgrp sales abc

[root@akhisar /]# ls -l abc
                        -rw-r--r--    1 root     sales          26 Sep 10 09:19 abc

To change the user ownership of the file abc to user rhea :

[root@akhisar /]# ls -l abc
                        -rw-r--r--    1 root     sales          26 Sep 10 09:19 abc

[root@akhisar /]# chown rhea abc

[root@akhisar /]# ls -l abc
                        -rw-r--r--    1 rhea     sales          26 Sep 10 09:19 abc


To change the user owner and group owner to user `ram' and group `tech' simultaneously.

[root@akhisar /]# chown ram:tech abc

[root@akhisar /]# ls -l abc
                        -rw-r--r--    1 ram      tech           26 Sep 10 09:19 abc

Changing user and group ownership on directories :

Follow the same procedure as shown above with the addition of the -R (recursive) switch. The -R switch will cause the user and group ownership permissions to be inherited by the underlying file and folders in the directory tree.

For eg: To change the group ownership on the folder /data

[root@akhisar /]# chgrp -R sales data

[root@akhisar /]# ls -l
                        drwxr-xrwx    3 root     sales        4096 Aug 29 13:49 data

To change the user ownership on /data to user shaji :
[root@akhisar /]# chown -R shaji /data


[root@akhisar /]# ls -l
                        drwxr-xrwx    3 shaji    sales        4096 Aug 29 13:49 data

To change the user owner and group owner on /data to user santosh and group mktg respectively :

[root@akhisar /]# chown -R santosh:mktg /data

[root@akhisar /]# ls -l
                        drwxr-xrwx    3 santosh  mktg         4096 Aug 29 13:49 data

No comments:

Post a Comment