Every file or folder created on the Linux file system has 3 sets of permissions.
Each set has 3 permissions for a total of 9 permissions.
The 3 permissions are:
r -> read
w -> write
x -> execute
Each of these permissions have been assigned numerical values,
r = 4
w = 2
x = 1
To view the rights assigned to a file or folder :
-rw-r--r-- 1 root root 34 Aug 31 11:49 abc
-rw-r--r-- 1 root root 1254 Aug 29 18:48 anaconda-ks.cfg
-rw------- 1 root root 375 Sep 2 09:50 asiainfotech.vcf
drwxr-xr-x 6 501 501 4096 Sep 6 18:14 DB_File-1.810
The first column indicates the rights assigned to that particular file or folder.
Each set of three permissions (rights) can have a maximum value of rwx i.e.
rwxrwxrwx (777).
The first set of 3 permissions (rwx) is for the user owner, the second set (rwx) is for the group owner and the third set (rwx) is for others.
For eg. take the first file abc. It has the following rights assigned :
-rw-r--r-- root root
The
first column indicates that the user owner has been granted the rights
read (r) & write (w) but not execute (x). the missing permission
execute is replaced with a dash (-).
The
group owner has been granted only the read (r) permission but no write
(w) ad execute (x). the missing permissions have been replaced with
dashes (--).
All others have been granted only read (r) permission.
User Owner : The user that creates a file or folder becomes the user owner of that file or folder.
Group Owner : The primary group of that user becomes the group owner.
Others : All other users who do not belong to the primary group of the user owner fall into the others category.
A file will have a dash (-) as the first character of the `ls -l' output.
A directory or folder will have a `d' as the first character.
[
The third column denotes the name of the user owner, the fourth column
indicates the name of the group owner, the rest of the fields indicate
the size of the file, date & time of creation & the name of the
file ]
Before
modifying the rights assigned to files or folders it is important to
know what rights are assigned to a file or folder when it is first
created.
The
rights assigned to a file or folder when it is first created depend
upon which user has created that particular file or folder, the root
user or an ordinary user. This is because of a parameter called the
umask setting whose value differs for the root user and an ordinary
user.
The default umask value for the root user is 022 and that for an ordinary user is 002.
When the root user creates a file the umask setting is subtracted from 666,
i.e. 666-022 = 644.
Hence when a root user creates a file the file gets permissions of 644,i.e.
-rw-r--r--.
When the root user creates a folder the umask setting is subtracted from 777,
i.e. 777-022 = 755.
Hence when a root user creates a folder the folder gets permissions of 755,i.e.
drwx-r-xr-x.
When an ordinary user creates a file the umask setting is subtracted from 666,
i.e. 666-002 = 664.
Hence when an ordinary user creates a file the file gets permissions of 664,i.e.
-rw-rw-r--.
When an ordinary user creates a folder the umask setting is subtracted from 777,
i.e. 777-002 = 775.
Hence when an ordinary user creates a folder the folder gets permissions of 775,i.e.
drwx-rwxr-x.
With
this background knowledge it now becomes easier for us to manipulate
file and folder permissions and user and group ownership.
Take the example of the previous file `abc'.
# ls -l abc
-rw-r--r-- 1 root root 34 Aug 31 11:49 abc
To give `w' permission to `others' :
# chmod 646 abc
or
# chmod o+w abc
Granting permissions the alphabetical way is relatively easier than assigning rights the numerical way.
To take away the `w' right from others :
# chmod o-w abc
To grant the `x' permission to the user owner, write permission to the group owner and x permission to others :
# chmod u+x,g+w,o+x abc
To
assign permissions on folders follow the same procedure with the
addition of the -R (recursive) switch which forces permissions to be
inherited by the underlying files and folders in the subdirectory
structure.
Take the example of the `/evolution' folder :
drwx------ 8 root root 4096 Sep 7 13:07 evolution
# chmod -R o+w /evolution
drwx---w root root evolution
# chmod -R u-x,g+rx,o+r /evolution
drw-r-xr-- root root evolution
To change user and group ownership :
Consider the file abc
# ls -l abc
-rw-r--r-- root root abc
[ Here the user owner is ‘root’ and the group owner is ‘root’ ]
Changing user and group ownership using chown and chgrp commands :
Requirement :
We
want to assign the `x' permission to only three users ryan, santosh and
shaji. In this scenario we cannot assign the `x' permission to others
because that would give all other users the `x' permission.
Solution :
Add the three users ryan, santosh and shaji into a group, for eg. sales.
Change the group ownership of the file abc to sales.
[root@akhisar /]# gpasswd -M ryan, santosh, shaji sales
[root@akhisar /]# chgrp sales abc
[root@akhisar /]# ls -l abc
-rw-r--r-- 1 root sales 26 Sep 10 09:19 abc
To change the user ownership of the file abc to user rhea :
[root@akhisar /]# ls -l abc
-rw-r--r-- 1 root sales 26 Sep 10 09:19 abc
[root@akhisar /]# chown rhea abc
[root@akhisar /]# ls -l abc
-rw-r--r-- 1 rhea sales 26 Sep 10 09:19 abc
To change the user owner and group owner to user `ram' and group `tech' simultaneously.
[root@akhisar /]# chown ram:tech abc
[root@akhisar /]# ls -l abc
-rw-r--r-- 1 ram tech 26 Sep 10 09:19 abc
Changing user and group ownership on directories :
Follow
the same procedure as shown above with the addition of the -R
(recursive) switch. The -R switch will cause the user and group
ownership permissions to be inherited by the underlying file and folders
in the directory tree.
[root@akhisar /]# chgrp -R sales data
[root@akhisar /]# ls -l
drwxr-xrwx 3 root sales 4096 Aug 29 13:49 data
To change the user ownership on /data to user shaji :
[root@akhisar /]# chown -R shaji /data
[root@akhisar /]# ls -l
drwxr-xrwx 3 shaji sales 4096 Aug 29 13:49 data
To change the user owner and group owner on /data to user santosh and group mktg respectively :
[root@akhisar /]# chown -R santosh:mktg /data
[root@akhisar /]# ls -l
drwxr-xrwx 3 santosh mktg 4096 Aug 29 13:49 data
No comments:
Post a Comment