Thursday, May 3, 2012

File Ownership And Permissions in Linux

We’ll never tire of telling you that many of the advantages of Linux are a result of its springing from a strong multi-user operating system. In a multi-user system, it is important to ensure that the files of one user cannot be accessed by another user unless the latter is permitted to access those files. This gives the idea of file ownership. The user who creates a file is, by default, the owner of that file. He can do whatever he wishes to do to his file, such as editing and deleting. A user group can also own a file, if a member of the group has created the file. The user group will have the same permissions as that of the file creator. This is an important feature, because there can be instances where a group of users are working on a project and files created by
one user have to be accessible and editable by others in the group.

Besides the owner of the file and his user group, other users can be granted privileges that will enable them to work on the files created by the owner.

There are three basic file permissions in Linux: Read Permission, Write Permission and Execute Permission. The read and write permissions behave slightly different on a file and on a directory.
The read permission on a file enables any user who is granted this permission to open and view the contents of the file, but not make changes to it. On a directory, however, only the contents of the directory the file listing can be viewed. A file contained in the directory cannot be opened unless a read permission is given to that file.

On a file, the write permission allows to you write into the file,that is, make changes to the file. But on a directory, this permission enables you to add, remove or rename files in the directory. Hence, a write permission on a file will allow you to make changes to the file, but deleting the file or renaming it can be done only if the directory allows you to do that.

 The execute permission, in case of a regular file, means you can
execute the file as a program or a shell script. However, on a directory, the execute permission allows you to access files in the directory and enter it. Though the execute bit lets you enter the directory to add a file, you are not allowed to list its contents, unless you also have the read permissions to that directory.

With a combination of these permission, selective access can be granted to users such that their actions are strictly controlled.

Viewing File Permissions:

In the command mode, just type in   “ls -l”  , and you can see the permissions along with other details of the file. In the listing that follows, you will see a set of seemingly random letters that precede the file owner. From the first 10 characters that appear at the start of the line, it is possible to see the ownership and permissions of the file. The first character indicates if it is a directory or file:   “d”  means
directory, and   “-”  means file. The next three letters denote the permission that the owner has.

An   “r”  in the second character means read permission
A   “w”  in the third character means write permission
An   “x”  in the fourth character means execute permission
A   “-”   means the corresponding permission does not exist.

Changing Permissions At Command Prompt:

This is accomplished by using the   “chmod”  command. The chmod is followed by a three-digit number used to indicate the permissions required. The first digit indicates the owner’s permission, the second digit the user group’s permission and the third is for all others.
The number coding is as follows:
7: full
6: read and write
5: read and execute
4: read only
3: write and execute
2: write only
1: execute only
0: none

Hence, the command   “chmod 777 filename”  will give full access to everybody to the file named   “filename” “chmod 600 rahul.doc”  will give only the owner of the file   “rahul.doc”  the permission to view and edit the file. No one else will have any rights to it.



Post a Comment