File Permissions in Unix
Every user on a Unix system has a
unique username, and is a member of at least one group. This group
information is held in the password file (/etc/passwd). A user can
also be a member of one or more other groups. The auxiliary group
information is held in the file /etc/group. Only the administrator
can create new groups or add/delete group members.
Every directory and file on the system
has an owner, and also an associated group. It also has a set of
permission flags which specify separate read(r), write(w) and
execute(x) permissions for the 'user' (owner), 'group', and 'other'
(everyone else with an account on the computer) The 'ls -l' command
can be used to view the permissions and group associated with files
in current directory.
An example of the output produced by ls
-l is shown below.
drwxr-xr-x 2
teacher staff 4096 Nov 21 15:05 Desktop
drwxr-xr-x 2
teacher staff 4096 Nov 12 10:32 Documents
drwxr-xr-x 2
teacher staff 4096 Nov 21 15:44 Downloads
drwxr-xr-x 2
teacher staff 4096 Nov 12 10:32 Music
-rw-r--r-- 1
teacher staff 406558 Nov 21 10:23 NPrecord.odt
drwxr-xr-x 2
teacher staff 4096 Nov 22 11:14 Unix Programming
Each line in the output has the
following fields
Field 1: a set
of ten permission flags.
Field 2: link
count (don't worry about this)
Field 3: owner
of the file
Field 4:
associated group for the file
Field 5: size in
bytes
Field 6-8: date
and time of last modification
Field 9: name of
file
The permission flags are interpreted as
follows
Position Meaning
1 directory flag, 'd' if a directory, '-' if a normal file,
something else occasionally may appear here for special devices.
2,3,4 read, write, execute permission for User (Owner) of file
5,6,7 read, write, execute permission for Group
8,9,10 read, write, execute permission for Other
Given below is the interpretation for the symbols used in permission
flag
Value Meaning
- in any position means that flag is not set
r file is readable
w file is writable. On a directory, means you can add or delete
files
x file is executable. On a directory, means you can list the files
in that directory
So if we interpret the very first line
of the output given above, we can understand that: Desktop is a
directory owned by teacher, who belongs to the group staff,
the size of the folder is 4096 bytes and was modified on Nov
21 15:05 hours. The permissions for owner is read, write and
execute while the other members of the group staff has
permissions only for reading and executing(i.e. no write permissions)
and users who doesn't belong to the group also has permissions for
reading and executing.
syntax: chmod {a,u,g,o} {+,-} {r,w,x} files
Value Meaning
a all users
u the owner
g the owner group
o others (neither u, nor g)
+ give permission
- remove permission
e.g. chmod g+rw files give the group read and write permission
Numbers can also be used to set the permissions
The number equivalents of r, w, x are:
r w x
OWNER(USER) 400 200 100
GROUP 40 20 10
PUBLIC 4 2 1
e.g. (i) 700 means read write and execute permissions for owner(400 + 200 + 100) and no permissions for group(0) and others(0).
(ii) 666 means r and w for owner, group and others
The real stuff behind this is that the permissions for each are defined using 3 bits, with 9 bits defining the whole permission. where the last bit specifying an execute permission, the middle bit specifing write permission and the last bit read permission so a binary 100(octal 4) means r for owner and 111(octal 7). represents rwx for owner.
Setting permissions
chmod command can be used to change the permissions of a file.syntax: chmod {a,u,g,o} {+,-} {r,w,x} files
Value Meaning
a all users
u the owner
g the owner group
o others (neither u, nor g)
+ give permission
- remove permission
e.g. chmod g+rw files give the group read and write permission
Numbers can also be used to set the permissions
The number equivalents of r, w, x are:
r w x
OWNER(USER) 400 200 100
GROUP 40 20 10
PUBLIC 4 2 1
e.g. (i) 700 means read write and execute permissions for owner(400 + 200 + 100) and no permissions for group(0) and others(0).
(ii) 666 means r and w for owner, group and others
The real stuff behind this is that the permissions for each are defined using 3 bits, with 9 bits defining the whole permission. where the last bit specifying an execute permission, the middle bit specifing write permission and the last bit read permission so a binary 100(octal 4) means r for owner and 111(octal 7). represents rwx for owner.
No comments:
Post a Comment