Informatics1-2018/Lab04
Linux permissions
- Permission groups
- superuser (su), sys admins
- owner, the user who made the file/directory, ex. someone
- group, a subset of users with a distinct name, ex. student
- others, everyone else, public, guest, untrusted unsers
- Types of permissions
- w: Write, can modify
- r: Read, can read
- x: eXecute, run a program, or list a directory
- -: none
It is specified who can do what, ex:
- owner can write, read and execute
- its group can read and execute, but not modify
- others cannot do anything
The superusers (su) can do anything at any time, only a superuser can make an other user super.
These can be expressed with a set of three alpha-numeric charactes:
- u: user, owner
- g: group
- o: others
- a: all of the above
- read: r or 4
- write: w or 2
- execute: x or 1
- none: - or 0
The a is not the same as o, because it is possible that a group does not have a permission, but someone outside of the groups has.
The permissions can be represented with a 10 character string:
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
type | owner | group | others | ||||||
read | write | execute | read | write | execute | read | write | execute |
$ ls -l ~ drwxr-xr-x 8 borbely student 4096 Aug 30 23:24 Desktop drwxr-xr-x 2 borbely student 4096 Mar 27 2012 Downloads drwxr-xr-x 2 borbely student 4096 Oct 20 2009 Drives drwx------ 2 borbely student 4096 Apr 20 10:42 mail drwxr-xr-x 7 borbely student 4096 Sep 6 13:01 public_html $ _
The public_html folder is owned by borbely, its group is student, permissions: drwxr-xr-x
- type: it is a directory
- my permissions rwx means that owner can do anything
- other students' permissions: r-x, they can read but not write
- others: r-x, they can still read but not write
Numerically, you can encode this in 3 digits. The three numbers are (from left to right): owner, group and others. The munbers 4: read, 2: write, 1: execute. They can be added. Example: /home/student/borbely/public_html has permission: 755 meaning
- owner (borbely) 7=4+2+1: read, write, execute
- group (student) 5=4+1: read and execute
- other 5=4+1: read and execute
chmod
You can change the permissions with chmod Examples:
- chmod 700 ~/info_hazi: nobody can see anything, except me (of course superusers still can see it).
- chmod 750 ~/important_work: In this folder one can share data with group members, but not others. Also group can only see it, not modify.
- chmod 754 -R ~/public_html: The -R applies the permissions recursively in the subfolders of the folder, and every file in it.
More info
- man chmod
- manual