The read, write and execute permissions of file's owner, file's group owner and everybody else are specified using 3 characters each. Totaling to 9 characters + 2 additional characters (we'll see later what those are) = 11 characters.
1st character: r : readable
2nd character: w : writable
3rd character: x : executable
Additional characters:
s/t : executable and setuid/setgid/sticky
S/T : setuid/setgid/sticky but not executable
| Owner | Group | World |
|---|---|---|
| rwx | rwx | rwx |
chmod
This command is used to change the file's permissions. This command is used in 2 ways
- using an octal representation
- using symbolic representation
Using octal representation
Since we use only 3 values to denote read, write and execute, it could be easily represented as a octal value between 0 to 7.
Octal Binary FileMode
0 000 ---
1 001 --x
2 010 -w-
3 011 -wx
4 100 r--
5 101 r-x
6 110 rw-
7 111 rwx
Example:
eipe@eipe-system:~/temp$ ls -l
total 4
-rw-r--r-- 1 eipe eipe 6 2010-12-08 18:10 eipe
-rw-r--r-- 1 eipe eipe 0 2010-12-05 15:48 john
eipe@eipe-system:~/temp$ chmod 660 john
eipe@eipe-system:~/temp$ ls -l
total 4
-rw-r--r-- 1 eipe eipe 6 2010-12-08 18:10 eipe
-rw-rw---- 1 eipe eipe 0 2010-12-05 15:48 john
total 4
-rw-r--r-- 1 eipe eipe 6 2010-12-08 18:10 eipe
-rw-r--r-- 1 eipe eipe 0 2010-12-05 15:48 john
eipe@eipe-system:~/temp$ chmod 660 john
eipe@eipe-system:~/temp$ ls -l
total 4
-rw-r--r-- 1 eipe eipe 6 2010-12-08 18:10 eipe
-rw-rw---- 1 eipe eipe 0 2010-12-05 15:48 john
Using symbolic notation
it's divided into 3 parts
<who the change will affect><what operation><what permission>
The notations used are:
< u / g / o / a >< + / - / = >< r / w / x >
u – user/file owner
g – group owner
o – others/public
a – all, includes u,g,o
+ permission needs to be added
- permission needs to be removed
= permission needs to be applied and others removed
eipe@eipe-system:~/temp$ chmod go+rw eipe
eipe@eipe-system:~/temp$ ls -l
total 4
-rw-rw-rw- 1 eipe eipe 6 2010-12-08 18:10 eipe
-rw-rw---- 1 eipe eipe 0 2010-12-05 15:48 john
eipe@eipe-system:~/temp$ chmod u+x,go-rwx eipe
eipe@eipe-system:~/temp$ ls -l
total 4
-rwx------ 1 eipe eipe 6 2010-12-08 18:10 eipe
-rw-rw---- 1 eipe eipe 0 2010-12-05 15:48 john
eipe@eipe-system:~/temp$ ls -l
total 4
-rw-rw-rw- 1 eipe eipe 6 2010-12-08 18:10 eipe
-rw-rw---- 1 eipe eipe 0 2010-12-05 15:48 john
eipe@eipe-system:~/temp$ chmod u+x,go-rwx eipe
eipe@eipe-system:~/temp$ ls -l
total 4
-rwx------ 1 eipe eipe 6 2010-12-08 18:10 eipe
-rw-rw---- 1 eipe eipe 0 2010-12-05 15:48 john
Using GUI
In both Nautilus (GNOME) and Konqueror (KDE), right-clicking a file or directory icon will open a properties dialog.
Meaning of read, write and execute
read Permission
- On Files:
- Allows files to be opened and read.
- On Directories:
- Allows to list the contents within the directory. But it does not show any information other than the filename.
eipe@eipe-system:~$ mkdir privatedir
eipe@eipe-system:~$ chmod o-x privatedir
eipe@eipe-system:~$ cd privatedir/
eipe@eipe-system:~/privatedir$ touch privatefile
eipe@eipe-system:~/privatedir$ mkdir insidepdir
eipe@eipe-system:~/privatedir$ chmod o-x insidepdir
eipe@eipe-system:~$ chmod o-x privatedir
eipe@eipe-system:~$ cd privatedir/
eipe@eipe-system:~/privatedir$ touch privatefile
eipe@eipe-system:~/privatedir$ mkdir insidepdir
eipe@eipe-system:~/privatedir$ chmod o-x insidepdir
Now another user say, Tom logs in,
eipe@eipe-system:~$ su tom
Password:
tom@eipe-system:/home/eipe$ cd privatedir
bash: cd: privatedir: Permission denied
tom@eipe-system:/home/eipe$ ls -l privatedir
ls: cannot access privatedir/insidepdir: Permission denied
ls: cannot access privatedir/privatefile: Permission denied
total 0
d????????? ? ? ? ? ? insidepdir
-????????? ? ? ? ? ? privatefile
tom@eipe-system:/home/eipe/privatedir$ cat privatefile
this is a file
tom@eipe-system:/home/eipe/privatedir$ cat>>privatefile
bash: privatefile: Permission denied
Password:
tom@eipe-system:/home/eipe$ cd privatedir
bash: cd: privatedir: Permission denied
tom@eipe-system:/home/eipe$ ls -l privatedir
ls: cannot access privatedir/insidepdir: Permission denied
ls: cannot access privatedir/privatefile: Permission denied
total 0
d????????? ? ? ? ? ? insidepdir
-????????? ? ? ? ? ? privatefile
tom@eipe-system:/home/eipe/privatedir$ cat privatefile
this is a file
tom@eipe-system:/home/eipe/privatedir$ cat>>privatefile
bash: privatefile: Permission denied
write Permissions
- On Files:
- Allows files to be written/truncated.
- On Directories:
- Allows files to be created/deleted/renamed within the directory.
Example is given at the end.
execute Permissions
- On File:
- Allows files to be executed. This permission must be set for executable binaries (For eg, a compiled C program) or shell scripts (For eg, a Perl program) in order to allow the operating system to run them.
- On Directories:
- Allows the entry into the directory.
Example:
Let's provide execute permission on privatedir
eipe@eipe-system:~$ chmod o+x privatedir
eipe@eipe-system:~$ cd privatedir/
eipe@eipe-system:~/privatedir$ cat>>privatefile
this is a file
^C
eipe@eipe-system:~/privatedir$ cd insidepdir/
eipe@eipe-system:~/privatedir/insidepdir$ cat>insidefile
this is inside^C
eipe@eipe-system:~/privatedir/insidepdir$ cd ..
eipe@eipe-system:~/privatedir$ ls -l
total 8
drwxr-xr-- 2 eipe egroup 4096 2011-02-02 22:09 insidepdir
-rw-r--r-- 1 eipe egroup 15 2011-02-02 21:41 privatefile
eipe@eipe-system:~$ cd privatedir/
eipe@eipe-system:~/privatedir$ cat>>privatefile
this is a file
^C
eipe@eipe-system:~/privatedir$ cd insidepdir/
eipe@eipe-system:~/privatedir/insidepdir$ cat>insidefile
this is inside^C
eipe@eipe-system:~/privatedir/insidepdir$ cd ..
eipe@eipe-system:~/privatedir$ ls -l
total 8
drwxr-xr-- 2 eipe egroup 4096 2011-02-02 22:09 insidepdir
-rw-r--r-- 1 eipe egroup 15 2011-02-02 21:41 privatefile
Now Tom logs in,
tom@eipe-system:/home/eipe$ ls -l privatedir
total 4
drwxr-xr-- 2 eipe egroup 4096 2011-02-02 21:27 insidepdir
-rw-r--r-- 1 eipe egroup 0 2011-02-02 21:27 privatefile
total 4
drwxr-xr-- 2 eipe egroup 4096 2011-02-02 21:27 insidepdir
-rw-r--r-- 1 eipe egroup 0 2011-02-02 21:27 privatefile
this is because privatedir is executable.
Now let's try a search
tom@eipe-system:/home/eipe$ cd privatedir/
tom@eipe-system:/home/eipe/privatedir$ find . -name "insidefile" -type f
tom@eipe-system:/home/eipe/privatedir$ find . -name "insidefile" -type f
No output is displayed. That means the file was not found. This is because to open/see a file within a directory (In this case, privatedir/insidedir/insidefile), the user needs to have execute permission not only in privatedir but also in every direcotry that comes in that path.
eipe@eipe-system:~/privatedir$ chmod o+x insidepdir
tom@eipe-system:/home/eipe/privatedir$ find . -name "insidefile" -type f
./insidepdir/insidefile
tom@eipe-system:/home/eipe/privatedir$ find . -name "insidefile" -type f
./insidepdir/insidefile
Now it works!!!
But still tom cannot do anything in privatedir or in insidedir other than viewing.
tom@eipe-system:/home/eipe/privatedir$ touch otherprivatefile
touch: cannot touch `otherprivatefile': Permission denied
touch: cannot touch `otherprivatefile': Permission denied
For this we need to set the write permissions on the directories.
eipe@eipe-system:~$ chmod o+w privatedir
tom@eipe-system:/home/eipe/privatedir$ touch otherprivatefile
tom@eipe-system:/home/eipe/privatedir$ ls -l
total 8
drwxr-xr-x 2 eipe egroup 4096 2011-02-02 22:09 insidepdir
-rw-r--r-- 1 tom tgroup 0 2011-02-02 22:34 otherprivatefile
-rw-r--r-- 1 eipe egroup 15 2011-02-02 21:41 privatefile
tom@eipe-system:/home/eipe/privatedir$ touch otherprivatefile
tom@eipe-system:/home/eipe/privatedir$ ls -l
total 8
drwxr-xr-x 2 eipe egroup 4096 2011-02-02 22:09 insidepdir
-rw-r--r-- 1 tom tgroup 0 2011-02-02 22:34 otherprivatefile
-rw-r--r-- 1 eipe egroup 15 2011-02-02 21:41 privatefile
Continue here
No comments:
Post a Comment