14.2. File Permissions

Use ls -l to see the permissions of files (list-long). They will appear like this, note that I have added spaces between permissions to make it easier to read:

Where: r = read, w = write, x = execute

  -  rwx   rw-   r--  1 (1) newuser newuser
type(2)owner(3)group(4)others(5)
(1)
This number is the number of hard links (pointers) to this file. You can use ln to create another hard-link to the file.
(2)
This is the type of file. '-' means a regular file, 'd' would mean a directory, 'l' would mean a link. There are also other types such as 'c' for character device and 'b' for block device (found in the /dev/ directory).
(3)
These are the permissions for the owner of the file (the user who created the file).
(4)
These are the permissions for the group, any users who belong is the same group as the user who created the file will have these permissions.
(5)
These are the permissions for everyone else. Any user who is outside the group will have these permissions to the file.

The two names at the end are the username and group respectively.

chmod

Change file access permissions for a file(s).

There are two methods to change permissions using chmod; letters or numbers.

Letters Method:

use a + or - (plus or minus sign) to add or remove permissions for a file respectively. Use an equals sign =, to specify new permissions and remove the old ones for the particular type of user(s).

You can use chmod letter where the letters are:

a (all (everyone)), u (user), g (group) and o (other).

Examples:

chmod u+rw somefile

This would give the user read and write permission.

chmod o-rwx somefile

This will remove read/write/execute permissions from other users (doesn't include users within your group).

chmod a+r somefile

This will give everyone read permission for the file.

chmod a=rx somefile

This would give everyone execute and read permission to the file, if anyone had write permission it would be removed.

Numbers Method:

you can also use numbers (instead of letters) to change file permissions. Where:

r (read) = 4 w (write) = 2 x (execute) = 1

Numbers can be added together so you can specify read/write/execute permissions; read+write = 6, read+execute = 5, read+write+execute = 7

Examples:

chmod 777 somefile

This would give everyone read/write/execute permission on “this_file”. The first number is user, second is group and third is everyone else (other).

chmod 521 somefile

This would give the user read and execute permission, and the group write permission (but not read permission!) and everyone else execute permission. (Note that it's just an example, settings like that don't really make sense...).

chown

Changes the ownership rights of a file (hence the name 'chown' - change owner). This program can only be used by root.

Use the -R option to change things recursively, in other words, all matching files including those in subdirectories.

Command syntax:

chown owner:group the_file_name
sticky bit

Only the person who created the file within a directory may delete it, even if other people have write permission. You can turn it on by typing:

chmod 1700 somedirectory (where 1 = sticky bit)

or (where t represents the sticky bit)

chmod +t somedirectory

To turn it off you would need to type:

chmod 0700 somefile (where the zero would mean no sticky bit)

or (where t represents the sticky bit)

chmod -t somefile

Note that the permissions aren't relevant in the numbers example, only the first number (1 = on, 0 = off).

An example of a sticky directory is usually /tmp

suid

Allow SUID/SGID (switch user ID/switch group ID) access. You would normally use chmod to turn this on or off for a particular file, suid is generally considered a security hazard so be careful when using this.

Example:

chmod u+s file_name

This will give everyone permission to execute the file with the permissions of the user who set the +s switch.

CautionSecurity Hazard
 

This is obviously a security hazard. You should avoid using the suid flag unless necessary.

chattr

Change file system attributes (works on ext2fs and possibly others...). Use the -R option to change files recursively, chattr has a large number of attributes which can be set on a file, read the manual page for further information.

Example:

chattr +i /sbin/lilo.conf[1]

This sets the 'immutable' flag on a file. Use a '+' to add attributes and a '-' to take them away. The +i will prevent any changes (accidental or otherwise) to the “lilo.conf” file. If you wish to modify the lilo.conf file you will need to unset the immutable flag: chattr -i. Note some flags can only be used by root; -i, -a and probably many others.

Note there are many different attributes that chattr can change, here are a few more which may be useful:

  • A (no Access time) --- if a file or directory has this attribute set, whenever it is accessed, either for reading of for writing, it's last access time will not be updated. This can be useful, for example, on files or directories which are very often accessed for reading, especially since this parameter is the only one which changes on an inode when it's opened.

  • a (append only) --- if a file has this attribute set and is open for writing, the only operation possible will be to append data to it's previous contents. For a directory, this means that you can only add files to it, but not rename or delete any existing file. Only root can set or clear this attribute.

  • s (secure deletion) --- when such a file or directory with this attribute set is deleted, the blocks it was occupying on disk are written back with zeroes (similar to using shred). Note that this does work on the ext2, and ext3 filesystems but is unlikely to work on others (please see the documentation for the filesystem you are using). You may also like to see shred, please see Chapter 7

lsattr

(list attributes). This will list if whether a file has any special attributes (as set by chattr). Use the -R option to list recursively and try using the -d option to list directories like other files rather than listing their contents.

Command syntax:

lsattr

This will list files in the current directory, you may also like to specify a directory or a file:

lsattr /directory/or/file

Notes

[1]

This example and tiny parts of the explanation have been taken from the Linux Online Classroom, see [4] in the Bibliography for further information.

mirror server hosted at Truenetwork, Russian Federation.