Untitled Document

Chapter - 6 File Permissions

We have seen the files and directory commands in our previous chapter like cp , mv and rm - which performs some actions on files and directories. Unix has a feature to restrict the access for the unauthorised users or groups to access your files and directories . We will see some directory and file commands which apply permissions to your files and directory.

Listing File Attributes -

In our previous chapters we have seen ls command to display the list of files in your directory .Now lets run the same command with some options to get more detailed results - run command

ls -l ( -l stands for long listings)

when we run the command it gives 7 attributes of the files , lets see the details for each attribute displayed by command.

The command displayed first line as total << please paste the count obtained from command>> which tells us the number of blocks occupied by these files on disk . each block consist of 512 bytes (1024 in Linux).

File Type and Permissions -

First column displays the file types and file permissions on each file . The - at the first indicates that file is an ordinary file for directories it will display d instead of - . Then you see r,w,x, these are permission assign to the files read,write and execute respectively , we can change the file permissions which we will see in our later discussions .

Links -

The second column indicates the number of links associated with the file.This is actually the number of filenmaes maintained by the system of that file.

A link count greaer than one indicates that the files has more than one name . That doesn't mean that there are two copies of files.

Owner -

The third column shows the owner of the files - whenever you create a file automatically you become its owner . The owner can play/tamper the file contents and permissions . This privilege is not available for other users except root user.Similarly if you have the directory owned by you then you can change or delete the files from directory or even entire directory .

Group Owner - 

The fourth column represent the group to which the user belongs . By default unix administrator puts you in some group when your account is created . It is easy to manage permissions on group as users working on same file / directory need to have access to these files .

File Size - 

The fifth column shows file size of the files in bytes i.e the amount of data it contains.The column dispalys the character count of the file and not the disk space consumed by it . The space occupied by file is usually higher than the file size . some times directories shows small size than files because it stores only name of files and i node numbers and not the contents.

Last Modification Time - 

Sixth, Seventh, Eighth coulmn represents the last modification time - The file is said to be modified only if its contents are changed. Chnaging the file permission and group membership does not change its modification time . The file whose last modification time is less than a year - its year won't be dispalyed . but files having last modifcation date is more than a year , for them year will be dispalyed in columns .

File Name -

The last column displays the file name of the file .

Directory Attributes -

In our previous topic we have seen the file attributes with ls -l command , similarly to know the directory attributes we have ls -ld command which displays the directory attributes . The directories are easily identified with first character of file permission column d represent file is a directory , - represent ordinary files , device files are identified by either b or c .

The command will display the directory attributes for these 2 directories

ls -ld my_unix shell_progs
There is no option with ls to get only the list of directories .

File Ownership -  

Whenever you create a file your name is displayed in third column as a owner of file . The fourth column displays your group and your group is the group owner of your file . If you copy a file from a directory to your destination then you will be the owner of the copied file.

Many users are working on same project are assingned to same group and files created by the the group members will have same group owner .However file permissions are set by the file owner and not by group members.

When the system administrator creates a user account , administrator has to assign following permissions

  • The user id (UID) - Both its name and numeric representation
  • The group id (GID) - Both its name and numeric representation

The file /etc/passwd maintains the UID and GID . /etc/group contains the GID .

To know your own GID and UID with out viewing above files , run below Unix/Linux command

id

File Permissions -

The first column of our ls -l command displays the file permissions . Now lets see how the permissions are described in the first column , run the below command as an sample example.

ls -l test.txt

r w x r - x r w -

The first set of rwx describe the permissions to the owner of the file , the second set describe the permissions to the group and third column describes the file permissions to other . Now lets see the the meaning of rwx here . The - (Hypen) shows the absence of permission .

  • r - user has read permission to file
  • w - write permission
  • x - user can execute the file

please copy an example here - and add some details -

chmod : Chnaging File Permissions -

Whenever we create a file , it is created with default permissions which can be determined by the setting called umask ( we will discuss this in our upcoming chsapters). Generally in default setting user (owner) of file has write permission however others and group don't have write permission , however it is different in your case . Lets create a file and see what default permission system assign to file .

    cat > Sample.Perms.txt [enter]
    Hi Mangesh , [enter]
    welcome to the world of UNix/ linux [enter]
    [ctrl-d] will act as end of file 

    ls -lrt sample.txt
    -rw-r--r--    1  mangesh     QA   2015 Aug 25 9:58 sample.txt   

The sample.txt doen't have execute permission .To change the file permission of above created file we have chmod command .The file permission can be change only by the owner or superuser , no other user can change the file attributes .The chmod command can be run in two different mode

  • Absolute Mode
  • Relative Mode

Relative Permissions -

In Relative permission method chmod uses following syntax .

Here are the three components that chmod takes with chmod command -

  • User Category (user,group,others)
  • The operation to be performed ( assign or remove a permission)
  • The type of permission (read , write and execute)

Now lets see an example - we have a file sample.txt and we need to assign execute permission to user on the file

chmod u+x sample.txt - [ + sign indicate to assing the permission , x - execute permission and u - assign permission to user ]

ls -lrt sample.txt

-rwxr--r--     1      mangesh     QA        2015 Aug 25 9:58     sample.txt

To give read permission to all - user, other and group run

chmod ugo+r sample.txt

we even have a shothand notification for this chmod

chmod a+r sample.txt

here a combines user - , group -g and o-other ; one more way to write same command is

chmod +r sample.txt [ by deafult a is implied ]

chmod accepts multiple file names in command line . Below Example gives read permission to user on 3 files.

chmod u+r sample.txt sample1.txt sample2.txt

Permissions can be removed by operator . To remove read permission on file sample.txt from user -

chmod u-r sample.txt

Chmod also accepts multiple expression delimited by commas (,) e.g to remove read permission from group and give execute permission to other -

chmod g-r sample.txt ,chmod o+x sample.txt

More than one permission can be given e.g to give read , write and execute permission to all run -

chmod a+uwx sample.txt

Table descibes abbrivation used by chmod

category Operation Permission
u - User + Assign Permission r -Read Permission
g - Group - Removes Permission w-Write Permission
o - Others = assigns Absolute Permission x - executes permission

Absolute Permissions -

In absolute Permission we use series of three octal numbers (base 8 ) . Octal numbers use the base 8 , and octal digits have the values 0 to 7 . If we represent the permissions of each category by one octal digit , this is how the permissions can be represented -

  • Read Permission - 4 (Octal 100 )
  • Write Permission - 2 (Octal 010)
  • Execute Permission - 1 (Octal 001)

Here is the table that represents the abbrivations -

Binary Octal Permission Significance
000 0 --- No Permissions
001 1 --x Executable Only
010 2 -w- Writable Only
011 3 -wx Writable and Executable
100 4 r-- Readable Only
101 5 r-x Readable and Executable
110 6 rw- Readable and Writable
111 7 rwx Readable , Writable and Executable

We can use this method to give read ,write permission to all the three categories . To start with lets try to give some permissions on files with octal number combinations . To give read and write permission to all ( owner , group and others ) on file sample.txt , here is the command with octal numbers -

chmod 666 sample.txt

Now refer to above table and you will see that octal permissions for write is 2 and for read is 4 so 2+4=6 which is combination for write and read command . To restore the file with its orignal permission , you need to remove the write permission from group and others . So the command will be -

chmod 644 sample.txt

Now you must have got that , if we have to give all the permission to all then we need to use - 7 in all the place i.e

chmod 777 sample.txt [ gives all the permission to all ]

Remeber that a file permission can only be chnaged by the owner of the file . One user can't change the protection modes of the files belonging to another user but yes , system administrator can tamper with all the files irrespective oof their ownership

Can we delete the file with 000 permissions.?? Yes,we can .Can we prevent a file from deletion with permission 777 .?? Yes, we will see in our upcoming chapters , that its a directory that determines whether a file can be deleted , not the file itself.

The Security Implications -

To understand the security reasons behind the file permissions and role played by chmod , consider the file having default permissions .These permissions are fairly safe , only user can edit the file .

-rw-r--r--     1      mangesh     QA        2015 Aug 25 9:58     sample.txt

The file having no permissions --------- can still be deleted by the user of file , to understand why this has happen we need to understand the directory prmissions .

----------    1      mangesh     QA        2015 Aug 11 6:25     test.txt

In our entire discussions we have not yet discussed the directory permissions , directory permissions play very important role in setting file access permissions . No matter what permissions you have given to file , a directory having unsecured permissions can affect your files . we will see the directory permissions in our next topics , we will cover directory permissions in deatil in directory permissions chapter.

Chmod Recursive Permissions (-R) -

We can chnage the file permissions and it sub directories in a single stroke using chmod -R command . e.g If you want to provide execute permissions on all the files and sub -directories , then you can invoke the command. This will make all the files and sub-directories executable to all .

chmod -R 111 scripts [ gives execute permission to all ]

If you want to run chmod on your home directory then cd to it and run the following command

  • chmod -R 755 . ( . will work on hidden files)
  • chmod -R a+x * ( leaves out hidden files )

Note that both commands change the permissions of directories also .

Directory Permissions -

Directories have their own file permissions and the significance of these files differs a great deal from those of directory.No matter how secure permissions you have applied on a file , but if directory has the read , write permissions then the files housing under this directory are influenced by it . It is possible that the file can be tampred , edited and deleted even though th file is read and write protected , in such a case we need to check the directory permissions .

If you find that your files are being tampered even though they are protected , check the directory permissions. we will see directory permissions in detail in our upcoming chapters .

If a directory has write permission for group and others also , be assured that every user can remove every file in the directory . As a rule , you must not mae directories universally writable unless you have definite reason to do so .

chown : Changing File Owner -

The command chown is used in this way .

chown options owner [:group] file (s)

chown transfers ownership of a file to a user , and it seems that it can otionally change the group as well . The command needs the username of the recepient , followed by file name . To change the file ownership we need to login as administrator , so lets run the su command to become superuser .

After becomig the super user you will see # prompt . Now to change the file ownership from user mangep to nikhilm run the following chown command .

chown nikhilm hello.txt

Once the file ownership is given to user nikhilm , user mangep can't chnage the file attributes as file doesnot have the write permissiosn for group and others , also he can't take back the ownership of file . but yes, he can copy the file and can become the owner of file to edit the file and its attributes .

chgrp : Changing File Owner -

By default , the group owner of a file is the group to which the owner belongs.The chgrp command changes the group owner of the files. In linux the user can change the group of the file only to the groups he/ she belongs .let's see by example how the command works -

we will change the group owner of the file hello.txt from testqa to dba

chgrp dba testqa hello.txt

The command will work only if the user belongs to the group dba , if he is not then only admisnistrator can change the group.Note that user mangep can still change the group ownership of file as he is still owner of the file and has right related to it

using chown : to do both -

we cahnge the file ownership and group by chown command . Unix administrator can do that using chown command . The synatx requires the two arguments to be separated by :

chown nikhilm : dba hello.txt

Like chmod , both chown and chgrp use the -R option to perform their operations in a recursive manner.

Untitled Document Scroll To Top Untitled Document