| 13.6. Permissions | ||
|---|---|---|
 | Chapter 13. The work environment in Linux |  |
| 13.6. Permissions | ||
|---|---|---|
| | Chapter 13. The work environment in Linux | |
Every file and folder in Linux has a set of permissions. To view them you may use the option -l of the ls command. It follows an example of the information shown by this command.
$ ls -l file.txt
-rw-r--r-- 1 teleco teleco 33 2010-06-10 12:05 file.txtThe convention used by the interpreter to show this information is the following (fields in order from left to right):
The first symbol is “-” for regular files and “d” for folders. The remaining 9 symbols are the permissions. “r” for read, “w” for write, “x” for execution, and “-” for the absence of the permission.
A natural number encoding the number of hard links pointing to the file (irrelevant so far).
User name of the owner
Group of the owner
Size in bytes
Date of the last modification
File name
The following figure shows the meaning of each field for the given example.
These permissions are grouped in three categories: user (u), group (g) and others (o). Each category contains permissions for three types of events: read (r), write (w) and execute (x). The permission is a binary value, either you have it or not. In conclusion, each file or folder contains a subset of nine possible permissions. Additionally to the permissions, each file and folder has two names: the name of the user that owns the file, and the name of a group of users to which the owner belongs.
Each user in Linux has assigned a name (the login), and belongs to one or several user groups. The id command shows the user name and the groups which she belongs. Both users and groups are defined with a name and a natural number.
Let us assume that a user with name “uname” wants to execute an operation over a file. If the owner of the file is “uname” then the permissions in the “user” category are selected. If that is not the case, but the file group is one to which the user “uname” belongs, then the second category is used. If this is not the case either, then the permissions in the “other” category are used. Once the category has been selected, the permission is checked to perform the given operation (read, write or execute) and it is either authorized or rejected.
To change the permissions of a file or folder from the command interpreter the chmod command is used (“change mode”). In its simplest version it receives two parameters, a string describing the changes in the permissions and a path to a file or folder where to apply these changes. The string has three fields: one or several of the letters “u”, “g” or “o”, followed by either the “+” or “-” sign, and one or several of the letters “r”, “w” or “x”. The interpretation of this string is that the permission specified by the last group of letters is either added (if “+” is used) or subtracted (if “-” is used) from the categories specified by the first group of letters. For example, to add to a file the execution permission for the owner and the group, the following command is executed:
$ chmod ug+x file.txtAnother way of changing the permissions of a file or folder from the command interpreter using the command chmod is also receiving two parameters: the first one is 3 numbers, each one ranging from 0 to 7, that is transformed to 3 binary bits, matching each bit if it is active or not respectivaly, with reading, writing and execution permissions. The three numbers correspond to user, group and others. For example, for giving all the permissions to the owner but nothing to the rest, the following can be executed:
$ chmod 700 file.txt| |  | |
| 13.5. Other programs |  | 13.7. Summary |