Linuxtutorial: File permissions in Linux

Working with Linux - First Things First

When you work as root

You have now installed Linux and the first thing you did was login as 'root'. Then you provided a password so that you and ONLY you could login to the system as 'root'. When you decide to work as root, you had better go into a phone booth first and change into a blue suit with a big 'S' on the front because 'root' is known as the 'superuser' (you can skip the red tights if you want).

That's really not meant to be just a witty reference to the Man of Steel. Actually, it is much more glamorous to be 'Superman' but root is actually more like the 'janitor' of the Linux system. Root has the keys to everything. He can shut off the lights, shut off the heat, lock you out of the building; he has to clean up the system and in the end make sure everything runs. And the most important thing about being a janitor - he sees everything.

'root' is not for routine work

As I mentioned, Linux makes your computer a true multi-user system, which means that besides root, you can and should work as another person. I say 'should' because doing routine work as 'root' could be hazardous to your health. When I first started using Linux myself, information was not all that readily available and I still had that 'one computer- one user' concept in my brain. It was after I had trashed all of the files and programs that make Linux run that I realized that working regularly as root wasn't a good idea.

Frequently Used Shell Commands

cd' command

To show the student the basic uses of the 'cd' command The first command you'll use is 'cd'. We talked about this in a previous lesson, so let's review the basics.

'cd' means 'change directory'.

The 'ls' command

To show the student the various variations of the 'ls' command 'ls' is another command that we've discussed a bit before. Let's go into some more detail.

Typing 'ls' will list the contents of a directory with just information about file names.

You can use 'ls a*' to list the names of all the files that begin with the letter 'a' and so on down through the alphabet. Please do not use the cuneiform alphabet unless you're from ancient Mesopotamia.

more' and 'less'

To introduce the student to these commands 'more' is a command that you can use to read, for example, what's written in that 'stuff' file that Tony sent you.

You would type 'more stuff' to see the jokes.

Press the 'q' key to stop viewing the file

Thursday, August 2, 2007

File permissions in Linux

Linux has inherited from UNIX the concept of ownerships and permissions for files. This is basically because it was conceived as a networked system where different people would be using a variety of programs, files, etc. Obviously, there's a need to keep things organized and secure. We don't want an ordinary user using a program that could potentially trash the whole system. There are security and privacy issues here as well. Let's face it, we don't want Bill to read Bob's love letters to the Janet who works in R & D. (because Janet is Bill's fiancée) In the end, it's important to know what belongs to me, to you and to everybody.

As we mentioned at the beginning of this course, the big advantage that Linux has is its multi-user concept- the fact that many different people can use the same computer or that one person can use the same computer to do different jobs. That's where the system of file permissions comes in to help out in what could be a very confusing situation. We're going to explain some basic concepts about who owns the file and who can do what with a file. We won't get into an enormous amount of detail here. We'll save that for the Linux system administration course. We will show you how to understand file permission symbols and how to modify certain files so that they're more secure.
File permission symbols
If you run the command ls -l in your home directory, you will get a list of files that may include something like this

-rw-r--r-- 1 bob users 1892 Jul 10 18:30 linux_course_notes.txt

This basically says, interpreting this from RIGHT to LEFT that the file, linux_course_notes.txt was created at 6:30 PM on July 10 and is 1892 bytes large. It belongs to the group users (i.e, the people who use this computer). It belongs to bob in particular and it is one (1) file. Then come the file permission symbols.

Let's look at what these symbols mean:

* The slash marks - separate the permissions into three types
* The first part refers to the owner's (bob's) permissions.
* The slash mark - before the rw means that this is a normal file that contains any type of data. A directory, for example, would have a d instead of a slash mark.
* The rw that follows means that bob can read and write to (modify) his own file. That's pretty logical. If you own it, you can do what you want with it.
* The second part of the these symbols after the second slash, are the permissions for the group. Linux can establish different types of groups for file access. In a one home computer environment anyone who uses the computer can read this file but cannot write to (modify) it. This is a completely normal situation. You, as a user, may want to take away the rights of others to read your file. We'll cover how to do that later.
* After the two slash marks (two here because there is no write permissions for the group) come the overall user permissions. Anyone who might have access to the computer from inside or outside (in the case of a network) can read this file. Once again, we can take away the possibility of people reading this file if we so choose.

Let's take a look at some other examples. An interesting place to look at different kinds of file permissions is the /bin directory. Here we have the commands that anybody can use on the Linux system. Let's look at the command for gzip, a file compression utility for Linux.

-rwxr-xr-x 1 root root 53468 May 1 1999 gzip

As we see here, there are some differences.

* The program name, date, bytes are all standard. Even though this is obviously different information, the idea is the same as before.
* The changes are in the owner and group. Root owns the file and it is in the group "root". Root is actually the only member of that group.
* The file is an executable (program) so that's why the letter x is among the symbols.
* This file can be executed by everybody: the owner (root), the group (root) and all others that have access to the computer
* As we mentioned, the file is a program, so there is no need for anybody other than root to "write" to the file, so there is no w permissions for it for anybody but root.

If we look at a file in /sbin which are files that only root can use or execute, the permissions would look like this:

-rwxr--r-- 1 root root 1065 Jan 14 1999 cron

'cron' is a program on Linux systems that allows programs to be run automatically at certain times and under certain conditions. As we can see here, only root, the owner of the file, is allowed to use this program. There are no x permissions for the rest of the users.

We hope you enjoyed this little walk-through of file permissions in Linux. Now that we know what we're looking for, we can talk about changing certain permissions.

No comments:

'mv' command for renaming files

Let's go back yet again to Tony's file, 'stuff' again. 'stuff' is not a good name for a file just as 'book' isn't a good name for a book. Just imagine: "The number one bestselling book this week is 'Book' by John Author.

You should probably re-name this file to something meaningful. I would suggest doing something like this:

mv stuff tonys_jokes

The 'mkdir' command

mkdir' is the command for making directories. 'mkdir' may be familiar to MS-DOS users out there. As you have noticed, the people who wrote these programs tried to give them names that described what they do more or less, not as long as 'makemeadirectoryplease' and not too cryptic like 'xr77b'.

Using the 'mkdir' command

To create the directory 'my_friends' that we talked about in the last lesson, you would type:

mkdir my_friends

There are no whistles or buzzers. If you'd like some sort of acknowledgment, you could type

mkdir --verbose my_friends

and it will tell you that you created the directory.

The 'rm' command

cdrom	home	opt	tmp
dev	lib	proc	usr
bin	etc	lost+found		root	var
boot	floppy	mnt	sbin

Linuxtutorial

Working with Linux - First Things First

When you work as root

'root' is not for routine work

The basic directory structure in Linux

The /bin directory

The /etc directory

Frequently Used Shell Commands

cd' command

The 'ls' command

more' and 'less'

Blog Archive

About Me