In Red Hat Enterprise Linux, all files have file permissions that
determine whether a user is allowed to read, write, or execute them. When you
issue the command ls -l, the first column
of information contains these file permissions. Within this first column are
places for 10 letters or hyphens. The first space is either a hyphen, the
letter d, or the letter l. A hyphen means it is a file. If it is the letter d, the file is actually a directory. If it is the letter l, it is a symbolic link to a directory somewhere else on the file system.
The next nine spaces are divided into three sets of three. The first set of
three is the read, write, and execute permissions for the owner of the file.
The second set of three is the read, write, and execute permissions for anyone
who belongs to the user group for the file. The last set of permissions is for
anyone who has a login to the system.
As you can probably guess, within each set of permissions, the r
stands for read, the w
stands for write, and the x
stands for execute. If the file is a script or
command, you must have execute permission to run it. You must also have execute
permission to change into a directory. To change file permissions, you must be
the owner of the file or directory or be the root user. The chmod
utility is used to modify file permissions.
The basic syntax is as follows:
chmod [ugoa][+-=]<permissions>
filename
For the first argument, choose one or more of the letters ugoa, where u stands for
the user who owns the file (the first set of permissions), g
stands for everyone in the file’s group (the
second set of permissions), o stands
for other users not in the file’s group (the third set of permissions), and a
stands for all users (all three sets of
permissions). The difference between specifying o and a is that o
changes the third set of permissions for
everyone and a changes the
permissions for all three sets.
The second argument must be one of +, -, or =. If the plus sign (+) is
used, the permissions that follow it are added for the users and groups
provided by the first argument. If the minus sign (-) is used, the permissions that follow are removed for the users
and groups in the first argument. Normally, when the chmod
command is used, the permissions are added to
the existing ones. However, if the equals sign (=) is used, the file will only have the permissions being specified
(the existing permissions are overwritten and not retained).
The last argument is a filename or group of filenames on which to
set the permissions. Multiple filenames can be listed using the *
wildcard character such as *.txt
for all files ending in .txt.
The third argument <permissions> is the list of permissions for the users and groups from the first
argument. The list can consist of one or more of the permissions in the below table.
chmod File Permissions
|
Permission
|
Description
|
|
R
|
Read
|
|
w
|
Write
|
|
x
|
Execute (also gives permission to
change into a directory)
|
|
X
|
Execute only if it is a directory
or has execute permission for some user
|
|
s
|
Set user or group ID on execution
|
|
t
|
Sticky bit
|
|
u
|
Permissions granted to user who
owns the file
|
|
g
|
Permissions granted to users in the
file’s group
|
|
o
|
Permissions granted to the owner of
the group and the users in the file’s group
|
The
first three (r, w, x) are
self-explanatory. Use them to set read, write, and execute permissions.
The s
permission is used on directories to retain the
user or group ID for a file created in the directory. To set the user ID for
any new files created in the directory to the owner of the directory, use the chmod
u+s <directory> command. To set the group ID for any new files
created in the directory to the directory’s group, use the chmod
g+s <directory> command.
The
sticky bit permission for files is no longer used. It was used on older systems
to store executables in memory so they run faster, but with the current virtual
memory system, the sticky bit is no longer needed. If the sticky bit (the t
permission) is set for a directory, the
directory can only be unlinked or renamed by the root user or the owner of the
directory.
If the
sticky bit is not set for a directory, anyone with write permission can delete
or rename the directory. If the sticky bit is set for a directory, the
permissions listing looks similar to the following (notice the t
in the last set of permissions) :
drwxrwxrwt 22 root root
4096 Mar 30 10:57 /tmp
The
last three permissions (u, g, o) are only
used with the = operator to set permissions for the owner, group, others, or
everyone equal to the existing permissions for the owner, group, others, or everyone.
For example, chmod g=u <filename> sets the group permissions to the current permissions for the owner
of the file.
Examples include the following:
. chmod
ug+rw <filename>
Gives the user and group read and write permissions
. chmod -R
g+r *
Gives the group read permissions for all files in the
current directory and any files and directories in the current directory,
recursively
. chmod o-x
<directory>
Does not let users who aren’t the owner or in the group change
into the directory File permissions can also be set graphically using the
Nautilus file browser. From the desktop, click on the Places menu
on the top panel and select Home Folder. Navigate to
the file you want to view or change permissions for, right-click on it, and
select Properties. Click on the Permissions tab to view
the existing permissions or change them.
0 comments:
Post a Comment