File permissions are an essential component of a Linux system and are used to implement security measures on a Server or Desktop system.
For any file or folder there are three types of access, or permission.
read (from the file)
write (to the file)
execute (run or access the file or folder).
When you do a long file listing (ls –l) of any folder, you will see listed the file permissions for each file.
As you can see from the sample listing, ten ‘characters’ are used to represent the file permission of each file. For all but the first position, there are five possible characters
r, representing the read permission
w, representing the write permission
x, representing the execute permission
s, which is only found in the execute field (read on) and is used to set the ‘user id’, which gives them access to system resources
-, meaning no permission granted.
Each of the ten characters and its left-to-right sequence has a meaning see below.
The ten character permissions are divided into four groups:
File type
a.
d represents a directory (or folder)
b.
- represents an ordinary file
c.
s represents a socket used in network communication
d.
p represents a pipe used in processor threads
e.
c and b represent characters and blocks for device-based data buffers. It is rare that you see any of these, so while it is not critical that you commit these to your long-term memory, it is important that you are able to ‘look these up’ in the future.
User permissions define how the owner (anton in the example above) may access, manage or use the file.
Other user permissions define how the rest of the world may access, manage or use the file.
So in the image above
As an example, Table 11 lists permissions and the resulting access.
Linux file permissions examples
Permission
|
Access
|
-r--r-----
|
The user and the given group only have read access to the file
|
drwx------
|
The directory is available (to read, write or enter) for the user only
|
----rwxr--
|
Members of a group have full access to the file; other users have read access
|
----r-----
|
Only group members can read this file
|
To change permissions for any file, directory or collection of files (or folders) in Linux, you must use the change mode (chmod) command.
The command has the format
chmod who=/-/+permissions filename
where ‘who’ is …
u, the user who owns the file
g, the group the file is a member of
o, all other users
a, all of the above (a is an abbreviation for ugo).
With the symbols =, - and + you can equate (also known as assign), remove or add permissions. Permissions are r, w and x, a combination of all three, or none.
The chmod command can also assign the file permissions using octal values (octal is a number system from 0 to 7).
Octal values for permissions
Permission | r | w | x |
|
|
binary ‘values’ | 4 | 2 | 1 | octal value | resulting file permission |
| 0 | 0 | 0 | 0 | --- |
| 0 | 0 | 1 | 1 | --x |
| 0 | 1 | 0 | 2 | -w- |
| 0 | 1 | 1 | 3 | -wx |
| 1 | 0 | 0 | 4 | r-- |
| 1 | 0 | 1 | 5 | r-x |
| 1 | 1 | 0 | 6 | rw- |
| 1 | 1 | 1 | 7 | rwx |
If you wanted to set the permissions of a file called
testfile.sh to rwxr--r--, you would use
chmod 744 testfile.sh
which is the same as the following
chmod a=r,u=wx testfile.sh
The user executing the chmod command must be the owner of the file or
root.
If the user is root, then they can change any file even if the
permission is set to 000 or ---------.
One especially dangerous
option to chmod is –R which will recursively change all the permissions
for a given folder and all files and folders below it.
So avoid that one unless absolutely necessary.
Labels: Centos 6, RHEL set file permissions