User Tools

Site Tools


handbook:handbook:permission

Permissions & Changes GNU/Linux

Permissions and Changes in GNU/Linux will try to be the most brief possible thing and I practice in this subject to leave to the reader a clear answer of which this means, hoping to satisfy your doubt.

What is a Permission?

All files and folders in linux have permissions. In linux we can it grant permissions to three kinds of users. The Owner, the Group and Other(Users), or also restrict access to directories or archives that we do not wish that they accede or they execute other users or groups who we wish.

What Changes it is ?

In linux we can destine of several ways to the user to be able to accede a directory or to execute a file, for that several types of changes are used, for when we need to accede a directory or a file to be able to use it without having to modify permissions, this is a very good option to avoid conflicts with the system and to put our direction or file in bad risk of hand of peculiar.

Console(CLI) GNU/Linux (Command line interface)

Permissions

To understand permissions at this point it is very important to know the meaning of the symbols declared. Without this understanding it is not practicable to modify permissions. Here they are defined in a basic and simple form.

Below we see the number of bits that correspond of the permissions to each privilege.

Privilege  > Binary  > Number(octal)
  rwx      >   111   >   7 
  rw-      >   110   >   6
  r-x      >   101   >   5
  r--      >   100   >   4
  -wx      >   011   >   3
  -w-      >   010   >   2
  --x      >   001   >   1

As we can see the privileges are given on a binary method also be able to add to permissions by means of the numbers octals that show to us that it is one more a way more direct and easy to give to privileges some file or folder.

To the next I will give to the definition of the complete symbol of the permissions and the changes.

u > Owner 
g > Group
o > Others 
a > All users
+ > Agree privileges
- > Remove privileges
d > Folder
r > Read Privilege
w > Write Privilege
x > Execute Privilege

As we can watch or identify a permission?

Ok right, the permissions are in each file or folder that we are creating in diretory by our root “/”, from the root we have permissions for each directory that we wish to accede from our main directories called “File System” to completes folder which we have created in our user (/to home/user).

In these case we will begin with the simple commands.

gin@gin:/home/gin$ ls -l

-rw-r--r-- 1 gin gin 562 Jun 01 20:15 gin.c
 ^^^^^^^^^ ^  ^   ^   ^   ^   ^   ^    ^
 ||||||||| |  |   |   |   |   |   |    |
 ||||||||| |  |   |   |   |   |   |     --- File founded in the folder.
 ||||||||| |  |   |   |   \   |   /
 ||||||||| |  |   |   |        ------------ Mounth Day and Time
 ||||||||| |  |   |    -------------------- Number of bytes stored in the file/folder.
 ||||||||| |  |    ------------------------ Group (Grops that owns)
 ||||||||| |   ---------------------------- Owner (who have created)
 ||||||\|/  ------------------------------- Numer of Files/Folder inside the Folder.
 ||||||  ---------------------------------- Others Permission 
 |||\|/
 |||  ------------------------------------- Group Permission
 \|/
   ---------------------------------------- Owner Permission

The folder's within other's folder's will be identified by a “d” as it shows these example.

gin@gin:/home/gin$ ls -l testfolder

drw-r--r-- 1 gin gin 562 Jun 01 20:15 testfolder
^
|--- Folder

What Chmod it is ?

chmod; will be our application to be able to carry out the permissions, adding or restricting.

- Commands Chmod -
gin@gin:/home/gin$ chmod 777 gintest

I have added all permissions to all users.

There i added permission “777” to the folder “gintest”, so whats the “777”? easy, If we were that “rwx” is I number “7” then I am adding 3 times the same privilege, a serious clear example its.

gin@gin:/home/gin$ chmod   7   7   7    gintest
                          rwx-rwx-rwx
                          ^^^ ^^^ ^^^
                          ||| ||| |||
                          ||| ||| |||
                          ||| ||| \|/
                          ||| \|/   --- Others Privilege
                          \|/   ------- Group Privilege
                            ----------- Owner Privilege
That I mean with this?

That to the folder gintest we added all the privileges to him in the owner, group and user, to be able to accede logically to the folder like owner, and to share it with the group and other users.

Anothers Examples
gin@gin:/home/gin$ chmod +rw gin.c

Adding privileges to Read and Write for owner.

gin@gin:/home/gin$ chmod -rx gin.c

Taking off privileges to Read and Execute.

gin@gin:/home/gin$ chmod +u gin.c

Adding basic privileges(rw) to the owner.

gin@gin:/home/home$ chmod 755 /home/gin/gintest

Agree all privilege to the owner, the group and users its only to read and write.

gin@gin:/home/gin$ chmod 733 /home/gin/gintest

Agree all privilege to the owner, to the group and users privilege write and execute.

I believe that you are already prepared to add permissions and to remove them single lack to put it in pratice. Now will let think to you just a little bit, to have logic of like adding and clearing permissions by means of Numbers and Symbols of Privileges. Now you should know how agree and remove privileges only you need practice with it, combines it and test.


Changes

In linux exist aplicactions to change the owner, group, root or modes, like “chmod”, chmod its one of them but this is used to change privileges. The definition Changes i'll do it more global, so that you can know the diference between each one of them.

I will define each one of the applications to make changes starts off by part, i'll beggin with the most used.

Chown

This aplication is used, as its name indicates it, to change to the owner of the folder or file, this application very is used for when we have changed of user and to use that same application with same privileges with no need to modify them to the new user where you are now.

-Examples-
  • NOTE: Its important do it as root. :)
gin@gin:/home/gin # chown -c geek gin.c
changed owner of «gin.c» to geek

Changing Owner to geek of gin.c file.

gin@gin:/home/gin # chown -H geek gin.c

Its making a symbolic link to a directory, traverse it

gin@gin:/home/gin # chown -R geek gin.c

Operate on files and directories recursively.


Chgrp

Is an application to change of group to the user, or to unite to another user to a same group to be able to if to use the privileges of the group in folders or archives that the user does not have access.

-Examples-
root@gin:/home/gin # chgrp -c geek gin.c
changed group of «gin.c» to geek

Changing group to gin.c file to geek.

root@gin:/home/gin # chgrp -H geek gin.c

Its making a symbolic link to a directory, traverse it

root@gin:/home/gin # chgrp -R geek gin.c

Operate on files and directories recursively.

This command its not to “chgrp” aplication, but its very used to agree to an user to another one group.

root@gin:/home/gin # adduser geek audio

There is have added to the user geek to the group audio.


Chroot

this application not is recommended for novices, neither to experiment, since this application changes diretorio root to another directory that you choose, and would cause serious damages in the system, if it is not that it breaks it completely, this it is very little used, it used to change to your root directory “/” to another hard disk or a directory who you choose within another directory.

¡Warning!

-Example-
root@gin:/home/gin # chroot /dir/newchange

Changing directory to “/” , its really not recommended if you don't know what are you doing.


Umask

Is a function on POSIX environments which sets the default file system mode for newly created files of the current process. The umask value can be interpreted in two way's: note that umasks must always be calculated in octal numbers.

  • as a result of the bitwise exclusive OR operation of the argument and the full access mode 777.
  • as a result of the bitwise AND of the unary complement of the argument (using bitwise NOT) and the full access mode 777.

Umask is a oriented application to carry bits to kernel is to say to give types from permissions to archives or folders towards kernel, is used frequently to give security to the archives, important data bases and folders in a company or school.

Creating File/Folder with Umask, Using;

Strace

Strace is a system call trace, a debugging tool which prints out a trace of all the system calls made by a another process/program. The program to be traced need not be recompiled for this, so you can use it on binaries for which you don't have source.

-Examples-
gin@gin:/home/gin $ umask 022; strace -emkdir mkdir gintest2
mkdir("gintest2", 0777)                 = 0

Creating a Folder. If we put ourselves to analyze the permissions of the single folder we give permissions to accede to the folder.

To comprobe.

gin@gin:/home/gin $ ls -ld gintest2
drwxr-xr-x  2 gin gin 4096 2005-11-14 17:07 gintest2

So this means that we gave minimal permissions to the file, carry to kernel the permissions by umask.

We can make it with a file as well

gin@gin:/home/gin $ umask 022; strace -eopen open gin2.c

And its the same fuction and the same permission to the file jus change, the way of make the file.

Ready!

Well i hope that you have now a clear concept and knowlegde about of Permission and Changes in GNU/Linux. all of these commands was tested in, Debian GNU/Linux. thanks for your time, and still learning. you will be stronger. :)

Jesus Lugo 2005/11/17 10:00

handbook/handbook/permission.txt · Last modified: 2010/04/15 21:18 (external edit)