Linux allows for very good security by allowing the owner of a file
to choose who has access to that file and what kind of access they have.
The owner of a file is usually the person who created the file or who has
been set as the owner and can choose the access level of people belonging
to a particular group and others outside that group. A group is simply
a collection of users belonging to the same group users within a group
all share the same access rights as all others in that group. Rather than
giving each and every user independent access rights it is often easier
to simply associate them with a group.
chmod
When you perform a listing using the -l switch you will see all
kinds of letters and - signs before the individual files and directories.
e.g.
-rwxr--r-- 1 root root
1024 Jan 27 09:45 happy
lrwxrwxrwx 1 root root
1024 Feb 13 09:45 myfile3
drwxr-xr-- 1 root root
1024 Feb 18 09:45 logs
What does it all mean?
Well the first 10 letters that look similar to this lrwxrwxrwx contain
the permissions that can be controlled with the chmod command (the
first letter you can't change as you will see for obvious reasons). The
first letter (lrwxrwxrwx) is simply the type of file it is either
a l for a link to another file, d for a directory or - for a file and is
set by the linux operating system you can not manually change this letter
(unless you change the file type of course). Next come the permissions
for the owner (-rwxrwxrwx) followed by the permissions for the group
(-rwxrwxrwx) and permissions for others (-rwxrwxrwx). The
three letters stand for read, write and executable.
If the letter is present then that particular permission is on and
if there is a - in its place it is off. This means the owner of a file
can alter and change the permissions to what ever they like for example
-rwxr--r-- means that the file is readable, writable and executable for
the owner but only readable for everyone else. Another example would be
-rwxr-x--x this would mean that the file is readable, writable and executable
by the owner but only readable and executable for everyone in the group
and only executable to others outside the group. As you can imagine this
ability to give or remove permissions can be very handy and adds to the
security of linux. To change permissions on a file you need to be the owner
and you can do it in two ways
The format for the chmod command is
chmod xyz file
with x representing the permissions for the owner followed by
y
the permissions for the group then z the permissions for all others.
The file is the name of the relevant file being modified.
You can use a variety of methods to set the permissions for your files.
The first is by using octal encoding where by numbers represent
the rwx
letters
Read=4
Write=2
Execute=1
So if you wanted to set up the permission for the file myfile2
to be rwxrw-r-- you will need to add up the numbers for the owner being
rwx (4+2+1=7), the group being rw (4+2=6) and others r (2) so the chmod
command will be
chmod 762 myfile2
Though this may seem confusing at first you will learn it quite easily
with practice and it will prove to be virtually fool proof over time.
You can also add permissions
e.g.
chmod +x file
This will make the file executable to all users.
You can also use the following
chmod go-rwx
This will remove all permissions from the group and other users making
the file only readable, writable or executable by the owner and no one
else.
chmod o+x file
This will add the executable permission to other users only.
You can also apply permissions to directory meaning you can restrict
who can list the directory contents. You can allow them to view files in
the directory but not list the directory contents. This and other permissions
enable the owner of a file or directory to have complete control over its
use enabling more security and privacy.