Professional Documents
Culture Documents
lePermi
ssi
onsi
nLi
nux/
Uni
xwi
thExampl
e
LinuxisacloneofUNI X,the multi
-useroperatingsystem
whichcanbeacces s
ed
bymanyus erssimultaneously.Li
nuxcanal sobeusedi nmainframesandservers
withoutanymodi fications.Butthisraisessecuri
tyconcernsasanuns ol
ici
ted
or mal
ignuser
can corrupt,changeorremovecruci aldata.Foreffecti
ve
securi
ty,Linuxdividesauthori z
ationinto2l evel
s.
1.Ownership
2.Permis
sion
Ownershi
pofLinuxfiles
Everyfil
eanddirectoryonyourUni
x/Li
nuxs
ystemi
sas
signed3typesofowner,
givenbel
ow.
User
Aus eri
stheownerofthefi le.Bydefaul
t,thepers
onwhocreatedafi
le
becomesitsowner.Hence,auserisal
sosometi
mescall
edanowner.
Group
Other
Now,thebi gquestionariseshowdoes
Linuxdistingui
sh
betweenthesethree
usertypessothataus er'A'cannotaffectafi lewhichcontainss
omeother
user'
B's
'vitalinformation/data.Itisli
keyoudonotwantyourcol league,who
worksonyourLi nuxcomputer,tovi ewyouri mages.Thisis
where
Permissi
ons setin,andtheydefi ne us
erbehavior.
Letusunders
tandthe
Permi
ssi
ons
ystem
onLi
nux.
Us
ingchmodwi
thAbs
olutePermi
ssi
ons
Number OctalPermi
ssi
onRepres
entati
on Ref
4 Readpermi
ssi
on r--
5 Readand
executepermi
ssi
on:4(
read)+1(
execute)=5 r-x
6 Readand
wri
te
permi
ssi
on:4(
read)+2(
wri
te)=6 rw-
7 Al
lpermi
ssi
ons
:4(
read)+2(
wri
te)+1(
execute)=7 rwx
Permi
ssi
ons
Everyfil
eanddirectoryi
nyourUNIX/
Linuxs
ystemhasfol
lowi
ng3permi
ssi
ons
definedforal
lthe3ownersdis
cuss
edabove.
Read:
Thispermi s
s i
ongi veyoutheauthori tytoopenandreadafi le.
Readpermi ssiononadi rectorygi vesyoutheabi l
itytol i
stsitscontent.
Wr ite:
Thewri tepermi ss
iongi vesyoutheauthori tytomodi fythe
contentsofafi l
e.Thewri tepermi s
siononadi rectorygivesyouthe
authori tytoadd,removeandrenamefi lesstoredi nthedi rectory.
Cons ideras cenari owhereyouhavetowri tepermi ssi
ononfi l
ebutdo
nothavewri tepermi s
siononthedi rectorywherethefi l
ei sstored.You
willbeabl etomodi fythefi l
econtents .Butyouwi llnotbeabl eto
rename,moveorremovethefi lefromthedi rectory.
Execute: I
nWi ndows ,anexecutabl eprogramus uallyhasanextens ion
".
exe"andwhi chyoucaneas i
lyrun.I nUni x/Linux,youcannotruna
programunl esstheexecutepermi ssi
oni ss et.Iftheexecutepermi ssion
isnots et,youmi ghts tillbeabl etos ee/modi fytheprogram
code(provi dedread&wri tepermi s
sionsares et),butnotruni t.
l
s-l
ontermi
nalgi
ves
l
s-l
Here,wehavehighl
ighted
'
-rw-rw-r--'
andthi
sweirdlooki
ngcodei stheone
thattell
susaboutthepermi s
sionsgiventotheowner,usergroupandthe
world.
Here,thefi
rst'
-'i
mpl
iesthatwehaves
electedafi
le.
p>
El
se,i
fitwereadi
rectory,
d
woul
dhavebeens
hown.
Thecharactersareprettyeas
ytoremember.
r
=readpermissi
on
w
=writepermission
x
=executepermission
-
=nopermissi
on
Letusl
ookati
tthi
sway.
Thefi
rstpartofthecodei
s '
rw-'
.Thi
ssugges
tsthattheowner'
Home'
can:
Readthefil
e
Writeoreditthefil
e
Hecannotexecutethefi
les
incetheexecutebi
tiss
etto'
-'
.
Bydesign,manyLi
nuxdi
stributi
onsl
ikeFedora,CentOS,Ubuntu,etc.wi
lladd
userstoagroupofthesamegroupnameastheus ername.Thus ,auser'
tom'i
s
addedtoagroupnamed'tom'.
Thes
econdparti
s '
rw-'
.
Itfortheus
ergroup'
Home'
andgroup-memberscan:
Readthefil
e
Writeoreditthefi
le
Thethirdparti
sfortheworl
dwhi
chmeansanyus
er.I
tsays
'
r--'
.
Thi
smeans
theusercanonl
y:
Readthefi
le
Changi
ngfi
le/
directorypermi
ssi
onswi
th'
chmod'
command
Sayyoudonotwantyourcol
leaguetoseeyourpers
onali
mages
.Thi
scanbe
achi
evedbychangi
ngfil
epermissi
ons
.
Wecanus ethe'chmod'
commandwhi chstandsfor'changemode'
.Usingthe
command,wecans etpermi
ssi
ons( read,write,execute)onafil
e/di
rectoryfor
theowner,groupandtheworld.
Syntax:
chmodpermi
ssi
onsfi
lename
Thereare2waystous
ethecommand-
1.Absol
utemode
2.Symbol
icmode
Abs
olute(
Numeri
c)Mode
Inthismode,fi
le
permi
ssi
onsarenotrepres
entedascharactersbutathree-
digi
toctalnumber.
Thetabl
ebel
owgi
vesnumbersforal
lforpermi
ssi
onstypes
.
Number Permis
sion Symbol
Type
0 NoPermi
ssi
on ---
1 Execute --x
2 Wri
te -w-
3 Execute+ -wx
Write
4 Read r--
5 Read+ r-x
Execute
6 Read+Wri
te rw-
7 Read+Wri te rwx
+Execute
Let'
sseethechmodcommandi
nacti
on.
Intheabove-gi
venter
minalwi
ndow,wehavechangedthepermi
ssi
onsofthe
fil
e's
ampleto'764'
.
'
764'
abs
olutecodes
aysthefol
lowi
ng:
Ownercanread,writeandexecute
Usergroupcanreadandwri
te
Worldcanonlyread
Thisisshownas'
-rwxrw-r-
Thisishowyoucanchangethepermi
ssi
onsonfi
lebyas
signi
nganabs
olute
number.
Symbol
icMode
IntheAbsolutemode,youchangepermi
ssi
onsforal l3owners.I
nthes ymbol
ic
mode,youcanmodifypermiss
ionsofaspecificowner.Itmakesuseof
mathematicals
ymbolstomodifythefil
eper mis
sions.
Operator Des
cri
pti
on
+ Addsapermissiontoa
fi
leordirectory
- Removesthepermi
ssi
on
= Setsthepermis
sionand
overri
desthe
permiss
ionss
etearli
er.
Thevari
ousownersarerepres
entedas–
Us
erDenotati
ons
u us
er/
owner
g group
o other
a al
l
Wewi l
lnotbeus
ingpermis
sionsi
nnumbersl
ike755butcharactersl
ikerwx.
Let'
slooki
ntoanexampl
e
Changi
ngOwners
hipandGroup
Forchangi
ngtheowners
hipofafi
le/
directory,youcanus
ethefol
lowi
ng
command:
chownus
er
Incaseyouwanttochangetheus
eraswel
lasgroupforafi
leordi
rectoryus
e
thecommand
chownus
er:
groupfi
lename
Let'
sseethi
sinacti
on
I
ncas
eyouwanttochangegroup-owneronl
y,us
ethecommand
chgrpgroup_namefi
lename
'
chgrp'
standsforchangegroup.