linux permissions

perth · 04-06-2002, 11:16 AM

can anyone point me towards a good newbie-type tutorial on permissions in linux? ive looked at a few, but i cant seem to get my brain around the concept.

thanks!
~james

datalas · 04-06-2002, 11:48 AM

It's not all that complicated.

There are three different sets of permissions that apply to EVERY file.

The User (u)
The Group (g)
Other (o)

The user refers to the files "owner" that is usually the person that created it.

The group refers to the groups that the user is in, usually in a group by themselves.

Other refers to everyone else.

To get a view of this (in most linux distros) type "ls -rtlh" which should produce soemthign meaningless like this....

-rw-r--r-- 1 datalas 1013 8.7k Jun 20 2001 cv.html
-rw-rwr-- 1 datalas 1013 2.9k Oct 20 15:24 html.txt
xrwr----- 2 datalas 1013 2.3M June 1 13:21 soffice

the first set of letters is the "permissions" that you are tryint to fathom out, the next number ignore. then comes the "owner" (in this case "datalas", followed by its "group" (mainly 1013) and then creation times, followed finally by the filename. (or directory)

Taking the "cv.html" file as an example.

It's privilidges are as follows.

it Owner (datalas) (the first three digits) has "read" and "write" permissions, therefore he (I) can read and write to that file.

However, anyone else in group 1013 is only allowed to read it, as is anybody else for that matter. They CANNOT write to that file.

the second file "html.txt" has different permissions. again Everyone can read it, but only Datalas, or anyone in group 1013 can write to it. In this case group "1013" might say contain everyone who was / is developing the webpages, and was therefore writing that file.

The final file, "soffice" is "Star Office", presumably you are familiar with Windows, therefore you'd be happier if it was called "soffice.exe" as it is the main executable for a program. This is why it has an extra permission "x" for eXecute. Again, only Datalas has permissions to run that file. However, group 1013 can read it, meaning that they could take a copy of it if they desired.

Anyone who *isn't* datalas, or in group 1013 though has no permissions to read, write, or execute that file, therefore to all intents and purposes it doesn't exist for them....

Basically....

There are three types of privilideges, based around a files "owner"
(U)ser (G)roup and (O)ther.

There are then three types of permission that can be granted...

(R)ead (W)rite e(X)ecute.

Try reading the pages for "chmod" (change mode) and "chown" (change owner) as they probably explain it in more detail than I can.

ps, if you don't know, that would be "man chmod" and "man chown" respectively....

I hope that clears it up. If you want further help, email me or something

perth · 04-06-2002, 01:44 PM

thanks datalas. i think that was exactly what i needed, just an explanation of of it more than a step-by-step. too many tutorials i guess and not enough basics.

im real familiar with windows and i think what was tripping me up was understanding that and trying to mold linux permissions to fit that.

ive been having a real good time learning linux, but sometimes a brain just doesnt want to understand certain concepts, you know?

~james

datalas · 04-06-2002, 01:47 PM

Tell me about it

if you ever need help I shall be as much as I can... Still I'm not the sharpest tool in the box.

04-06-2002, 04:08 PM

Eh, it's pretty easy.

4 is read
2 is write
1 is execute

a permission has 4 "bits" associated with it. a common permission is 0755. starting at the right and reading left (which is how permissions are actually read - more on this in a minute), it's world-executable and world-readable (5), group executable and group readable, and owner readable, executable and writeable. anything not specified is interpreted as a leading zero. for example, if you do a

chmod 55 filename

the permissions will be 0055.

chmod 755 filename

and the permissions will be 0755. the leading 0 is used for setting stickybits and the like. you don't need to worry about it unless you're doing suid stuff.

anyway, once you spend some time with it, it'll become pretty simple. 4 read, 2 write, 1 execute. add 'em up.

04-06-2002, 11:16 AM	#1
perth Strong Silent Type Join Date: Mar 2002 Location: Fort Collins, CO Posts: 1,949	linux permissions can anyone point me towards a good newbie-type tutorial on permissions in linux? ive looked at a few, but i cant seem to get my brain around the concept. thanks! ~james

04-06-2002, 11:48 AM	#2
datalas Generic Monkey Join Date: Jan 2002 Location: Scotland UK Posts: 49	It's not all that complicated. There are three different sets of permissions that apply to EVERY file. The User (u) The Group (g) Other (o) The user refers to the files "owner" that is usually the person that created it. The group refers to the groups that the user is in, usually in a group by themselves. Other refers to everyone else. To get a view of this (in most linux distros) type "ls -rtlh" which should produce soemthign meaningless like this.... -rw-r--r-- 1 datalas 1013 8.7k Jun 20 2001 cv.html -rw-rwr-- 1 datalas 1013 2.9k Oct 20 15:24 html.txt xrwr----- 2 datalas 1013 2.3M June 1 13:21 soffice the first set of letters is the "permissions" that you are tryint to fathom out, the next number ignore. then comes the "owner" (in this case "datalas", followed by its "group" (mainly 1013) and then creation times, followed finally by the filename. (or directory) Taking the "cv.html" file as an example. It's privilidges are as follows. it Owner (datalas) (the first three digits) has "read" and "write" permissions, therefore he (I) can read and write to that file. However, anyone else in group 1013 is only allowed to read it, as is anybody else for that matter. They CANNOT write to that file. the second file "html.txt" has different permissions. again Everyone can read it, but only Datalas, or anyone in group 1013 can write to it. In this case group "1013" might say contain everyone who was / is developing the webpages, and was therefore writing that file. The final file, "soffice" is "Star Office", presumably you are familiar with Windows, therefore you'd be happier if it was called "soffice.exe" as it is the main executable for a program. This is why it has an extra permission "x" for eXecute. Again, only Datalas has permissions to run that file. However, group 1013 can read it, meaning that they could take a copy of it if they desired. Anyone who isn't datalas, or in group 1013 though has no permissions to read, write, or execute that file, therefore to all intents and purposes it doesn't exist for them.... Basically.... There are three types of privilideges, based around a files "owner" (U)ser (G)roup and (O)ther. There are then three types of permission that can be granted... (R)ead (W)rite e(X)ecute. Try reading the pages for "chmod" (change mode) and "chown" (change owner) as they probably explain it in more detail than I can. ps, if you don't know, that would be "man chmod" and "man chown" respectively.... I hope that clears it up. If you want further help, email me or something

04-06-2002, 01:44 PM	#3
perth Strong Silent Type Join Date: Mar 2002 Location: Fort Collins, CO Posts: 1,949	thanks datalas. i think that was exactly what i needed, just an explanation of of it more than a step-by-step. too many tutorials i guess and not enough basics. im real familiar with windows and i think what was tripping me up was understanding that and trying to mold linux permissions to fit that. ive been having a real good time learning linux, but sometimes a brain just doesnt want to understand certain concepts, you know? ~james

04-06-2002, 01:47 PM	#4
datalas Generic Monkey Join Date: Jan 2002 Location: Scotland UK Posts: 49	Tell me about it if you ever need help I shall be as much as I can... Still I'm not the sharpest tool in the box.

04-06-2002, 04:08 PM	#5
dave Guest Posts: n/a	Eh, it's pretty easy. 4 is read 2 is write 1 is execute a permission has 4 "bits" associated with it. a common permission is 0755. starting at the right and reading left (which is how permissions are actually read - more on this in a minute), it's world-executable and world-readable (5), group executable and group readable, and owner readable, executable and writeable. anything not specified is interpreted as a leading zero. for example, if you do a chmod 55 filename the permissions will be 0055. chmod 755 filename and the permissions will be 0755. the leading 0 is used for setting stickybits and the like. you don't need to worry about it unless you're doing suid stuff. anyway, once you spend some time with it, it'll become pretty simple. 4 read, 2 write, 1 execute. add 'em up.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)