3.2 File Modes and Permissions - UNR-HPC/pronghorn GitHub Wiki

File and directory permissions

You will be responsible for setting and maintaining file permissions in your home directory and association directory. As such an understating of how Linux permissions work is crucial to the usage of Pronghorn.

General overview

Every Linux file has a set of permissions that determine whether you can read, write, or run the file. Running ls -l displays the permissions. Here's an example of such a display:

figure 1.0

-rw-r--r-- 1 exampleuser examplegroup     4096 Apr 4 04:20 example.txt

The file's mode represents the file's permissions and some extra information. There are five parts to the mode.

figure 1.1

part 1: - (file or directory)
part 2: rw- (user permissions)
part 3: r-- (group permissions)
part 4: r-- (other permissions)
part 5: (special attributes)

The first character of the mode (part 1) is the file type. It can be a regular file or a directory. Each file and directory has three user based permission groups which break down into three sets: user part 2, group part 3, and other part 4.

part 1: A dash (-) in this position, as in the example, denotes a regular file, meaning that there is nothing special about the file. This is by far the most common kind of file. Directories are also common and are indicated by a d in the file type slot.

part 2: user (u) - The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users.

part 3: group (g) - The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users.

part 4: other (o) - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.

part 5: Directory Set Group ID - There are two special bits in the permissions field of directories.
s - Set group ID
t - Save text attribute (sticky bit) - The user may delete or modify only those files in the directory that they own or have write permission for.

Each permission set can contain four basic representations:

r : the file is readable. Refers to a user's capability to read the contents of the file.
w : the file is writable. Refers to a user's capability to write or modify a file or directory.
x : the file is executable. Refers to a user's capability to execute a file or view the contents of a directory.
s : Some executable files have an s in the user permissions listing instead of an x. This indicates that the executable is setuid, meaning that when you execute the program, it runs as though the file owner is the user instead of you. Many programs use this setuid bit to run as root in order to get the privileges they need to change system files. - : null value (nothing).

In figure 1.0 the rw- characters are the user or "owner" permissions. rw- denotes that the files is readable and writable, but not executable. The r-- characters that follow are the group permissions. r-- denotes that the group "examplegroup" can read, but not write or execute the file. The final r-- characters are the "other" permissions, meaning all other users who are not the part of "examplegroup" group or the file owner can read the file, but not write, or execute it.

Some executable files have an s in the user permissions listing instead of an x. This indicates that the executable is setuid, meaning that when you execute the program, it runs as though the file owner is the user instead of you. Many programs use this setuid bit to run as root in order to get the privileges they need to change system files. One example is the passwd program, which needs to change to /etc/passwd file.

Modifying Permissions

  • chmod : Changes the file mode bits of each given file according to mode, which can be either a symbolic representation of changes to make, or an octal number representing the bit pattern for the new mode bits.
  • chown : Changes the user and/or group ownership of each given file.
  • chgrp : Change the group of a file or directory.

chmod
To change permissions, use the chmod command. The chmod (change mode) command protects files and directories from unauthorized users on the same system, by setting access permissions.

Some examples:

  • Private file for you
chmod 600 myfile
  • Everyone can read; you can write
chmod 644 myfile
  • Private directory for you
chmod 700 mydir
  • Everyone can read; you can write
chmod 755 mydir

chown
To change the ownership of a file(s) or directories, use the chown command. The chown (change ownership) command sets and changes the ownership of files and directories.

Some examples:

  • set the ownership of myfile to mrrobot
chown mrrobot myfile
  • set the ownership of the directory and all files in mydirectory to mrrobot
chown -R mrrobot mydirectory

chgrp
To change the group ownership of a file(s) or directories, use the chgrp command. The chgrp (change group ownership) command sets and changes the group ownership of files and directories.

Some examples:

  • set the group ownership of myfile to mrrobot
chgrp mrrobot myfile
  • set the group ownership of the directory and all files in mydirectory to mrrobot
chgrp -R mrrobot mydirectory