Linux File Permissions - Basics
In a multi-user operating system, there will be more than one user
account probably handled by different users. What would happen if all
the user accounts have permission to access each and every file or
command in an operating system? There is a chance for a complete
disaster. To avoid such a scenario filesystem has a method to assign access permission to specific system users and groups. The ability of a user to view, modify and run a particular file or a directory depends upon this access right.
The permission on a file is based on two things.
The permission on a file is based on two things.
1) User based permission, comprised of three groups.
| Owner (u) | - | System user who is the Owner of a file or directory |
| Group (g) | - | System user group with specific permission over the file or directory |
| Other (o) | - | All other system users not belonging to the above groups may or may not have different permission |
2) Types of permission
Now imagine an office environment with large number of employees and departments. The office has a common file server with all employees having access to it. An employee named calypso in the IT department created an executable file named 'my_executable' in this server. But he want to restrict the accessibility of other users in such a way that only the user calypso (owner) can view (r), modify (w) and execute (x) the file, his team members in the IT department (group) can only view (r)and modify (w) the file. The rest of the users (other) can only view (r) the file.
Based on the above scenario the permission on the 'my_executable' file will look like
Every file created in a Linux machine will have similar kind of permissions. To find the access right of a file we can use ls -l output or the stat command.
In the above screen-shot of ls -l output we can see that the last field (my_executable) represents the file name. Fields 3 (calypso) and 4 (IT_Dept) represent the user ownership and group ownership of the file. The first field (-rwxrw-r--)represents the access permission of the file.The first field can be divided in to 4 parts as shown below
The first part (-) represent the file type. We have discussed about the different file types in one of our previous post. The second part (rwx) represents the access right of the file's owner. In this case the owner has read, write and execute permissions. The third part represents the access rights of the group which in this case is read and write. The fourth and the final part represents the access rights of all the other users.
To summarize the whole topic lets see ls -l output of /etc/passwd file
| Read (r) | - | Permission to read or view a file |
| Write (w) | - | Permission to write or modify a file |
| Execute (x) | - | Permission to execute or run a file |
Now imagine an office environment with large number of employees and departments. The office has a common file server with all employees having access to it. An employee named calypso in the IT department created an executable file named 'my_executable' in this server. But he want to restrict the accessibility of other users in such a way that only the user calypso (owner) can view (r), modify (w) and execute (x) the file, his team members in the IT department (group) can only view (r)and modify (w) the file. The rest of the users (other) can only view (r) the file.
Based on the above scenario the permission on the 'my_executable' file will look like
| Owner | : | r w x |
| Group | : | r w - |
| Other | : | r - - |
Every file created in a Linux machine will have similar kind of permissions. To find the access right of a file we can use ls -l output or the stat command.
In the above screen-shot of ls -l output we can see that the last field (my_executable) represents the file name. Fields 3 (calypso) and 4 (IT_Dept) represent the user ownership and group ownership of the file. The first field (-rwxrw-r--)represents the access permission of the file.The first field can be divided in to 4 parts as shown below
The first part (-) represent the file type. We have discussed about the different file types in one of our previous post. The second part (rwx) represents the access right of the file's owner. In this case the owner has read, write and execute permissions. The third part represents the access rights of the group which in this case is read and write. The fourth and the final part represents the access rights of all the other users.
To summarize the whole topic lets see ls -l output of /etc/passwd file
-rw-r--r-- 1 root root 3175 Dec 29 15:28 /etc/passwd
These are the basic file permission in Linux.We will discuss about Linux special file permissions in a later post.
Comments
Post a Comment