Highasakite.net & Unclebob.net

File permissions.

The file permissions, or attributes, are a very important aspect of any Linux system & basically define what is allowed to be carried out & by who! If you don't have the necessary permissions required to carry out the task then you can forget it. EVERY single file & directory on a Linux machine has 3 critical "attributes" assigned to it.

1. A set of permissions (read/write/execute).
2. An owner.
3. A group.

Only if you meet the above criteria will Linux allow you access to that particular file! Take a look at the ls listings below to see how these attributes are assigned.

drwxr-xr-x  27   root       root   4096 May 3 15:05 etc
-rw-r--r--  1   root       root   20025 May 2 09:18 rc.config
drwxr-xr-x  2   unclebob   ftp_users   4096 May 3 11:35 auto.scripts

Like I said above, the attributes are separated into 3 different categories, the group of letters (drwx--..) define the file/folder permissions (d=directory, r=read, w=write, x=execute), the first name (root, unclebob) defines who owns the file, & the second name (root, ftp_users) defines to which group the file belongs. You can naturally change these permissions to whatever you wish, providing that is that you have "permission" to do so to that file. With the command chmod you can change the read / write/ execute permissions on the file/folder, & with chown you can change the owner & group of the file/folder.

We will have a look at the chmod command first. There are 2 ways of changing the r/w/x file permissions, both are constructed in a similar way using the owners/group/others + r/w/x categories to define the new permissions. The simplest method of changing permissions is using the "octal approach" as set out in the table below. Have a look at the example below of the rc.config file.

-rw-r--r--    1     root     root     20025 May 2 09:18 rc.config

Each file has the same layout for these attributes, being a 10 position "code" (drwxrwxrwx)for every file or directory. The very first position "d" defines a directory, then comes 3 identical blocks of "rwx". The first block of "rwx" defines the permissions for the owner of the file (in this case "root"), the second "rwx" defines the permissions for the group to which the file belongs (in this case "root") (NB: not necessarily the same group to which the owner of the file belongs), & the third "rwx" defines the permissions for all "other" users (which are not necessarily registered "users" of the system, for example a visitor to your website).

owner			group			others
r	w	x	r	w	x	r	w	x
400	200	100	40	20	10	4	2	1

Using this method of changing the attributes is as simple as building a number with the appropriate permissions. For example, what octal number does the file rc.config already have? The "owner" has read & write permissions (400+200), the group has read permission (40), & others has read permission (4), i.e. 400+200+40+4 = 644. Simple huh?! Lets change /home/user/test.file to owner rwx, group r, others nothing. What octal number do you need? Owner 400+200+100 (700), group 40, others 0, i.e. 700+40+0=740. To then change the file to this new set of permissions simply type chmod 740 /home/user/test.file & it will be changed accordingly. It's a good idea getting used to this type of permission changing as less mistakes can occur in this way.

The file permissions are absolutely critical for very many applications, take the web server daemon Apache for example. Apache sends, upon request, pages & files from your website to a visitor anywhere in the world, BUT only if apache is allowed to!!! That is, if the requested file has the correct permissions for the person that has requested it. For example if the .htm & .html files (also jpeg, gif,.......) are not "world readable" (readable to the "others" category) then apache will send the person who requested the file the response that access is denied. The same applies for directories that are not "world executable", a directory must be "executable" to allow apache (amongst others) to enter the directory. This concept is very important when it comes to access & security of any machine that is connected to the internet.

The chown command allows us to change the ownership of a file or a folder into any given "system registered" user or group, providing you have the necessary permission to change this. Take the following example.

drwxr-xr-x 2 unclebob ftp_users 4096 May 3 11:35 auto.scripts

We wish to change the owner of the directory, & also the directory's group, including all the files & folders contained in the auto.scripts folder to root owner & root group. Naturally we MUST be logged in as "root" to carry out this ownership change. Simply type:

chown -R root:root auto.scripts

The "root:root" part defines the user "root" as the new owner & separated by the : the group "root" as the new group that the directory belongs to. The -R defines a recursive change of ownership which takes in all the files & folders contained within auto.scripts.