Skip to main content

1. Ownership and permissions

In the Unix security model, a user may own files and directories. When a user owns a file or a directory, he has control over its access (he decides who can access it). To facilitate granting permissions, users may belong to one or more groups. If the owner of a file grants permissions to a group, then all the members of the group have access to this file. Besides granting access to a group, an owner may grant some access rights to everybody, which in Unix terms is referred to as others.

  1. When you use the command ls -l, the first column of the output (the one which has some dashes) shows the attributes of the file.

    > foo.txt
    ls -l foo.txt

    The first char of attributes shows the file type. If this char is a - it is a regular file, d is for a directory, l for a symbolic link, c for a character special file (for example a keyboard or network card), and d for block special file (like a hard drive or RAM).

    The remaining 9 characters show the access rights for the file's owner, the file's group, and the rest of the users. They are rwx for the user, rwx for the group, and rwx for the others, where r stands for reading (viewing the content of the file), w is for writing (modifying the content of the file), and x is for executing (running the file like a program or a script). If there is a minus (or a dash) instead of r, w or x, it means that the corresponding right is missing.

    For a directory, the x attribute allows a directory to be entered (e.g. cd directory). The r attribute allows a directory's content to be listed (with ls), but only if the x attribute is also set. And the w attribute allows files within a directory to be created, deleted, and renamed, if the x attribute is also set.

  2. We can change the permissions of a file or directory with chmod. Only the owner and the superuser can change the permissions of a file or directory.

    ls -l foo.txt
    chmod 600 foo.txt
    ls -l foo.txt

    In this case we are using octal notation for telling chmod what permissions to set. For example 7 (111) is for rwx, 6 (110) is for rw-, 5 (101) is for r-x, 4 (100) is for r--, and 0 is for --- (no permissions).

    We can also use symbolic notation with chmod, where u (user) represents the owner, g represents the group, and o (others) represents the world. There is also the symbol a (all) which is a combination of u, g and o.

    • Add the execute permission to the user:

      chmod u+x foo.txt
      ls -l foo.txt

    • Remove the execute permission from the user:

      chmod u-x foo.txt
      ls -l foo.txt

    • Add execute to user. Group and others should have only read and execute:

      chmod u+x,go=rx foo.txt
      ls -l foo.txt

    • Remove the execute permission from all:

      chmod ugo-x foo.txt
      chmod a-x foo.txt
      chmod -x foo.txt
      ls -l foo.txt

  3. The umask command controls the default permissions given to a file when it is created:

    umask

    This octal notation tells which bits will be masked (removed) from the attributes of a file:

    rm -f foo.txt
    > foo.txt
    ls -l foo.txt

    The reason that the others don't have a w permission is because of the mask. Remember that the number 2 in octal is written as 010, so the permissions expressed by it are -w-. This means that the w permission for the others will be removed from the attributes.

    Let's change the mask and try again:

    rm foo.txt
    umask 0000
    umask
    > foo.txt
    ls -l foo.txt

    Restore the normal umask:

    umask 0022
    umask
Download lesson03/part1.cast
Loading asciinema cast...