Linux access rights - permissions

In Linux, unlike other operating systems, especially due to the fact that it is a multi-user system, we will find a special system for managing the rights to files and directories taken from Unix.

Types of users

Users who can access files or directories are divided into three categories

owner - the owner, the one who created the file or the
group directory - a member of the group to which the owner belongs
- any other user who neither owns the file / directory nor is part of the owner group

File access rights

They are divided into three categories

r - (read) read
w - (write) write
x - (execute) execute

Access rights for directories

They are also divided into three categories, they have the same symbolism but have a different meaning

r - (read) reading; means the right to view (list) the contents of the directory (ls command)
w - (write) write; allows adding and deleting files
x - (execute) execution; means the right to enter the directory (cd command)

Viewing and interpreting permissions

It is done with the help of the command

ls -l

Let's see what information the output of this command provides and how it is used. If we want to see the permissions of a file we use

ls -l numefisier

If we want to list all the files and directories in another directory, say test, we place the order in that directory

cd /calecatre/test ls -l

Let's say that what we displayed below is the content of the test directory and let's do a short analysis.

drwxrwxrwx 20 adi adi 1448 Jan 2 09:27 mandrivalinux/ 
drwxrwxrwx 3 adi adi 72 May 6 2005 Music/ 
-rw-r--r-- 1 adi adi 185575 May 27 2005 Screenshot.png 
-rw-rw-r-- 1 adi adi 4879 Jun 20 2005 shrek-text.scm 
-rwxrwxrwx 1 adi adi 48970 Apr 23 2005 snapshot1.jpg* 
-rwxrwxrwx 1 adi adi 125602 Apr 23 2005 snapshot2.jpg*
-rwxrwxrwx 1 adi adi 144053 May 7 2005 snapshot3.jpg*

The first character can be - or d.
- denotes that we are dealing with a file, and d shows us that it is a directory. So in our list the first two lines belong to some directories and the other five belong to some files. There are other characters for other file types, such as: l (symbolic links), p (pipe), s (socket), etc., but they are not the subject of this tutorial. The two names belong to the owner and the group, respectively. The date of the last change follows and then the name of the file or directory. The next nine characters give access permissions. Why am I new? Very simple. As you read above, there are three categories of users and three ways in which a file can be accessed, resulting in nine possible combinations.

Three for the owner, three for the group and the last three for others. Where the character symbolizing a right is replaced by -, it means that the permission is not granted. The two directories have permissions enabled for all system users: rwxrwxrwx. So are the last three files. This means that any user can modify or access them at will.

We see that the first two files granted only certain rights that you can easily identify.

Changing permissions

The command to change permissions is chmod. It has several ways in which it can be called.

With letters

In a first way of use the following conventions are used: u - owner, g -group, o - others, a - all (all), - withdraw the rights and + add the rights. If for the file

-rw-r--r-- 1 adi adi 185575 May 27 2005 Screenshot.png

we want to add write rights (w) for the group we use

chmod g+w Screenshot.png

The result, if we give

ls -l

It is

-rw-rw-r-- 1 adi adi 185575 May 27 2005 Screenshot.png

The appearance of the writing right for the group is observed. If we want to give read write permissions (rw) for all users we can write

chmod a+rw Screenshot.png

The outcome :

-rw-rw-rw- 1 adi adi 185575 May 27 2005 Screenshot.png

If we want to withdraw the right to write (w) we can write

chmod a-rw Screenshot.png

With numbers

Another way to use it is to use write permissions in decimal form. It is less intuitive but once understood it is quite easy to apply and more flexible than the way presented above. For each type of user we will have a numeric value, which will describe all three permissions (rwx) and which is thus obtained. For each right, 1 is granted if it is given and 0 if it is revoked. This will result in a three-digit binary number. Let's take the case that we have 111, that is, we grant all permissions. We then transform it into a decimal in the form 1 * 1 + 1 * 2 + 1 * 4 = 7 where 1,2 and 4 are the powers of 2 (2 ^ 0 = 1, 2 ^ 1 = 2, 2 ^ 2 = 4). If we had a series of rights of type -wx we will have 0 * 1 + 1 * 2 + 1 * 4 = 6. This as I said is only for one type of user. For example for all three categories, owner, group and others,

chmod 777 Screenshot.png

which would result

-rwxrwxrwx 1 adi adi 185575 May 27 2005 Screenshot.png

As an easy way to store this method, you need to know that you make amounts of 1, 2 and 4 depending on the rights you want to grant.

Change of owner

The owner change is done using the chown command. If, let's say, the file given in the above examples and which has the adi owner from the adi group we want to pass it under the property of lucian from the adi group, we use the command

chown lucian.adi Screenshot.png

the result will be

-rwxrwxrwx 1 lucian adi 185575 May 27 2005 Screenshot.png

If you do not know the user's group, you may not specify it.

Remarks

If we want to apply the chmod command to all files in a directory, we use the -R recursive option. If we want to give full rights to all the files in the mandrivalinux directory from the list above we can use

chmod -R a+rwx mandrivalinux

or

chmod -R 777 mandrivalinux

You also have a number of other ways to change permissions inside manager files such as mc where things can be solved much easier, even with the help of the mouse.

You have to be careful who and what permissions you give users on a linux system, its security depending a lot on this aspect.

The root user can grant / modify the permissions of all users.

The text requires additions regarding SUID and SGID as well as the Sticky bit for directories.