Unix: Access rights
More information about a file or directory
The -l option to the command ls produces
a long listing, with a lot of interesting about a file or directory.
The format is terse and not immediately meningful, but below, you get
the key to this important information.
First, let us look at the data. In your exercises directory, type:
$ ls -l
You will see that you now get lots of details about the contents of your directory. If you've followed the instructions in this ebook up to this point, you should see someting similar to the black text in the example below:
(The red text is added by me, to make the explanation below easier to follow.
As you can see from the red text, the left-hand column is known as the mode bits. They are used for access control, and there is a lot more about the mode bits below.
But before we drill down int access contro, here is a brief description of the other six fields in this format:
- hl: the number of hard links (every file in a directory is a hard link).
- owner: the owner of file or directory.
- group: the group file or directory belongs to.
- size: the size of the file or directory entry in bytes.
- modification date & time: the date created or last modified.
- file/directory name: the name of the directory or file.
Mode bits
The mode bits are a feature of the Unix file system that are, among other things, used for access control.
When you use the command ls -l, the mode bits are
shown as a 10 character long
string. The first letter may be d or
-. Letter d indicates a directory.
Otherwise a dash (-) will be the first symbol and indicates an ordinary file.
In
Unix, symbolic links, hardware, memory and many other things are files, so you may also come across other first letters (e.g.
b,
c,
l,
p,
s). But these “files” should only be manipulated by administrators,
so I'll not discuss them here. Again: This ebook is for beginners.
The 9 remaining symbols in the mode bit field indicate permissions, or access rights.
The letters used are
r, w, x, and, sometimes
t, T, s or S. They are always taken as 3 groups of 3.
- The left group of 3 gives the file permissions for the user that owns the file or directory (john in the above example).
- The middle group of 3 gives the permissions for the group of people to whom the file or directory belongs (staff in the above example).
- The rightmost group of 3 gives the permissions for all others.
You may also see a - instead of one of the letters. This always indicates an absence of permission.
The symbols r, w, x,
s/S and t/T, have slightly different
meanings depending on whether they refer to a file or to a
directory.
Access rights for files
rindicates read permission – that is, the permission to read and copy the file.windicates write permission – that is, the permission to change the file.xindicates execution permission – that is, the permission to execute the file.sindicates that the file is run with the privileges of the user or group that owns it (setuid/setgid).
The s only shows up in the user and group execute field.
There is also an upper case S that means the same lower case s, but is used when execute permission is not set.
Access rights for directories.
rallows users to list files in the directory.wmeans that users may delete files from the directory or move files into it.xmeans the right to enter, search or execute files in the directory.smeans that files created in the directory will inherit group membership from directory (setgid bit).tonly the owner can delete a file in the directory (sticky bit).
The s only shows up in the group execute field.
The t only shows up in the last execute field.
There is also an upper case S and T that means the same lower case, but is used when execute permission is not set.
Some examples
| -rwxrwxrwx | A file that everyone can read, write and execute (and delete). |
| -rw------- | A file that only the owner can read and write. No-one else can read or write. No-one has execution rights (e.g. a text file). |
Changing access rights
chmod (changing the mode bits)
To change permissions, you use the command chmod followed by
a string of options that specify what to change. The string consists of characters
picked from the three groups (Who, Do and What) found in the following table,
follwed by a list of files to apply the changes to:
| Who | Do | What | |||
|---|---|---|---|---|---|
u |
user | + |
add permission | r |
read |
g |
group | - |
remove permission | w |
write |
o |
other | x |
execute | ||
a |
all | ||||
I.e. the rather terse format of the command chmod is:
$ chmod WhoDoWhat files
For example, if you want to change the permissions for group and others to have read and write permissions on the file dogbreeds.txt for the, you type:
$ chmod go+rw dogbreeds.txt
This will leave the other permissions unaffected.
To take away permissions for others to read, write and exute the file dogbreeds.txt type:
$ chmod o-rwx dogbreeds.txt
The program does not complain if you take away permissions that wasn't granted in the first place..
Only the owner of a file or directory (and root) can change the permissions.
Exercise
Try changing access permissions on the file unixpast.txt to give everyone read permissions.
Use ls -l to check that the permissions have changed.
Users
To list all users that exist:
$ cat /etc/passwd
To create a new user and give the user a password, use the following two commands:
# useradd john # passwd john
Groups
To list all groups that exist:
$ cat /etc/group
To create a group named students and add an already existing user (john) to this as a secondary group:
# groupadd students # usermod -G students john
To check what groups john belongs to:
# id john uid=504(john) gid=504(john) groups=1055(students),504(john) # groups john john : john students
Summary
| Command | Meaning |
|---|---|
ls -l |
list files in long format |
chmod WhoDoWhat file |
change mode bits for named file |
