DEV Community

alfiantirta85
alfiantirta85

Posted on

Managing File System Permissions

User Categories

Files has three categories of users for which permissions apply:

  1. The user who created the file
  2. A user who is in the same grub as the user
  3. All other users

Permission Categories

File/directory have three categories of applicable permissions: read, write, and execute.

  • r(read) --> file can be read
  • w(write) --> file can be edited
  • x(execute) --> file can be run as command

View Permissions And Ownership

To see the permissions and ownership of files and directories can use command:

ls -l or ls -ld
Enter fullscreen mode Exit fullscreen mode

Option -l --> view list with long list format.
Option -d --> view the directory listing itself.

Image descriptionFile permission consist of nine characters after the character d(directory).

  • Permission for the user is determined by the first set of 3 characters
  • Permission for user groups are determined by the second set of 3 characters
  • Permission for all other users are determined by the third set of 3 characters

If the letters are replaced with -, then the category doesn't have that permission.

Change Permission

To change permission from the command line can use command:

chmod
Enter fullscreen mode Exit fullscreen mode

Permission instructions can be issued by symbolic methods and numerical methods.

Symbolic Method

chmod WhoWhatWhich file/directory
Enter fullscreen mode Exit fullscreen mode
  • Who is u(user), g(group), o(other), a(all)
  • What is +(add), -(remove), =(set exactly)
  • Which is r(read), w(write), x(execute)

Image description

Image description

option -R to change the permissions of the directory and its contents.

Numeric Method

chmod ### file/directory
Enter fullscreen mode Exit fullscreen mode

Each digit represents a permission for the access level: user, group, other.
Each digit is the sum of the numbers representing the permissions.

  • read permission is represented by the number 4
  • write permission is represented by the number 2
  • execute permission is represented by the number 1

Image description

Change User And Group Ownership

To change the ownership of users and groups can use command:

chown
Enter fullscreen mode Exit fullscreen mode

only root user can change file ownership

To change only the user, use the command:

chown usernew file1
Enter fullscreen mode Exit fullscreen mode

To change only the group, use the command:

chown :groupnew file1
Enter fullscreen mode Exit fullscreen mode

To change everything, use the command:

chown usernew:groupnew file1
Enter fullscreen mode Exit fullscreen mode

Image description

We can use sudo privilege to use chown command.
Option -R to change the ownership of the directory and its contents.

Special Permission

Special permission is the fourth type of permission besides basic user, grub and other types. These permissions have additional access features that are allowed by the basic permission types.

1. Setuid Permission
on files containing this permission executable. however, the command that is executed becomes the user who owns the file, not as the user that executes the command.
to add this permission, can use command:

chmod u+s file1 or chmod 4### file1
Enter fullscreen mode Exit fullscreen mode

2. Setgid Permission
files created in a directory containing these permissions inherit ownership of grub rather than inheriting from the user who created it. this file is executable. however, the command that is executed becomes the grub that owns the file, not as the grub that runs the command.
to add this permission, can use command:

chmod g+s file1 or chmod 2### file1
Enter fullscreen mode Exit fullscreen mode

3. Sticky Permission
on directories that contain this permission, file deletion is subject to special restrictions. only file owner and root user can delete files in directory
to add this permission, can use command:

chmod o+t file1 or chmod 1### file1
Enter fullscreen mode Exit fullscreen mode

Default File Permission

When you create a new file/directory it is given initial permission called umask.

  • If you create a new directory, the operating system will grant octal permission 0777
  • If you create a new file, the operating system will give permission octal 0666

Octal permission will be reduced by the umask set, usually 0002.
To see the umask that has been set, you can use the command:

umask
Enter fullscreen mode Exit fullscreen mode

To replace it, you can use the command:

umask 027
Enter fullscreen mode Exit fullscreen mode

Top comments (0)