File per­mis­sions ex­plained

Users, su­pe­rusers and file per­mis­sions… dis­cover how Linux steps up se­cu­rity and con­trols ac­cess to files and fold­ers.

Linux Format - - ESCAPE WINDOWS -

Any filesys­tem worth its salt will ap­ply re­stric­tions to files in the form of per­mis­sions, lim­it­ing ac­cess based on users and groups. Win­dows does this to some de­gree with its NTFS filesys­tem, but it’s no sub­sti­tute for Linux’s ap­proach.

Ev­ery­thing in Linux is rep­re­sented as a file, in­clud­ing fold­ers and hard­ware de­vices. The ext filesys­tem then ap­plies spe­cial per­mis­sions to th­ese files to de­ter­mine how they can be ac­cessed, and by whom. Th­ese per­mis­sions boil down to three ba­sic lev­els of ac­cess: r (read), w (write) and x (ex­e­cute). You can view a file’s per­mis­sions when in the

Ter­mi­nal with the ls -l com­mand, where you’ll see en­tries such as rwx (full ac­cess) or r-- (read-only) next to each file.

Th­ese rwx per­mis­sions ap­ply to fold­ers as well as files, and things are com­pli­cated by the fact cer­tain per­mis­sions – such as delet­ing a file – re­side with its par­ent folder, not the file it­self. So files can be viewed (r), edited (w) and ex­e­cuted if a pro­gram (x), but un­less their par­ent folder has w per­mis­sions ap­plied to it, you can’t cre­ate (or delete) files within the folder. Sim­i­larly, you can’t view files – even with r per­mis­sions – as­signed un­less the folder has x per­mis­sions ap­plied.

Se­cu­rity is para­mount in Linux, so per­mis­sions aren’t ap­plied di­rectly to each file and folder; in­stead, they’re ap­plied to three cat­e­gories of user: owner (the user who cre­ated the file), spe­cific user group, and oth­ers (every­one else).

The sec­ond cat­e­gory refers to a sin­gle user group for whom spe­cific per­mis­sions have been de­fined, and opens up a ques­tion about users and groups. Al­though it ap­pears to ap­ply to a spe­cific user (of­ten the same user as the file or folder’s owner), th­ese per­mis­sions ap­plies to a user group.

When you cre­ate a new user, a group of the same name is also cre­ated, your user is added to that group and it’s this group that Linux ref­er­ences here. It’s also pos­si­ble to add users to multiple groups, en­abling ad­vanced users to set up groups into which multiple users are added, giv­ing all those users the same level of ac­cess to the se­lected file or folder based on the group they’re part of.

Set­ting up per­mis­sions

Per­mis­sions are set when a file is cre­ated, with the file owner also set as the de­fault user or group for that file. Note, if you cre­ate a file when run­ning in el­e­vated mode (such as through sudo in the Ter­mi­nal), then the owner is root, not you. The owner typ­i­cally has full ac­cess rights to the file or folder cre­ated, while every­one else nor­mally has more lim­ited rights to files, and are usu­ally blocked from fold­ers.

By de­fault, all users have full own­er­ship, ac­cess and con­trol over their per­sonal Home folder and its con­tents, while other users are blocked ac­cess. Out­side the home folder, ac­cess is more re­stric­tive – cer­tain fold­ers are ac­ces­si­ble, but most are ei­ther read-only or off-lim­its, re­quir­ing you to ac­cess them via the root su­per-user ac­count.

It’s pos­si­ble to change a file or folder’s per­mis­sions if you’re the owner via the Nau­tilus file man­ager. Right-click a folder or file and choose Prop­er­ties > Per­mis­sions tab. From here you can change per­mis­sions for own­ers, the fea­tured group and oth­ers, plus change which user group has spe­cial ac­cess to the item in ques­tion. Click the Group drop-down menu and the list will in­clude a load of un­fa­mil­iar names – th­ese are sys­tem users, de­signed to do spe­cific things with­out com­pro­mis­ing on se­cu­rity, and are best left alone.

Use ‘ls -l’ in a Ter­mi­nal to view file and folder per­mis­sions within the cur­rent di­rec­tory.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.