Page 323
crw-rw---- 1 root daemon 6, 0 Sep 15 23:48 /dev/lp0
As you can see, the different devices have either c or b in front of the permissions flags. You can also use the ls command to list the permissions of a directory, using the -d (directory) option, for example:
# ls -ld book drwxrwxr-x 2 bball bball 1024 Nov 18 19:35 book
The d denotes a directory. Symbolic links will also have a designated type in the ls -l listing, for example:
# touch file1 # ln -s file1 file2 # ls -l file2 lrwxrwxrwx 1 bball bball 5 Nov 23 11:14 file2 -> file1
Now that you understand some of the basic file types, the next section shows you how to read the permissions flags.
Although the permissions sequence of letters might seem cryptic and mysterious at first, you can easily decipher what these mean. To do this, break the sequence of nine characters into three groups of three. Each group of characters represents (from left to right):
r—The file can be read.
w—The file can be written to.
x—The file can be executed, or run, or in the case of a directory, searched.
The first group of three characters is for the owner. If you create the file, you can change any of these permissions. The next group of three characters is for the group. If you recall the discussion of the /etc/passwd file in Hour 20, you know that by default, you are assigned to two groups when your account is first created, one with your name and the other to the group users. As the system administrator, or sysadmin, you can organize users on your system by assigning users to different groups.
You'll find a list of groups for your Linux system in the group file under the /etc directory. This file contains a text database of groups. Here are a few sample entries:
root::0:root bin::1:root,bin,daemon daemon::2:root,bin,daemon sys::3:root,bin,adm adm::4:root,adm,daemon ... users::100:bball,cloobie bball::500:bball cloobie::502:cloobie
The format of the /etc/group file is: group, password, group number, and a comma-delimited
Page 324
list of users who belong to the group. This means that you can assign read, write, or execute permissions to your group, and allow or deny access to your files. As the root operator, or sysadmin, you can organize your users into different groups. This is important, and one of the reasons you might need to use the chown (change ownership) command, as you'll see later on in this hour.
The final set of three characters denotes the read, write, and execution permissions you grant all other users. Now that you know how to read the permissions, take a look at some examples before moving on to the chmod program.
When you create a file, by default, you and the members of your group have read and write permissions on that file. You can change the default of file creation permissions with your shell's umask command (see your shell's manual page for details). Here's a simple example:
# touch myfile # ls -l myfile -rw-rw-r-- 1 bball bball 0 Nov 23 12:11 myfile
This shows that you (rw-) and your group (rw-) can read and write the file, whereas all others (r--) can only read the file. If myfile were available to everyone on your system, the permissions would look like this:
-rw-rw-rw- 1 bball bball 0 Nov 23 12:11 myfile
Now anyone (rw-) can read or write this file. If myfile were only available for reading and writing to you, the permissions would look like this:
-rw------ 1 bball bball 0 Nov 23 12:11 myfile
This shows that you (rw-), but not your group (---) or others (---), can read the file. How do you change these settings? With the chmod command.
You can use the chmod command in several ways to change file or directory permissions. Learning how to use this command is not as easy as 1-2-3, but it is as easy as 4-2-1!
The chmod command can be used in at least two different ways. Although you can use chmod to create simple commands from text files, using the +x command-line option (as you learned in Hour 6, "Using the Shell"), you might want to set exact permissions of certain files in your home directory, or as the sysadmin, of critical files on your system. The chmod command uses octal, or base eight, notation in modifying file or directory permissions. The 4-2-1 sequence corresponds to the three rwx sequences in the permissions flags.
How does this work? Well, suppose you want to make one of your files private, so that no one else (except the root operator, of course) can read or write your file. When you first
Page 325
create the file, you and your group can read and write the file, while others can only read it. Knowing that 4-2-1 matches rwx, and knowing that the group and others permissions follow your permissions in the permissions flag, you can use chmod with the octal number 600 to change the permissions, for example:
# touch afile # ls -l afile -rw-rw-r-- 1 bball bball 0 Nov 23 12:34 afile # chmod 600 afile # ls -l afile -rw------ 1 bball bball 0 Nov 23 12:34 afile
This makes the file readable and writable only by you, because you've enabled read (4) + write (2) for yourself and no one else. To change the file permissions back to the original access permissions, you would want to enable read (4) + write (2) for you (6), your group (6), and read-only permissions for all others (4), and use the octal number 664, for example:
# chmod 664 afile # ls -l afile -rw-rw-r-- 1 bball bball 0 Nov 23 12:34 afile
You can also change file directory permissions, and either let other people list the contents of your directory, or have access only to the files in a directory, and not be able to list the directory contents. For example, to protect a directory from prying eyes (again, from everyone but the root operator), you can try
# mkdir temp # cd temp # touch file1 file2 file3 # cd .. # chmod 700 temp # ls -ld temp drwx------ 2 bball bball 1024 Nov 23 12:51 temp
If anyone else tries to look into your directory, they will see
# ls /home/bball/temp ls: /home/bball/temp: Permission denied
But what if you want to allow others to read files in the directory without being able to list the contents? To do this, you can enable execute permission of your directory, for example:
# chmod 701 temp # ls -ld temp drwx----x 2 bball bball 1024 Nov 23 12:51 temp
Now, no other users will be able to list the contents of your directory, but can read files that you tell them are within, for example:
# ls -ld /home/bball/temp ls: /home/bball/temp: Permission denied # ls -l /home/bball/temp/file1 -rw-rw-r-- 1 bball bball 0 Nov 23 12:51 /home/bball/temp/file1
As you can see, using the chmod command's octal notation is not that hard. What you have to decide is to whom you want to grant access, and what kind of access you'd like your files