< Zurück | Inhalt | Weiter >

1.3.4 Permissions

Permissions in Linux are divided into three categories: the owner of a file (usually the user who created it), the group (a collection of users), and others, meaning everyone who is not the owner and not in the group. Any file belongs to a single owner and, simultaneously, to a single group. It has separate read/write/execute permissions for its owner, its group, and all others. If you are the owner of a file, but also a member of the group that owns the file, then the owner permissions are what counts. If you’re not the owner, but a member of the group, then the group permissions will control your access to the file. All others get the “other” permissions.

If you think of the three permissions, read/write/execute, as three bits of a binary number, then a permission can be expressed as an octal digit—where the most significant bit represents read permission, the middle bit is write


permission, and the least significant bit is execute permission. If you think of the three categories, user/group/others, as three digits, then you can express the permissions of a file as three octal digits, for example “750”. The earliest ver- sions of this command required you to set file permissions this way, by specify- ing the octal number. Now, although there is a fancier syntax (for example, g+a), you can still use the octal numbers in the chmod command. See the example below.

The fancier, or more user-friendly, syntax uses letters to represent the var- ious categories and permissions. The three categories of user, group, and other are represented by their first letters: u, g, and o. The permissions are similarly represented by r, w, and x. (OK, we know “x” is not the first letter, but it is a reasonable choice.) For both categories and permissions, the letter a stands for “all.” Then, to add permissions, use the plus sign (+); to remove permissions, use the minus sign (-). So g+a means “add all permissions to the group catego- ry,” and a+r means “add read permissions to all categories.”

Be sure that you know these commands for manipulating permissions:

chmod changes the mode of a file, where mode refers to the read/write/execute permissions.

chown changes the owner of a file.4

chgrp changes the group owner of a file.

Table 1.1 shows some common uses of these commands.


Table 1.1 Changing permissions


image

Command


image

chmod a+r file chmod go-w file chmod u+x file chmod 600 file

Explanation

Gives everyone read permission.

Takes away write permission from group, others.

Sets up a shell script so you can execute it like a command.

Sets permission to read and write for the owner but no permissions for anyone else.


image


image

4. On Linux the use of this command is restricted to the superuser, or “root.”