The Terminal: This is mine and you can’t have it.

As I’m sure you already know, UNIX has been around for quite some time (well, in relation to the computer world, it’s ancient). One of the major traits of this old dog is it’s ability to not only be a multi-tasking operating system, but also be a multi-user one as well. This same trait holes true with the advent of Linux too. Multiple people can be be doing several things each, all while logged into a single machine. With the rise of multi-user systems came a growing need for security and privacy. That’s what we’ll be discussing to day. File permissions.

Today, we’ll cover such commands as chown, chgrp, chmod, for modifying permissions, and also taking on the role of the root user when necessary (I haven’t shown you root logins yet for a reason; It’s really easy to screw the whole thing up if you’re not careful).

Linux and UNIX have always had a simple, yet effective permissions model for their files. First, let’s take a look at some files using ls -l.

andrew@server:~$ ls -l
total 20
-rwxr-xr-x 1 andrew andrew 46 2009-06-20 06:14 babers
drwxr-xr-x 2 root root 4096 2009-06-16 18:54 backup-conf
-rw-r–r– 1 andrew andrew 1262 2009-06-28 05:16 etc-contents
-rw-r–r– 1 andrew andrew 120 2009-06-28 05:30 letters
-rw-r–r– 1 andrew andrew 120 2009-06-28 05:32 letters-ref

As you can see, the -l flag definitely gives us some more information. What does this all mean? Lets’s look at one of the standard text files, letters.

-rw-r–r– 1 andrew andrew 120 2009-06-28 05:30 letters

The first and most pertinent thing is the one item you might be looking at with an odd expression on your face. The “-“s and the “r”s and “w”s indicate who can do what to what file. If you count, there’s 10 spaces for permissions info there.

The first will tell what type of file it is. If it’s blank, it’s a normal file. If it’s a directory, this will be shown as a d. Our specific example is a simple text file. Other file types you might come across are symbolic links (l), UNIX domain socket (s), named pipe (p), character device file (c), or block device file (b)

The next 9 spots tell us the user permissions, group permissions, and global or system-wide permissions. The rw- says that the user andrew can read and write to this file, thus giving him full permissions. The next 2 trios of spots after show r–, which means that the the other users in andrew’s group, along with the rest of the users in this system can only read the file.

shows what file it is, rw- shows user permissions, r– shows group permissions, and the second r– shows global permissions.

The second item is the number. This number is basically just saying how many files there is for that specific entry. Only a directory will have a number greater than 1. The third and fourth items, respectively, are the user who owns the file, and the group that owns the file. Since I’m the only user on this system, I am the user, and the group, for every file I create. The fifth item correlates to where on the disk the file resides. The sixth item is a time stamp of the last time the file was modified. The seventh item the name of the file.

Now, let’s look at a different file with different permissions. How about my shell script?

-rwxr-xr-x 1 andrew andrew 46 2009-06-20 06:14 babers

With a quick gander, we can see here that this is a normal text file, the owner has full read/write/execute (that’s what the x means.) permissions, the group can execute and read the file, while everyone not in the same group can only execute the script. It’s a single file, created by the user andrew, who’s a member of the group andrew, it was last modified June, 20th, 2009 at 6:14 system time, and the file name is “babers”. (This specific script was actually a neat idea that you can read more about here!)

Now that we know what permissions are, let’s learn how to change them. To do this, we’ll need to use a tool called chmod, which changes the permissions of a file or directory. (You don’t have to be root to use these tools, but you do have to be root to anything more than read files outside of your home directory). Let’s change the “babers” script to be globally executable.

andrew@server:~$ chmod 777 babers
andrew@server:~$ ls -l | grep “babers”

-rwxrwxrwx 1 andrew andrew 46 2009-06-20 06:14 babers

Now, anyone on the system (whether they’re me, in the same group, or otherwise) can run the babers script. You’re probably curious what 777 does with the syntax of the chmod command, and that’s ok. I know it looks weird. For those of you readers who aren’t good with numbers at all, try to follow along for this next part.

The way chmod works is by using a binary number system to give permissions. It’s kind of like this.

000 is 1
001 is 2
010 is 3
100 is 4
101 is 5
110 is 6
111 is 7

Now imagine that the binary code are like the permission marks

rwx = 111 (binary for 7)
rw- = 110 (binary for 6)
r-x = 101 (binary for 5)
r– = 100 (binary for 4)
–x = 001 (binary for 2)
— = 000 (binary for 1)

I left out what permissions would be binary for 3 because it would be -w-, which in binary would be 010. This wouldn’t work in Linux/UNIX because you can’t have write access to a file you can’t read.

Next up, is logging into root. As a warning, this should only be done when you absolutely need to do something as an administrator. Don’t just login to root for the hell of it, or because it’s cool, or any other unnecessary reason. Only do it when you need to do something that your user account can’t do. Now that we’ve gotten the warning out of the way, here’s how you do it.

To switch users, we use the su command. If you have a second user account, you’d simply type the su command, and the account you’d like to switch to.

andrew@server:~$ su joe

To log into the root account, the su command will default to switching you to the root account if you don’t give an account argument to it. The system will prompt you for your password (hope you remember the root password you made when we installed the system!), you’ll enter it, and after you’ll be root and have complete and utter control of the system. (When you type your root passwords, don’t be worried if you don’t see what you type, or stars. The login is configured by default to not shadow or echo passwords).

andrew@server:~$ su

The chgrp and chown commands are for changing group ownership and user ownership of files, respectively. They both follow the same syntax. If I wanted to change the ownership of the babers script from andrew to joe, this is what I’d do.

server:/home/andrew# chown joe babers

Same goes for chgrp.

server:/home/andrew# chgrp newgrp babers


2 Responses to The Terminal: This is mine and you can’t have it.

  1. truzicic says:

    I’m confused… You can’t have execute permissions without having write permissions? How come we have r-x = 101 (binary for 5), which stands for read-execute?

  2. thatlinuxguy says:

    Truzicic, you’re right, and thank you for the correction. I’ve edited the post to reflect the right information.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: