UK WEB HOSTING FORUM FOR DISCUSSION ON WEB HOSTING SERVICE AND SUPPORT
LINUX HOSTING WINDOWS HOSTING PACKAGES SHOPPING CART OSCOMMERCE ZEN CART AGORA
ECOMMERCE HOSTING ASP MSSQL FRONTPAGE HOSTING PHP MYSQL HOSTING DISCUSSION FORUM
CPANEL RESELLER HOSTING DEDICATED SERVER VPS HOSTING PLESK VIRTUOZZO
Quick Search
Your forum announcement here!

  UK Web Hosting | Dedicated Server Windows and Linux VPS Forum > Technical Support > Linux Dedicated Servers
Understanding file permissions on Dedicated Server

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 25-11-2006, 21:40
Senior System Administrator
  
Join Date: Oct 2006
Posts: 149
Thumbs up Understanding file permissions on [url=http://www.eukhost.com/dedicated-server-hosting.php]Dedicated Server[/url]
In GNU/Linux every user has his own user account, and is a member of one or more user groups. Similarly, each file belongs to a user and to a user group. For restricting file access, GNU/Linux (and Unix in general) defines three different types of rights:

- Read (symbolized by the letter r), which means that the file can be read;
- Write (symbolized by the letter w), which means that the content of the file can be changed;
- Execute (symbolized by the letter x), which means that the file can be executed.

For each file, each of these rights (Read, Write and Execute) are defined for three sets of users :

- The user (symbolized by the letter u), who is the owner of the file.
- The group (symbolized by the letter g), who represents all the users who are members of the group which the file belongs to (as a file belongs both to a user, and a user group).
- The others (symbolized by the letter o), who basically represent all the users that are neither members of the group nor the owner of the file.

For instance, if a file belongs to George (as the owner) and Administrators (as the group), it can define different Read, Write and Execute permissions for George, for members of the "Administrators" group, and for all other users.

Reading file permissions : ls -l

All information related to file permissions is contained within the file and can be viewed by the "ls -l" command:

ls -l myfile
-rwxr-x--- 1 george administrators 10 2006-03-09 21:31 myfile

As you can see in this example, the "ls -l" command gives a lot of information about the file "myfile":

- Its name, "myfile";
- Its permissions, "-rwxr-x---";
- Its owner, "george";
- Its group, "administrators";
- And other information which is not relevant to this article.

The way permissions are shown can seem a bit confusing if you're new to GNU/Linux or Unix, but don't be mistaken, it is very simple. The first character simply indicates the type of file as indicated in the table below:
Quote:
Character -> Type of file
- -> regular file
d -> directory
l -> symbolic link
s -> socket
p -> named pipe
c -> character device file (unbuffered)
b -> blocked device file (buffered)
In this case myfile is a regular file. Let's have a look at the other nine characters: "rwxr-x---".

The first three characters indicate whether or not the read, write and execute permissions are given to the owner (in this case, George). If they are, their character representation appear (r, w or x), otherwise they are replaced by the character "-". In the same manner, the next three characters indicate whether or not these permissions are given to the group (in this case, Administrators). Finally, the last three characters indicate whether the same rights are given to the others (in this case, people who are not members of the Administrators group).

Quote:
Letter -> Permission
r -> Read
w -> Write
x -> Execute, Go through (for directories)
- -> No permission
Quote:
Letter -> Type of users
u -> User (owner of the file)
g -> Group (group to which belong the file)
o -> Other (users who are neither a member of the Group nor the owner of the file)
a -> All (everybody)
So, in our example myfile features the following set of permissions : "

rwxr-x---

". This means that George has all three rights on it, that members of the Administrators group can only read (R) and execute (X) the file, and that everybody else can't do anything with the file.

You could imagine that this file, written and maintained by George could be an executable script dedicated to the administrators and not made available to other users.. but hey.. this is only an example, so let's not assume too much The important thing is that you now understand the concept of file permissions and that you know how to read them using the "ls -l" command. The next step is to learn how to change them.

Changing file permissions : chmod

You can change the permissions of your files (or other people's files if you're the root superuser) by using the command "chmod". The syntax is very simple. For instance if George decides to give write permissions to the administrators, he will type:

chmod g+w myfile

g represents the group of the file (administrators).
w represents the write permission.
+ represents the fact that the permission is added.

If George then lists the permissions using ls -l he obtains:

Quote:
ls -l myfile
-rwxrwx--- 1 george administrators 10 2006-03-09 21:31 myfile
As you can see, the administrators now have write access to the file, and permission to change its content.

The "chmod" command takes 4 parameters:

- The type of users to apply the change of permissions for (u for user, g for group, o for others, a combination of them or a for all three of them).
- The type of change to make (+ to add permissions, - to remove permissions, = to define permissions)
- The type of permissions to apply the change with (r for read, w for write, x for execute)
- The file or group of files to apply the change on (filename for a precise file, but wildcard characters for multiple files)

Let's have a look at a few examples:

- chmod o+r myfile adds read permission to the others on myfile;
- chmod ug+rx myfile adds read and execute permissions to both the owner (user) and the group on myfile;
- chmod a-rwx myfile removes all permissions to everybody (all) on myfile;
- chmod a=rx *.txt defines permissions to be read and write to everybody on all files suffixed by .txt.

The chmod command also accepts another syntax which is quite popular among system administrators: the octal system. Rather than using letters such as u, g, o, a, r, w and x.. you can use octal numbers. The main advantage is that once you're used to it, it is faster to use. Also, because it sets permissions rather than adding or removing them, you don't accidentally overlook anything. Here is how the octal numbers work:

Each permission is given a value:

Quote:
Permission -> Value
- -> 0
x -> 1
w -> 2
r -> 4
Values add up when you combine permissions. Consequently the total value can go from 0 (no permission at all) to 7 (full permissions):

Quote:
Permission -> Value
--- -> 0
--x -> 1
-w- -> 2
-wx -> 3
r-- -> 4
r-x -> 5
rw- -> 6
rwx -> 7
Finally a value is given for each of the three types of users (User, Group and Other) and these three numbers ranging from 0 to 7 are put together to form the octal number. This is the number you can use with "chmod".

For instance:

chmod 750 myfile

750 means 7 (rwx) for the owner, 5 (r-x) for the group and 0 (---) for others. As a result, the permissions of myfile will be "rwxr-x---". As seen above this command is equivalent to:

chmod u=rwx,g=rx myfile; chmod o-rwx myfile;

Here are some common uses of the octal numbers:

- chmod 755 myfile : rwxr-xr-x, all rights to the owner, other people only read and execute;
- chmod 644 myfile : rw-r--r--, owner car read and write, other people only read;
- chmod 777 myfile : can be considered bad practice in some cases, full permissions to everybody.

Changing file owner or group : chown, chgrp

You can give ownership of your files to somebody else, or change the group that they belong to, by using the commands "chown" and "chgrp". "chown" allows you yo change the owner of the file, and "chgrp" allows you to change its group.

For instance, if George decides to give ownership of myfile to Robert, he can simply type:

chown robert myfile

Also, if Robert later on decides to make the file only available to members of the group "SeniorAdmin" group rather than to those of the group "Administrators", he can type:

chgrp senioradmin myfile

Note: The "chown" command also allows to change the group ownership. In fact George could have directly typed the following command:

chown robert:senioradmin myfile

Setting the sticky bit on a directory : chmod +t

If you have a look at the /tmp permissions, in most GNU/Linux distributions, you'll see the following:

Quote:
abc@auto:/$ ls -l | grep tmp
drwxrwxrwt 10 root root 4096 2006-03-10 12:40 tmp
The "t" in the end of the permissions is called the "sticky bit". It replaces the "x" and indicates that in this directory, files can only be deleted by their owners, the owner of the directory or the root superuser. This way, it is not enough for a user to have write permission on /tmp, he also needs to be the owner of the file to be able to delete it.

In order to set or to remove the sticky bit, use the following commands:

chmod +t tmp
chmod -t tmp

Setting the SGID attribute on a directory : chmod g+s

If the SGID (Set Group Identification) attribute is set on a directory, files created in that directory inherit its group ownership. If the SGID is not set the file's group ownership corresponds to the user's default group.

In order to set the SGID on a directory or to remove it, use the following commands:

chmod g+s directory
chmod g-s directory

When set, the SGID attribute is represented by the letter "s" which replaces the "x" in the group permissions:

ls -l directory
drwxrwsr-x 10 george administrators 4096 2006-03-10 12:50 directory

------------------------
Best Regards,
UKShane
http://www.eukhost.com
Enjoy
Reply With Quote
Reply

« Understanding htaccess | More in file permissions (SUID, SGID, UMASK) »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 15:48.

 

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by Web Hosting 3.1.0
Copyright © 2001-2008, eUKhost.com. All rights reserved.

Dedicated Server Hosting | VPS Hosting | Web Hosting UK | cPanel Hosting | RSS Feeds | Contact Us | UK Web Hosting | Archive
 
Site Map

VPS Hosting
VPS Hosting plans

Dedicated Server Hosting
Dedicated Server plans

Business Web Hosting
100% uptime Hosting

Cpanel Hosting
cPanel Shared Hosting

Reseller Hosting
Reseller Web Hosting

Windows Hosting
Windows Shared Hosting

Windows VPS
Windows VPS Hosting

Semi Dedicated Servers
Semi-Dedicated Hosting

Dedicated Server Mirroring
Dedicated Server Mirroring

Webhosting Knowledgebase
Frequently asked Questions

Web Hosting Blog
eUKhost Blog

Web Hosting Support
Support Helpdesk

UK Data Center
eUKhost Datacenter

Web Hosting Forum
eUKhost Forum

Support Tutorials
Online Flash Tutorials

Offsite Back-up Plans
Remote Backup Service

Customer Testimonials
eUK Customer Testimonials
knowledgebase articles

eUKhost.com Services

Pre-Sales Questions
Pre-sales FAQ's

Domain Names
Domain registration FAQ's

cPanel Hosting
cPanel Hosting FAQ's

Windows Web Hosting
Plesk Control Panel

Reseller Hosting
Reseller Hosting FAQ's

VPS Hosting
Virtual Private Server

Semi-Dedicated Servers
Semi-Dedicated FAQ's

Dedicated Servers
Dedicated Server Hosting
popular blog categories


Web Hosting
Website Hosting articles

UK Web Hosting
UK Hosting articles

Dedicated Server Hosting
Dedicated Server guidelines

VPS Hosting
VPS hosting articles

cPanel Hosting
cPanel Hosting articles

Linux Operating System
Linux Operating techniques

Windows Web Hosting
Windows plesk articles