File permissions Lab # 5

LAB # 5
File permissions

Concepts of file Permissions

      Because there is typically more than one user on a Linux system, Linux provides a
mechanism known as file permissions, which protect user files from tampering by
other users. This mechanism lets files and directories be “owned” by a particular user.
For example xyz(user) created the files in his home directory, xyz(user) owns those
files and has access to them.

Linux also lets files be shared between users and groups of users. If xyz(user) desired,
he could cut off access to his files so that no other user could access them. However,
on most systems the default is to allow other users to read your files but not modify or
delete them in any way.

  Every file is owned by a particular user. However, files are also owned by a
particular group, which is a defined group of users of the system. Every user is placed
into at least one group when that user's account is created. However, the system
administrator may grant the user access to more than one group.

    Groups are usually defined by the type of users who access the machine. For
example, on a university Linux system users may be placed into the groups student,
staff, faculty or guest.

Permissions fall into three main divisions: read, write, and execute. These permissions
may be granted to three classes of users: the owner of the file, the group to which the
file belongs, and to all users, regardless of group.

1. Read permission lets a user read the contents of the file, or in the case of
directories, list the contents of the directory (using ls).

2. Write permission lets the user write to and modify the file. For directories,
write permission lets the user create new files or delete files within that
directory.

3. Execute permission lets the user run the file as a program or shell script (if the
file is a program or shell script). For directories, having execute permission
lets the user cd into the directory in question.

Submitted By: Ali Murad

Submitted To: Muhib Khan
File permissions Lab # 5

Interpreting file permissions

        Let's look at an example that demonstrates file permissions. Using the ls
command with the -l option displays a “long” listing of the file, including file
permissions.

-rw-r--r-- 1 danny users 99 dec 6 09:18 story

The first field in the listing represents the file type. The second field is the owner of
the file (danny), the third field is the group to which the file belongs ( users).
Obviously, the last field is the name of the file (story).

This file is owned by danny, and belongs to the group users. The string –rw-r--r--
lists, in order, the permissions granted to the file's owner, the file's group, and
everybody else.

The first character of the permissions string (“-“) represents the type of file. The next
three characters (“rw-“) represent the permissions granted to the file's owner, danny.
The “r” stands for “read” and the “w” stands for “write”. Thus, danny has read and
write permission to the file story.

As mentioned, besides read and write permission, there is also “Execute” permission
represented by an “x”. However, a “-“ is listed here in place of an “x”, so danny
doesn't have execute permission on this file. This is fine, as the file story isn't a
program of any kind. Of course, because danny owns the file, he may grant himself
execute permission for the file if he so desires.

The next three characters, (“r--“), represent the group's permissions on the file. The
group that owns this file is users. Because only an “r” appears here, any user who
belongs to the group users may read this file.

The last three characters, also (“r--“), represent the permissions granted to every other
user on the system (other than the owner of the file and those in the group users).
Again, because only an (“r--“) is present, other users may read the file, but not write
to it or execute it.

Permissions Dependencies
      The permissions granted to a file also depend on the permissions of the directory
in which the file is located. For example, even if a file is set to -rwxrwxrwx, other

Submitted By: Ali Murad

Submitted To: Muhib Khan
File permissions Lab # 5

users cannot access the file unless they have read and execute access to the directory
in which the file is located. For example, if Danny wanted to restrict access to all of
his files, he could set the permissions to his home directory /home/danny to -rwx---.
In this way, no other user has access to his directory, and all files and directories
within it. Danny doesn't need to worry about the individual permissions on each of
his files.

In other words, to access a file at all, you must have execute access to all directories
along the file's pathname, and read (or execute) access to the file itself.

Typically, users on a Linux system are very open with their files. The usual set of
permissions given to files is -rw-r-r-, which lets other users read the file but not
change it in any way. The usual set of permissions given to directories is -rwxr-xr-x,
which lets other users look through your directories, but not create or delete files
within them.

However, many users wish to keep other users out of their files. Setting the
permissions of a file to -rw---- will prevent any other user from accessing the file.
Likewise, setting the permissions of a directory to -rwx--- keeps other users out of
the directory in question.

File Permissions
The file permission system allows you to define the level of access to
individual files and directories for three different types of users.

Abb. Person Description

u user The user associated with the file (i.e. the file's owner).
g group Members of the group associated with the file.
o other Everyone else.

There are three kinds of access or permissions each different type of user can be
given.

Abb. Permission
r read permission
w write permission
x execute permission

These permissions have different meanings when applied to a directory versus a

regular file. The following tables summarize permission meanings for files and
directories.

Permission Regular File Privileges

Submitted By: Ali Murad

Submitted To: Muhib Khan
File permissions Lab # 5

read  Copy and view.

 Access with commands such as cat and
grep.
write  Edit, delete and overwrite.
execute  Run a program or shell script.

Permission Directory Privileges

read  List directory contents with ls.
write  Create, edit, rename and delete files and subdirectories within the
directory.
execute  Cd into directory.
 List directory contents with ls.
 Create, edit, rename, access and delete files or subdirectories within
the directory.
 Execute a program or shell script within the directory.

Permission is said to be turned on if it is available. If not, it is said to be turned off.

The chmod command turns file permissions on and off. The ls command with the -l
option displays file permissions.

Changing Permissions.

 Chmod - change mode

Chmod [options] mode files...

Change the access mode (i.e. file permissions) of one or more files and directories.
Mode can be specified using symbolic or octal format. To execute chmod on a file or
directory you must be its owner or a super user.

Specifying Mode in Symbolic Format:

u   (user)
g   (group)
o   (other)
a   (all) (i.e. ugo)

Operator op sets, adds or removes permissions. It is specified as

=   (set permission exactly), or

+   (add permission), or

Submitted By: Ali Murad

Submitted To: Muhib Khan
File permissions Lab # 5

-   (remove permission)

Permission can be any combination of

r   (read)
w   (write)
x   (execute)

Specifying Mode in Octal Format:

nnn

Sets the permissions based on three octal numbers. The first number defines access
for the user, the second for the group and the last for others. The octal number, n, is
a number between 0 and 7. Each type of permission has an octal number associated
with it.

Permissions Octal Number

Read 4
Write 2
Execute 1

The file permission is determined by adding the octal numbers of each desired
permission. This provides seven unique numbers for every possible combination of
read, write and execute permission. If a 0 is used then no access is granted.

-rwxr-x--x 1 denie users 99 dec 6 09:18 story

Looking at the numbers for story we see permissions of 751: 7 for owner (hundreds
positions), 5 for group (ten positions), and 1 for others (one position). See the table
below for number positions in detail.

Examples:

1. chmod u=rw,g=r,o= file1

Set the permissions on file1 so that the user has both read and write access, the
group has read access and others have no access.

2. chmod go-wr *

Remove read and write permission for the group and others for all files in the
current directory.

Submitted By: Ali Murad

Submitted To: Muhib Khan
File permissions Lab # 5

3. $ chmod 660 chap1 chap2

For the user and group allow read and write access to the files chap1 and
chap2. The octal number specifying read and write permission, 6, is
determined by adding 4 to give read permission and 2 to give write
permission. Others have no access to the files as specified by the octal number
0.

4. $ chmod 700 dir1

Set permissions on the directory dir1 so that the user has complete access
(read + write + execute = 2 + 4 + 1 = 7). The group and others have no
access to the directory.

5. $ chmod 770 file1

Set permissions on the file file1so that the user and group has complete access
and others have no access to the file

1. Read Permission
Read permission grants privileges to use files and directories. Read permission
allows a file to be viewed, copied and accessed by commands such as cat and
grep.

Read permission allows a directory to be accessed by programs. A user without

read permission cannot list all files in a directory with the ls command; however,
the user can still list files within the directory by their exact name.

Read permission can be granted to three different classes of people: the file's user
(or owner), the file's group and others.

Also Known As: read access, readable

Examples:

 $ chmod u-r,u+w afile

Changes the permissions on the file afile so that the user has write permission but
not read permission. The user can no longer view or copy the file.

$ cat afile

Submitted By: Ali Murad

Submitted To: Muhib Khan
File permissions Lab # 5

cat: afile: Permission denied

$ grep hello afile
grep: afile: Permission denied
$ cp afile bfile
cp: afile: Permission denied

The user can still rename, overwrite or delete the file. For example,

$ mv afile bfile
$ rm afile
$ cp afile ./labs

 $ chmod u-r,u+wx adir

Changes the permissions on the directory adir so that the user has write and
execute permission but not read permission. The user can still cd into adir, create
files and subdirectories within adir and delete adir, but he cannot list all files
within adir.

$ cd adir
$ ls
ls: .: Permission denied
$ Cat > file1
$ mkdir sdir

The user can list a file or directory within adir by its exact name, but cannot use
wildcards. For example,

$ ls file1
file1
$ ls file*
ls: No match.

2. Write permission
Write permission grants privileges to use files and directories. Write
permission allows a file to be edited, deleted and overwritten. Many commands
such as cp, rm, mv, and vi will override write permissions when used with the
correct command line option or after querying the user

Write permission is required to create, edit, rename and delete files and
subdirectories within a directory. Note that execute permission is also required for
these tasks.

Write permission can be granted to three different classes of people: the file's user
(or owner), the file's group and others.

Submitted By: Ali Murad

Submitted To: Muhib Khan
File permissions Lab # 5

Also Known As: write access, writable

Examples:

1. $ chmod u-w,u+rx adir

Changes the permissions on the directory adir so that the user has read and
execute permission but not write permission. The user can still cd into adir and
list files in the directory, but cannot create, rename or delete files or subdirectories
within adir.

$ cd adir
$ ls
file1 file2 sdir
$ rm file1
rm: file1: Permission denied
$ cp file1 newfile
cp: newfile: Permission denied
$ mv file1 newname
mv: rename file1 to newname: Permission denied
$ mkdir sdir2
mkdir: sdir2: Permission denied

3. Execute Permission

Execute permission grants privileges to use files and directories. Execute

permission on a file allows the user to run a program or shell script.

Execute permission on a directory is required to cd into the directory, list the contents
of the directory with the ls command as well as create, edit, rename, access and delete
files or subdirectories within the directory. It is also required to execute a program or
shell script within a directory.

Execute permission can be granted separately to three different classes of people: the
file's user (or owner), the file's group and others.

Also Known As: execute access, executable

Examples:

Submitted By: Ali Murad

Submitted To: Muhib Khan
File permissions Lab # 5

 Programs such as vi and emacs are executable files.

 By denying execute permission on a directory you prevent virtually all access
to the directory's files and subdirectories.

Lab Task

Task: Explain the uses of chmod.

Command: Ch mod [optional]filename.
Description: There are various options for the use of chmod Each option can be
applied to any file and each option can be used with either user(0),group(g).or
other(0).And each can be granted with or taken grant from their permission of
read(0),write(w),and (x) execute.

If we use”+” operator it will grant the specified permission (over writes).

Example: chmod u+rwx, g-rwx` ,u-rwx file 1 above example would grant’file 1’
permission for users to read, write and execute the file; for group to read , write and
execute the file andtake permission away from other to read,write and execute.

Submitted By: Ali Murad

Submitted To: Muhib Khan