Friday, February 5, 2010

Get to know Linux: File permissions

Have you ever attempted to do something with a file on a Linux machine and been given the error “permission denied”?

For some people this isn’t a problem, either su to the root user or use the sudo command to help you along.

For some users, however, this can be very frustrating. Why? When you don’t understand file permissions, using and (especially) administering a Linux system can be a real pain.

Even though you can read an extended listing of a file and  see drwxr–r–, if you don’t know what that means (or how to manipulate it) what good is that extended listing? And what good is that file if you can’t access it (when you need to or should be able to)?

In this article I will introduce you to Linux file permissions and how to manipulate them. I will show you how to manipulate permissions from both the command line as well as the GNOME gui Nautilus.


Breaking down the permissions
When you do a long list (ls -l ) in a directory you will see listings like:


drwxr-xr-x  jlwallen  jlwallen  12288  2009-12-22  16:26  Documents

What we want to concentrate on right now is the first bit, drwxr-xr-x. This string of characters lists the full permissions of the file or directory.

It is also important to know the next two strings (in this case both are jlwallen) are the user and group associated with the file.

Let’s go back to the permissions string. The first character, d, means the listing is a directory. Now, instead of looking at the next portion of the string as a single group, think of it as three groups:
  • rwx
  • r-x
  • r-x
The first set of three characters in a permissions listing always marks the permissions of the owner of the file (in this case, jlwallen). The letter o is associated with owner.

The next set of three marks the permissions of all users that belong to the group associated with the file (in this case, again, it’s jlwallen).

The letter g is associated with group. The final set of three characters marks the permissions of everyone else.

The letter u is associated with others.

Now let’s break down the components of the permission string:
  • r – read permission
  • w – write permission
  • x – executable permission
Changing permissions
Let’s say you have a file, test, that is a script that needs to be executed. The default ownership of this file is:

-rw-rw—-

Now let’s say you want both the owner (in this case jlwallen) and anyone belonging to the group (in this case jlwallen) to be able to execute this script.

Remember, execute is x and you want to give x permission to o and g. To do this you use the chmod command like so:


# chmod og+x test

The above command would add executable permission to owner and group. The new listing would look like:

-rwxrwx—

Now both the owner and anyone belonging to the group jlwallen can execute this script.

The GUI way


Figure 1

You can change permissions of a file with the help of the Nautilus file manager. Open up the file manager and navigate to where you have the test file saved. Right click the icon of that file (or listing if you are not in icon view mode) and select Permissions.

From within this new window click on the Permissions tab (see Figure 1).

As you can see, changing permissions for this file is just a matter of selecting the necessary entry from the Access drop-down associated with either Owner, Group, or Others.

However, you will notice that these drop-downs only have two entries: Read or Read and Write. In the case of our test file we would want to check the “Allow executing file as program” checkbox to make this file executable.

The only drawback to this method is you can not specify who has execute permissions. If you mark a file executable it will be so for all.

Figure 2

With the KDE file manager, Dolphin, you can get a bit more fine grain with your permissions. When you right click a file in Dolphin select Properties and then click on the Permissions tab.

In this tab is an Advanced Permissions button. Click that and a smaller window will open (see Figure 2) where you can select precisely what each class (owner, group, other) has what permissions. Make your choices and click OK.


Final thoughts
Although the GUI tools are helpful for the new users, having real control over file permissions should be handled through the command line.

But for those who absolutely do not want to use the command line, there are options for you. You will certainly want to get familiar with permissions.

Knowing how to navigate file permissions will save you a lot of time and hassle when using the Linux operating system.

1 comment: