Access rights to the files in Linux

Users and groups

Linux is a multi-user system, so it has the mechanism of differentiation of access: each user has the specific rights of access to various system functions and also rights of access to files. In addition to users in Linux there are also user groups.

As well as individual user each group has a certain set of access rights to various components of the system, and each user-member of such group automatically gets all rights of the group. 

 Owner and owner group

Initially, when you create a file, the user who has started the process of creating a file will be declared as the file’s owner. A group is also assigned when you create the file: by the identifier of process group creating the file. 

 Command ls -l <file name> allows to know information about the file including the info about the owner, owner group (i.e. the group that owns the owner) and rights to access the file. Let’s consider a specific example:

ls -l point_resource.py 
-rw-rw-r-- 1 devel devel 710 Nov 19 10:07 point_resource.py

It isn’t necessary to specified a file name for command ls -l , this way it will display information about all files of the directory.

In this case the file owner is the user devel and group devel. The first field defines the file type and access rights to it. In that example it will be -rw-r–r–.  These symbols can be divided into 4 groups. 

The first group (the first symbol) indicates the file type and can take the following values:

  • – = — an usual file;
  • d = — a catalog;
  • b = — a block device file;
  • c = — a character device file;
  • s = — socket;
  • p = — pipe;
  • l = — link.

The second, third and fourth group take on three characters. They defines the access rights accordingly for the file owner, group of the owners and for all rest users of system (i.e.  for all users excluding the file owner and owner group). If the access rights for the owner is defined as rwx, that means the owner has the right to read the file (r), to write to the file (w), and run the file to execute.

In our example the owner devel has the right of reading (r) and writing (w). A dash means that this right is absent.

For changing of file access rights is used the command chmod. It can be used in two ways, in the first case you should explicitly specify a given right or who will be deprived of the right:

[user]$ chmod wXp file_name

where instead of the symbol w is substituted:

  • u (i.e. user who is an owner);
  • g (group);
  • o (all users who aren’t included to the group that owns this file)
  • a (all system users, i.e. owner, group and all the rest).

Instead of X put:

  • + (give the right);
  • or – (deprive of the right);
  • or = (to set these rights instead of currently existing),

p is replaced by the symbol denoting the corresponding right:

r (reading);

  • w (writing);
  • x (executing).

Here are some examples of the usage of the command chmod:

#providing all system users the right to execute this file
[user]$ chmod a+x file_name
#depriving of the right of reading and writing for all but the file owner 
[user]$ chmod go-rw file_name

 The second variant of the chmod command is based on a digital designation of rights.

Access rights and information about the type of file in UNIX systems are stored in the index descriptors in a separate structure that consists of 2 bytes, i.e. 16 bits. The last 9 bits specify the access rights to the file, they are divided into 3 groups of 3 bitsThe first 3 bits set owner permissions, the next 3 bits are the rights of the owner group, the last 3 bits define the rights of all other users. In this case, if the corresponding bit has a value equal to 1, the right is provided, and if its value is 0, then the right is not provided. In the symbolic form of rights record 1 is replaced by the appropriate character (r, w or x) and 0 is represented by a dash.

Accordingly, it is possible to encode the r100, w – 010, x 001, in decimal notation it corresponds to the following representation: r – 4, w – 2, x – 1.

To allow users some set of rights you should make adding the corresponding numbers. Having the needed numeric values for the file owner, for owner group and all the rest users we’ll assign these 3 numbers as the argument of command chmod. For example, if we have to set all rights for owner (4+2+1=7) and to give the group the rights of reading (4+2=6) and writing but haven’t to give any rights all the rest users, we should use the next command:

[user]$ chmod 760 file_name

Only the file owner or superuser can change the rights of users with usage of chmod command. In order to be able to change group permissions, the owner must also be a member of the group which he wants to give rights to this file.

Change of ownership

You can change the owner of file by using the command chown. As the name of the owner/group takes the first command argument. If only the owner’s name (or numeric identity of user) is specified, then this user gets the owner of each given file and the group of these files isn’t changing. If the name of group (or numeric ID of the group) is located  through the colon after the user name, with no spaces between them, then the group of the file also will be change.  

 

The example

To change the owner for strace.log to ‘rob’ and ID of group to ‘developers’:

chown rob:developers strace.log

 Links:

https://en.wikipedia.org/wiki/Chown

ShareShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on VKEmail this to someone