Linux is a clone of UNIX, the multi-user operating system which can be accessed by many users simultaneously. Linux can also be used in mainframes and servers without any modifications. But this raises security concerns as an unsolicited or malign user can corrupt, change or remove crucial data. For effective security, Linux divides authorization into 2 levels.
- Ownership
- Permission
Similar Post: Linux Fundaments and Basic Commands
Every File/Directory in Linux & Unix systems has three types of ownership, given below:
User:
A user is the owner of the file. By default, the person who created a file becomes its owner. Hence, a user is also sometimes called an owner.
Group:
A user- group can contain multiple users. All users belonging to a group will have the same access permissions to the file. Suppose you have a project where a number of people require access to a file. Instead of manually assigning permissions to each user, you could add all users to a group, and assign group permission to file such that only these group members and no one else can read or modify the files.
Others:
Any other user who has access to a file. This person has neither created the file nor belongs to a user group who could own the file. Practically, it means everybody else. Hence, when you set the permission for others, it is also referred to as set permissions for the world.
Now, the big question arises how does Linux distinguish between these three user types so that a user ‘A’ cannot affect a file which contains some other user ‘B’s’ vital information/data. It is like you do not want your colleague, who works on your Linux computer, to view your images. This is where Permissions are set in, and they define user behavior.
Let’s understand the Permission system on Linux.
Permissions:
Every file and directory in your UNIX/Linux system has the following 3 permissions defined for all the 3 owners discussed above.
►Read: This permission give you the authority to open and read a file. Read permission on a directory gives you the ability to list its content.
►Write: The write permission gives you the authority to modify the contents of a file. The write permission on a directory gives you the authority to add, remove and rename files stored in the directory. Consider a scenario where you have to write permission on a file but do not have to write permission on the directory where the file is stored. You will be able to modify the file contents. But you will not be able to rename, move or remove the file from the directory.
►Execute: In Windows, an executable program usually has an extension “.exe” which you can easily run. In Unix/Linux, you cannot run a program unless the execute permission is set. If the execute permission is not set, you might still be able to see/modify the program code(provided read & write permissions are set), but not run it.
Basically, in Linux there are three types of permission:
- Normal Permission
- Special Permission
- ACL Permission
If you want to check permission then write down a command:
root@localhost:~# ls /abc drwxr-xr-x 2 root root 4096 Sep 17 00:07 /abc root@localhost:~# ls /abc/a.txt -rwxrw-r-- 2 root root 4096 Sep 17 00:07 /abc/a.txt
Here “d” is indicated to directory and “-” is indicated to file.
The characters are pretty easy to remember.
r = read permission = 4
w = write permission = 2
x = execute permission = 1
– = no permission
On the directory full permission is 7 and on file full permission is 6 because we can execute a directory but not a file so that is happening.
Ex: If a directory has 770 permission it means the permission is “drwxrwx—“
The various owners are represented as:
| User Denotations | |
| u | user/owner |
| g | group |
| o | other |
| a | all |
Changing Ownership and Group:
For changing the ownership of a file/directory, you can use the following command:
chown user file name
In case you want to change the user as well as a group for a file or directory use the command
chown user:group filename root@localhost:~# ls /abc drwxr-xr-x 2 root root 4096 Sep 17 00:07 /abc
So here first “root” denotes to the user and the second “root” denotes to group
Changing permission of a file:
►Numeric Way: In a numeric way you need to give permission in digits like:
root@localhost:~# ls /abc rwxr-xr-x 2 root root 4096 Sep 17 00:07 /abc root@localhost:~# chmod 770 /abc root@localhost:~# ls /abc rwxrwx--- 2 root root 4096 Sep 17 00:07 /abc
►Alphabetical Way: In a numeric way you need to give permission in alphabets like:
root@localhost:~# ls /abc rwxr-xr-x 2 root root 4096 Sep 17 00:07 /abc ### chmod u(+,-)rwx, g(+,-)rwx, o(+,-)rwx ### root@localhost:~# chmod u+rwx g+rwx o-rwx /abc root@localhost:~# ls /abc rwxrwx--- 2 root root 4096 Sep 17 00:07 /abc
Pingback: Linux File & Directory Advance Permission - Youngster Company
Pingback: Linux User & Group Management - Youngster Company
Pingback: Linux Interview Questions - Youngster Company
Pingback: What is Swap Partition and how to create it on Linux