next up previous contents
Next: File ownership Up: Security and Permissions Previous: Security and Permissions   Contents

File protection

Every file (and directory) on Linux has a mode or protection. A file may be readable (r), writeable (deletable) (w), and executable (or traversable for a directory) (x), in any combination. For a directory to be executable implies that we can traverse the directory and list files in it. In addition, a file can be accessible to a single user (u), a group of users (g), or all other users (o). You are considered the owner of all files and subdirectories in your home directory. This means that you have total, unrestricted access to these files. Use the command ls -l to check the current protection settings for a file or a directory.

Consider the following example: 

[alice@onyx]: ls -l program
-rw-r--r--   1 alice     faculty         0 Oct 25 13:15 program

There are ten protection bits. Assume that the bits are numbered 1 through 10 from left to right. Then bits 2, 3 and 4 represent the protection for the user (or the owner). The bits 5, 6 and 7 represent the protection settings for the group and the last three bits represent protection for others (not yourself or those in your group). Now we can read the above example. The file called program can be read by alice, anyone in the group faculty as well as any other user on the system. However only alice has write access to the file. The first bit has special meaning if it is set (see the man page for chmod for more on this special bit).

Consider another example: 

[alice@onyx]: ls -l wideopen
-rwxrwxrwx   1 alice     faculty         0 Oct 25 13:23 wideopen

Everyone on the system has read, write and execute access to the file named wideopen. Suppose we want to remove write access from all users except the owner of the file. Then the owner of the file (alice) will use the following command. 

 
[alice@onyx]: chmod g-w,o-w wideopen
[alice@onyx]: ls -l wideopen
-rwxr-xr-x   1 alice     faculty         0 Oct 25 13:23 wideopen

Note that + adds access and - removes access. See the man page for chmod for more details.

Here is an example of protecting a directory from all other users. 

 
[alice@onyx]: chmod g-rwx,o-rwx myhw
[alice@onyx]: ls -l myhw
drwxr------   1 alice     faculty         1024 Oct 25 13:23 myhw

To make a file executable by all users, use the chmod command:

chmod +x filename

This is useful for creating your own commands. See Section 6.3 for more on how to create your own commands.

Note that running the command chmod on a directory only changes the permission on that directory but does not descend into it recursively to change permissions on all files and subdirectories inside the directory. In order to do that, use the recursive option (-R). For example,

chmod -R g+rw project

allows the group to have read and write access on all files in the project directory.

next up previous contents
Next: File ownership Up: Security and Permissions Previous: Security and Permissions   Contents