File & File Permissions
Users and Groups:
User: An individual who interacts with the system.
Group: A collection of users with similar permissions.
File Ownership:
Each file and directory in the system is owned by a specific user and group.
The owner has specific permissions that may differ from those of the group and others.
Permission Types:
Read: Permission to view the contents of a file or directory.
Write: Permission to modify or delete a file or directory.
Execute: Permission to execute a file (for executables or scripts) or enter a directory.
Permission Representation:
File system permissions are typically represented by a series of letters or symbols, commonly seen as:
r for read permission.
w for write permission.
x for execute permission.
- (hyphen) to indicate the absence of a permission.
Symbolic Notation:
File permissions are represented in the following order for each entity (user, group, others):
Owner (
u)Group (
g)Others (
o)
For example, rw-r--r-- indicates that the owner has read and write permissions, while the group and others have only read permissions.
Numeric Notation:
File permissions can also be represented using numeric values:
Read: 4
Write: 2
Execute: 1
These values are added together to represent the permission set. For example:
rwx= 4 (read) + 2 (write) + 1 (execute) = 7
So, rwxr-xr-- can be represented as 754.
Commands for Managing Permissions:
chmod: Command used to change file permissions.
chown: Command used to change file ownership.
chgrp: Command used to change file group ownership.
Special Permissions
Special permissions, such as Set User ID (SUID), Set Group ID (SGID), and the Sticky Bit, provide additional functionality and security to files and directories. Here's how to use each of them:
1. Set User ID (SUID):
The SUID permission allows a user to execute a file with the permissions of the file's owner. This is particularly useful for executable files that need to be run with elevated privileges.
To set the SUID permission on a file, use the chmod command with the numerical representation 4 in front of the file permissions:
For example, to set the SUID permission on a file named program, you would run:
2. Set Group ID (SGID):
The SGID permission is similar to SUID, but it allows a user to execute a file with the permissions of the file's group. This is commonly used for shared directories where multiple users need to collaborate on files while maintaining group permissions.
To set the SGID permission on a file, use the chmod command with the numerical representation 2 in front of the file permissions:
For example, to set the SGID permission on a directory named shared, you would run:
3. Sticky Bit:
The Sticky Bit is typically applied to directories to restrict the deletion or renaming of files within that directory to only the file's owner, the owner of the directory, or the root user. This is commonly used for directories where multiple users need to write files, such as /tmp.
To set the Sticky Bit on a directory, use the chmod command with the numerical representation 1 in front of the directory permissions:
For example, to set the Sticky Bit on a directory named shared, you would run:
Chown
The chown command in Unix/Linux systems is used to change the ownership of files and directories. Its basic syntax is:
OPTIONS: Optional parameters to modify the behavior of the
chowncommand.USER: The username of the new owner.
GROUP: (Optional) The groupname of the new group owner. If omitted, only the user ownership is changed.
FILE: The file or directory whose ownership is to be changed.
Example Usage:
Change Owner Only:
This changes the owner of
file.txttonewuser, leaving the group ownership unchanged.Change Owner and Group:
This changes both the owner and group of
file.txttonewuserandnewgrouprespectively.Change Group Only:
This changes the group ownership of
file.txttonewgroup, leaving the user ownership unchanged.
Options:
-R, --recursive: Recursively change ownership of directories and their contents.-v, --verbose: Output a diagnostic for every file processed.-c, --changes: Like verbose, but only report when a change is made.