CSC128 : Introduction to Linux

Permissions and Links

Permissions

The ls -l command displays a lot of information about the files in the directory:

To read a file, you need to have read (r) permission for that file.

To write to a file, to modify a file , or to erase a file, you need to have write ( w) permission for that file.

To run a program or to change to a directory, you need to have execute (x ) permission for that program or directory.

If you are the owner of a file (you made it, it's yours), then that file's user permissions take effect.
If you are in the group that a file is assigned to, then that file's group permissions take effect.
Otherwise, the file's other permissions take effect.

You can find out your login name with the whoami command.
You can find out what groups you are in with the groups command.

You can change the permissions on a file with the chmod command.
(See p 759 in the book, A Practical Guide to Linux, for more information on this command.) It is important that in most cases, it makes no sense to set permissions on yourself more restrictive than group or other, therefore: chmod 466 [filename] does not make sense (see below). It is also important to remember that permissions basically do not apply to the root user.

Many people find it easiset to set permissions using numbers, instead of letters. The numbers are represented like this in binary:
Base10 Number Binary resulting permission 0 000 --- 1 001 --x 2 010 -w- 3 011 -wx 4 100 r-- 5 101 r-x 6 110 rw- 7 111 rwx So, the chmod command is used with 3 numbers each number sets the permissions for a different group, User-Group-Other in order. The advantage is that the permissions are completly re-set and it becomes easy to remember 'chmod 644 [webpage]' or chmod 600 [secret_file] Here are examples of the chmod command in action: command Resulting Permission Comments --------------------------------------------------------------- >chmod 755 [dirname] rwxr-xr-x this is how public directories are set remember that directories must have execute permissions set to allow 'pass through' >chmod 644 [filename] rw-r--r-- this is how typical world readable files are set (web pages etc.) >chmod 700 [filename] rwx------ this is how a private executable file would be set (also a private directory) >chmod 600 [filename] rw------- private non-executable file >chmod 2775 [dirname] rwxrwsr-x a directory that is setGID (directory may have to be chgrp 'ed before setting the permissions)

To add (+) read (r) permissions for all (a) to the file verse

chmod a+r verse

To remove (-) write (w) permissions for other (o) from the file verse

chmod o-w verse

To set (=) the permissions to read (r) and execute (x) for the group (g) and for the user/owner (u) for the file verse

chmod ug=rx verse

To set (=) the permissions for a directory (named secure_dir) to be secure from everyone but the user/owner (u)

chmod og= secure_dir
(This removes all permissions for group (g) and other (o), by setting (=) them to nothing.)

Hard Links

Directory entries point to data in the filesystem. There is nothing wrong with having two different entries point to the same data. This is called a hard link.

To make a hard link, use the ln command. The usage is similar to the cp command:

ln existing_filename new_hard_link

This will make a new file name entry in the same inode making the file have 2 names (links) that are the same file.

If you erase the original file, the data remains, since it is still linked to the new filename. You can see the number of hard links there are to a particular file in the ls -l listing, in the column to the right of the permissions.

Note: you can't make a hard link across filesystems. If two different directories refer to data on two different hard drives, then a hard link cannot be made from a file on one to a new file on the other. Also, you can't make a hard link to a directory; the only hard links to directories are the . and .. special directories.

Symbolic Links

Symbolic links are similar to hard links, but instead of the new file pointing to the same data as the existing file, the new file points to the existing filename .

To make a symbolic link , use the ln -s command:

ln -s existing_filename new_sym_link

Symbolic links don't point to the actual data on the filesystem, so if the original file is erased, then the symbolic link will still point to the now-erased original filename.

Symbolic links have advantages over hard links, and so are used much more often:

Symbolic links can span filesystems; hard links cannot .

Symbolic links can be made for directories; hard links cannot.

Symbolic links can point to non-existent files; hard links cannot.

Symbolic links Do have seperate inodes (needed because they can reside on seperate filesystems) hard links are just another name added into the inode of the same file.