Permissions: Mode, User and Group Ownership

Owner and Permissions

Types of permissions

  • Read (r)

  • Write (w)

  • Execute (x)

Separate permissions for …

  • User (u): the owning user of the entry

  • Group (g): the owning group of the entry

  • Others (o): all others

A Simple Example

  • Group team

  • User jfasch, member (among possibly others) of group team

  • User teammember42, also member of group team

  • User manfromthestreet, not member of group team

The typical ls -l output:

$ ls -l tasks.csv
-rw-rw-r-- 1 jfasch team 396 Jun  8 14:49 tasks.csv

Three groups of “bits”: rw-, rw-, r--

Bits

Meaning

rw-

Read- and writable for owning user (jfasch)

rw-

Read- and writable for (members of) owning group (team)

r--

Readable for all others: those who are neither user jfasch nor belong to group team

First column (-) is irrelevant (it’s the type: regular file)

Permission Check: User

Can user jfasch write the file?

  • Which triplet to check?

    • jfasch is the owner of the file

    • ⟶ The first triplet: rw-

  • ⟶ yes, jfasch can write

  • (likewise, jfasch will be able to read)

Permission Check: Group

Can user teammember42 write the file?

  • Which triplet to check?

    • teammember42 is not jfaschnot the first triplet

    • Is teammember42 a member of group team?

      $ id teammember42
      uid=1001(teammember42) gid=1002(teammember42) groups=1002(teammember42),1001(team)
      
      • Answer: yes

      • ⟶ second triplet, rw-

  • ⟶ yes, teammember42 can write

  • (likewise, teammember42 will be able to read)

Permission Check: Others

Can user manfromthestreet read the file?

  • Which triplet to check?

    • manfromthestreet is not jfaschnot the first triplet

    • Is manfromthestreet a member of group team?

      $ id manfromthestreet
      uid=1002(manfromthestreet) gid=1003(manfromthestreet) groups=1003(manfromthestreet)
      
      • Answer: no

      • ⟶ not the second triplet

    • manfromthestreet is among the others

      • Third triplet, r--

      • ⟶ no, manfromthestreet cannot write

      • (manfromthestreet can read though)

Programs: Execute Permissions

What makes a file a program?

$ ls -l /bin/ls
-rwxr-xr-x ... /bin/ls

Facts …

  • An executable file does not have to end with .exe to be executable

  • … it simply is executable

Directory Permissions

$ ls -ld /etc
drwxr-xr-x 1 root root 4882 Mar 22 12:20 /etc
  • Read permissions: content (list of names) is readable

  • Execute permissions: to access a file (e.g. for reading), one has to have execute permissions on the parent directory and all directories along the path

  • The right to cd into the directory

Permission Bits, octal

ls -l Output

Binary

Shell command

-rw-r--r--

110100100

chmod 0644 <path>

-rw-------

110000000

chmod 0600 <path>

-rwxr-xr-x

111101101

chmod 0755 <path>

Shell Commands: Tuning Permissions

  • Permission modification (set to octal value, absolutely, the whole bitmask no matter what)

    $ ls -l /bin/script.sh
    -rw-rw-r-- 1 jfasch jfasch 612 Mar 23 18:39 script.sh
    $ chmod 755 /bin/script.sh
    -rwxr-xr-x 1 jfasch jfasch 0 Mar 23 18:39 script.sh
    
  • Permission modification (differential symbolic)

    $ ls -l /bin/script.sh
    -rw-rw-r-- 1 jfasch jfasch 612 Mar 23 18:39 script.sh
    $ chmod u+x,g-w,g+x,o+x script.sh
    $ ls -l script.sh
    -rwxr-xr-x. 1 jfasch jfasch 0 Mar 23 18:42 script.sh
    

Shell Commands: Changing User/Group Ownership

  • Group ownership modification (only root and members of the group can do this)

    $ chgrp team /tmp/file
    
  • Ownership modification (only root)

    # chown jfasch /tmp/file
    
  • chmod, chown, and chgrp understand -R for “recursive”.