Difference between revisions of "Linux permissions"

From ScientificComputing
Jump to: navigation, search
(Introduction)
Line 4: Line 4:
  
 
File:
 
File:
  [leonhard@euler03 ~]$ '''ls -ltr gurobi.log'''  
+
  [sfux@euler03 ~]$ '''ls -ltr gurobi.log'''  
  '''-rw-r--r--''' 1 leonhard T0000 330 May 18 13:34 gurobi.log
+
  '''-rw-r--r--''' 1 sfux T0000 330 May 18 13:34 gurobi.log
  
 
Directory:
 
Directory:
  [leonhard@euler03 ~]$ '''ls -ltrd bin'''
+
  [sfux@euler03 ~]$ '''ls -ltrd bin'''
  '''drwx------''' 2 leonhard T0000 4096 Feb  5  2015 bin
+
  '''drwx------''' 2 sfux T0000 4096 Feb  5  2015 bin
  
 
In these examples, the so called '''permission string''' is marked in bold. The permission string always contains '''10 characters''' which can either be a letter or a dash. The first position in the string is used to specify if the data object is a file (-) or a directory (d). After the first position, the permission string is contains '''3 groups of 3 characters''' for specifying the 3 basic permissions for each of the 3 permission groups
 
In these examples, the so called '''permission string''' is marked in bold. The permission string always contains '''10 characters''' which can either be a letter or a dash. The first position in the string is used to specify if the data object is a file (-) or a directory (d). After the first position, the permission string is contains '''3 groups of 3 characters''' for specifying the 3 basic permissions for each of the 3 permission groups
Line 69: Line 69:
 
Permissions of a file/directory can be displayed with the '''ls -l''' (files and directories).
 
Permissions of a file/directory can be displayed with the '''ls -l''' (files and directories).
  
  [leonhard@euler03 ~]$ '''ls -l'''
+
  [sfux@euler03 ~]$ '''ls -l'''
 
  total 112
 
  total 112
  drwx------  2 leonhard T0000  4096 Feb  5  2015 bin
+
  drwx------  2 sfux T0000  4096 Feb  5  2015 bin
  drwxr-x---  2 leonhard T0000  4096 Sep 22 14:43 comsol
+
  drwxr-x---  2 sfux T0000  4096 Sep 22 14:43 comsol
  -rw-r--r--  1 leonhard T0000 16330 Sep 30 08:23 comsol_commands
+
  -rw-r--r--  1 sfux T0000 16330 Sep 30 08:23 comsol_commands
  -rw-r--r--  1 leonhard T0000  287 Oct  6 09:59 comsolusers
+
  -rw-r--r--  1 sfux T0000  287 Oct  6 09:59 comsolusers
  -rw-r--r--  1 leonhard T0000  330 May 18 13:34 gurobi.log
+
  -rw-r--r--  1 sfux T0000  330 May 18 13:34 gurobi.log
  drwx------  7 leonhard T0000  4096 Sep  4 16:21 inst_instr
+
  drwx------  7 sfux T0000  4096 Sep  4 16:21 inst_instr
  drwxr-xr-x  2 leonhard T0000  4096 Jul 24 13:36 lics
+
  drwxr-xr-x  2 sfux T0000  4096 Jul 24 13:36 lics
  -rwxr-xr-x  1 leonhard T0000  812 Jul  2  2014 lsf_drmaa.conf
+
  -rwxr-xr-x  1 sfux T0000  812 Jul  2  2014 lsf_drmaa.conf
  -rw-r--r--  1 leonhard T0000  934 Oct  6 12:40 lsf.o10527387
+
  -rw-r--r--  1 sfux T0000  934 Oct  6 12:40 lsf.o10527387
  drwxr-xr-x  2 leonhard T0000  4096 Oct  2 08:53 mathematica
+
  drwxr-xr-x  2 sfux T0000  4096 Oct  2 08:53 mathematica
  drwxr-xr-x  2 leonhard T0000  4096 May 22 09:26 openfoam
+
  drwxr-xr-x  2 sfux T0000  4096 May 22 09:26 openfoam
  drwx------  6 leonhard T0000  4096 Apr 29 16:38 prog
+
  drwx------  6 sfux T0000  4096 Apr 29 16:38 prog
  drwxr-xr-x  3 leonhard T0000  4096 Jul 13 15:49 R
+
  drwxr-xr-x  3 sfux T0000  4096 Jul 13 15:49 R
  drwx------  2 leonhard T0000  4096 Jul 24 08:02 rre7
+
  drwx------  2 sfux T0000  4096 Jul 24 08:02 rre7
  drwx------  2 leonhard T0000  4096 Apr  9  2014 scratch
+
  drwx------  2 sfux T0000  4096 Apr  9  2014 scratch
  drwx------  3 leonhard T0000  4096 Oct  8 15:34 shellscript
+
  drwx------  3 sfux T0000  4096 Oct  8 15:34 shellscript
  drwxr-x---  2 leonhard T0000  4096 Dec 18  2014 sources
+
  drwxr-x---  2 sfux T0000  4096 Dec 18  2014 sources
  drwxr-xr-x 11 leonhard T0000  4096 Oct  7 15:01 test
+
  drwxr-xr-x 11 sfux T0000  4096 Oct  7 15:01 test
  drwxr-xr-x 33 leonhard T0000  4096 Sep 17 09:58 testrun
+
  drwxr-xr-x 33 sfux T0000  4096 Sep 17 09:58 testrun
  
 
==Changing permission settings==
 
==Changing permission settings==
Line 95: Line 95:
  
 
As a starting point, we use the following file with given permissions:
 
As a starting point, we use the following file with given permissions:
  [leonhard@euler03 ~]$ '''ls -l gurobi.log'''  
+
  [sfux@euler03 ~]$ '''ls -l gurobi.log'''  
  -rw-r--r-- 1 leonhard T0000 330 May 18 13:34 gurobi.log
+
  -rw-r--r-- 1 sfux T0000 330 May 18 13:34 gurobi.log
  
 
Removing the write permission for user sfux can be achieved by executing the command '''chmod u-w gurobi.log'''.
 
Removing the write permission for user sfux can be achieved by executing the command '''chmod u-w gurobi.log'''.
  [leonhard@euler03 ~]$ '''chmod u-w gurobi.log'''
+
  [sfux@euler03 ~]$ '''chmod u-w gurobi.log'''
  [leonhard@euler03 ~]$ '''ls -l gurobi.log'''
+
  [sfux@euler03 ~]$ '''ls -l gurobi.log'''
  -r--r--r-- 1 leonhard T0000 330 May 18 13:34 gurobi.log
+
  -r--r--r-- 1 sfux T0000 330 May 18 13:34 gurobi.log
  
 
It is also possible to combine permission changes. If '''chmod ugo+x''' is used instead of '''chmod u-w''', execute permission is added for all permission groups.
 
It is also possible to combine permission changes. If '''chmod ugo+x''' is used instead of '''chmod u-w''', execute permission is added for all permission groups.
  
  [leonhard@euler03 ~]$ '''chmod ugo+x gurobi.log'''
+
  [sfux@euler03 ~]$ '''chmod ugo+x gurobi.log'''
  [leonhard@euler03 ~]$ '''ls -l gurobi.log'''  
+
  [sfux@euler03 ~]$ '''ls -l gurobi.log'''  
  -rwxr-xr-x 1 leonhard T0000 330 May 18 13:34 gurobi.log
+
  -rwxr-xr-x 1 sfux T0000 330 May 18 13:34 gurobi.log
  
 
For changing the permission pattern to 755 you would execute the command '''chmod 755 gurobi.log'''
 
For changing the permission pattern to 755 you would execute the command '''chmod 755 gurobi.log'''
  
  [leonhard@euler03 ~]$ '''chmod 755 gurobi.log'''
+
  [sfux@euler03 ~]$ '''chmod 755 gurobi.log'''
  [leonhard@euler03 ~]$ '''ls -l gurobi.log'''
+
  [sfux@euler03 ~]$ '''ls -l gurobi.log'''
  -rwxr-xr-x 1 leonhard T0000 330 May 18 13:34 gurobi.log
+
  -rwxr-xr-x 1 sfux T0000 330 May 18 13:34 gurobi.log
  
 
==Links==
 
==Links==

Revision as of 13:04, 28 June 2019

Introduction

In Linux, access to data objects like files and directories is handled via permissions. Typical permission settings for a file/directory can for example look like

File:

[sfux@euler03 ~]$ ls -ltr gurobi.log 
-rw-r--r-- 1 sfux T0000 330 May 18 13:34 gurobi.log

Directory:

[sfux@euler03 ~]$ ls -ltrd bin
drwx------ 2 sfux T0000 4096 Feb  5  2015 bin

In these examples, the so called permission string is marked in bold. The permission string always contains 10 characters which can either be a letter or a dash. The first position in the string is used to specify if the data object is a file (-) or a directory (d). After the first position, the permission string is contains 3 groups of 3 characters for specifying the 3 basic permissions for each of the 3 permission groups

Basic permissions

In Linux there are 3 basic permission.

  • Read permission (r):
    Grants you the permission to read a file/directory.
  • Write permission (w):
    Grants you the permission to write or delete a file/directory.
  • Execute permission (x):
    Grants you the permission to execute a file or to enter a directory.

The basic permissions are represented by a letter if they are set, or by a dash if they are not set.

Permission groups

Permissions are specified on 3 different levels (permission groups)

  • User permission (u)
    Contains the permission settings for the user account (in the example mentioned above, the user would be sfux).
  • Group permission (g)
    Contains the permission settings for the user group (in the example mentioned above, the group would be T0000).
  • Others permission (o)
    Contains the permission settings for all user accounts that are not contained in (u) and (g).

Since a permission group contains a value for each of the 3 basic permissions (r,w,x), there are only 8 patterns possible. Because of this a permission group can also be represented by single number between 0 and 7. The numeric representation of the permission patterns is implemented by assigning values to the basic permissions (r=4, w=2, x=1) that need to be summed up to result in the numeric representation of the permission group.

string representation numerical representation single number representation
--- 000 0
--x 001 1
-w- 020 2
-wx 021 3
r-- 400 4
r-x 401 5
rw- 420 6
rwx 421 7

A permission string can be represented by 3 single number representations of permissions groups which are always specified in the order user,group,other

-rwx------ is equal to 700  
-rwxr-x--- is equal to 750 
-rwxr-xr-x is equal to 755 
-rwxrwxrwx is equal to 777

Displaying permission settings

Permissions of a file/directory can be displayed with the ls -l (files and directories).

[sfux@euler03 ~]$ ls -l
total 112
drwx------  2 sfux T0000  4096 Feb  5  2015 bin
drwxr-x---  2 sfux T0000  4096 Sep 22 14:43 comsol
-rw-r--r--  1 sfux T0000 16330 Sep 30 08:23 comsol_commands
-rw-r--r--  1 sfux T0000   287 Oct  6 09:59 comsolusers
-rw-r--r--  1 sfux T0000   330 May 18 13:34 gurobi.log
drwx------  7 sfux T0000  4096 Sep  4 16:21 inst_instr
drwxr-xr-x  2 sfux T0000  4096 Jul 24 13:36 lics
-rwxr-xr-x  1 sfux T0000   812 Jul  2  2014 lsf_drmaa.conf
-rw-r--r--  1 sfux T0000   934 Oct  6 12:40 lsf.o10527387
drwxr-xr-x  2 sfux T0000  4096 Oct  2 08:53 mathematica
drwxr-xr-x  2 sfux T0000  4096 May 22 09:26 openfoam
drwx------  6 sfux T0000  4096 Apr 29 16:38 prog
drwxr-xr-x  3 sfux T0000  4096 Jul 13 15:49 R
drwx------  2 sfux T0000  4096 Jul 24 08:02 rre7
drwx------  2 sfux T0000  4096 Apr  9  2014 scratch
drwx------  3 sfux T0000  4096 Oct  8 15:34 shellscript
drwxr-x---  2 sfux T0000  4096 Dec 18  2014 sources
drwxr-xr-x 11 sfux T0000  4096 Oct  7 15:01 test
drwxr-xr-x 33 sfux T0000  4096 Sep 17 09:58 testrun

Changing permission settings

Permissions of a file/directory can be changed with the chmod command. In order to specify the change of the permission, you can either provide the numerical representation of a permission string or specify which basic permission should be changed for which permission group. If single parts of the permission string are changed, then +/- is used add/remove a permission.

As a starting point, we use the following file with given permissions:

[sfux@euler03 ~]$ ls -l gurobi.log 
-rw-r--r-- 1 sfux T0000 330 May 18 13:34 gurobi.log

Removing the write permission for user sfux can be achieved by executing the command chmod u-w gurobi.log.

[sfux@euler03 ~]$ chmod u-w gurobi.log
[sfux@euler03 ~]$ ls -l gurobi.log
-r--r--r-- 1 sfux T0000 330 May 18 13:34 gurobi.log

It is also possible to combine permission changes. If chmod ugo+x is used instead of chmod u-w, execute permission is added for all permission groups.

[sfux@euler03 ~]$ chmod ugo+x gurobi.log
[sfux@euler03 ~]$ ls -l gurobi.log 
-rwxr-xr-x 1 sfux T0000 330 May 18 13:34 gurobi.log

For changing the permission pattern to 755 you would execute the command chmod 755 gurobi.log

[sfux@euler03 ~]$ chmod 755 gurobi.log
[sfux@euler03 ~]$ ls -l gurobi.log
-rwxr-xr-x 1 sfux T0000 330 May 18 13:34 gurobi.log

Links

wikipedia:File_system_permissions

wikipedia:Modes_(Unix)

wikipedia:Chmod

https://www.freebsd.org/doc/handbook/permissions.html

http://www.unix.com/tips-and-tutorials/19060-unix-file-permissions.html