Difference between revisions of "Linux permissions"

From ScientificComputing
Jump to: navigation, search
(Displaying permission settings)
(Changing permission settings)
Line 95: Line 95:
  
 
As a starting point, we use the following file with given permissions:
 
As a starting point, we use the following file with given permissions:
  [sfux@euler03 ~]$ ls -l gurobi.log  
+
  [leonhard@euler03 ~]$ '''ls -l gurobi.log'''
  -rw-r--r-- 1 sfux T0000 330 May 18 13:34 gurobi.log
+
  -rw-r--r-- 1 leonhard T0000 330 May 18 13:34 gurobi.log
  
 
Removing the write permission for user sfux can be achieved by executing the command '''chmod u-w gurobi.log'''.
 
Removing the write permission for user sfux can be achieved by executing the command '''chmod u-w gurobi.log'''.
  [sfux@euler03 ~]$ chmod u-w gurobi.log
+
  [leonhard@euler03 ~]$ '''chmod u-w gurobi.log'''
  [sfux@euler03 ~]$ ls -l gurobi.log
+
  [leonhard@euler03 ~]$ '''ls -l gurobi.log'''
  -r--r--r-- 1 sfux T0000 330 May 18 13:34 gurobi.log
+
  -r--r--r-- 1 leonhard T0000 330 May 18 13:34 gurobi.log
  
 
It is also possible to combine permission changes. If '''chmod ugo+x''' is used instead of '''chmod u-w''', execute permission is added for all permission groups.
 
It is also possible to combine permission changes. If '''chmod ugo+x''' is used instead of '''chmod u-w''', execute permission is added for all permission groups.
  
  [sfux@euler03 ~]$ chmod ugo+x gurobi.log
+
  [leonhard@euler03 ~]$ '''chmod ugo+x gurobi.log'''
  [sfux@euler03 ~]$ ls -l gurobi.log  
+
  [leonhard@euler03 ~]$ '''ls -l gurobi.log'''
  -rwxr-xr-x 1 sfux T0000 330 May 18 13:34 gurobi.log
+
  -rwxr-xr-x 1 leonhard T0000 330 May 18 13:34 gurobi.log
  
 
For changing the permission pattern to 755 you would execute the command '''chmod 755 gurobi.log'''
 
For changing the permission pattern to 755 you would execute the command '''chmod 755 gurobi.log'''
  
  [sfux@euler03 ~]$ chmod 755 gurobi.log
+
  [leonhard@euler03 ~]$ '''chmod 755 gurobi.log'''
  [sfux@euler03 ~]$ ls -l gurobi.log
+
  [leonhard@euler03 ~]$ '''ls -l gurobi.log'''
  -rwxr-xr-x 1 sfux T0000 330 May 18 13:34 gurobi.log
+
  -rwxr-xr-x 1 leonhard T0000 330 May 18 13:34 gurobi.log
  
 
==Links==
 
==Links==

Revision as of 12:37, 10 August 2016

Introduction

In Linux, access to data objects like files and directories is handled via permissions. Typical permission settings for a file/directory can for example look like

File:

[sfux@euler03 ~]$ ls -ltr gurobi.log 
-rw-r--r-- 1 sfux T0000 330 May 18 13:34 gurobi.log

Directory:

[sfux@euler03 ~]$ ls -ltrd bin
drwx------ 2 sfux T0000 4096 Feb  5  2015 bin

In these examples, the so called permission string is marked in bold. The permission string always contains 10 characters which can either be a letter or a dash. The first position in the string is used to specify if the data object is a file (-) or a directory (d). After the first position, the permission string is contains 3 groups of 3 characters for specifying the 3 basic permissions for each of the 3 permission groups

Basic permissions

In Linux there are 3 basic permission.

  • Read permission (r):
    Grants you the permission to read a file/directory.
  • Write permission (w):
    Grants you the permission to write or delete a file/directory.
  • Execute permission (x):
    Grants you the permission to execute a file or to enter a directory.

The basic permissions are represented by a letter if they are set, or by a dash if they are not set.

Permission groups

Permissions are specified on 3 different levels (permission groups)

  • User permission (u)
    Contains the permission settings for the user account (in the example mentioned above, the user would be sfux).
  • Group permission (g)
    Contains the permission settings for the user group (in the example mentioned above, the group would be T0000).
  • Others permission (o)
    Contains the permission settings for all user accounts that are not contained in (u) and (g).

Since a permission group contains a value for each of the 3 basic permissions (r,w,x), there are only 8 patterns possible. Because of this a permission group can also be represented by single number between 0 and 7. The numeric representation of the permission patterns is implemented by assigning values to the basic permissions (r=4, w=2, x=1) that need to be summed up to result in the numeric representation of the permission group.

string representation numerical representation single number representation
--- 000 0
--x 001 1
-w- 020 2
-wx 021 3
r-- 400 4
r-x 401 5
rw- 420 6
rwx 421 7

A permission string can be represented by 3 single number representations of permissions groups which are always specified in the order user,group,other

-rwx------ is equal to 700  
-rwxr-x--- is equal to 750 
-rwxr-xr-x is equal to 755 
-rwxrwxrwx is equal to 777

Displaying permission settings

Permissions of a file/directory can be displayed with the ls -l (files and directories).

[leonhard@euler03 ~]$ ls -l
total 112
drwx------  2 sfux T0000  4096 Feb  5  2015 bin
drwxr-x---  2 sfux T0000  4096 Sep 22 14:43 comsol
-rw-r--r--  1 sfux T0000 16330 Sep 30 08:23 comsol_commands
-rw-r--r--  1 sfux T0000   287 Oct  6 09:59 comsolusers
-rw-r--r--  1 sfux T0000   330 May 18 13:34 gurobi.log
drwx------  7 sfux T0000  4096 Sep  4 16:21 inst_instr
drwxr-xr-x  2 sfux T0000  4096 Jul 24 13:36 lics
-rwxr-xr-x  1 sfux T0000   812 Jul  2  2014 lsf_drmaa.conf
-rw-r--r--  1 sfux T0000   934 Oct  6 12:40 lsf.o10527387
drwxr-xr-x  2 sfux T0000  4096 Oct  2 08:53 mathematica
drwxr-xr-x  2 sfux T0000  4096 May 22 09:26 openfoam
drwx------  6 sfux T0000  4096 Apr 29 16:38 prog
drwxr-xr-x  3 sfux T0000  4096 Jul 13 15:49 R
drwx------  2 sfux T0000  4096 Jul 24 08:02 rre7
drwx------  2 sfux T0000  4096 Apr  9  2014 scratch
drwx------  3 sfux T0000  4096 Oct  8 15:34 shellscript
drwxr-x---  2 sfux T0000  4096 Dec 18  2014 sources
drwxr-xr-x 11 sfux T0000  4096 Oct  7 15:01 test
drwxr-xr-x 33 sfux T0000  4096 Sep 17 09:58 testrun

Changing permission settings

Permissions of a file/directory can be changed with the chmod command. In order to specify the change of the permission, you can either provide the numerical representation of a permission string or specify which basic permission should be changed for which permission group. If single parts of the permission string are changed, then +/- is used add/remove a permission.

As a starting point, we use the following file with given permissions:

[leonhard@euler03 ~]$ ls -l gurobi.log 
-rw-r--r-- 1 leonhard T0000 330 May 18 13:34 gurobi.log

Removing the write permission for user sfux can be achieved by executing the command chmod u-w gurobi.log.

[leonhard@euler03 ~]$ chmod u-w gurobi.log
[leonhard@euler03 ~]$ ls -l gurobi.log
-r--r--r-- 1 leonhard T0000 330 May 18 13:34 gurobi.log

It is also possible to combine permission changes. If chmod ugo+x is used instead of chmod u-w, execute permission is added for all permission groups.

[leonhard@euler03 ~]$ chmod ugo+x gurobi.log
[leonhard@euler03 ~]$ ls -l gurobi.log 
-rwxr-xr-x 1 leonhard T0000 330 May 18 13:34 gurobi.log

For changing the permission pattern to 755 you would execute the command chmod 755 gurobi.log

[leonhard@euler03 ~]$ chmod 755 gurobi.log
[leonhard@euler03 ~]$ ls -l gurobi.log
-rwxr-xr-x 1 leonhard T0000 330 May 18 13:34 gurobi.log

Links

wikipedia:File_system_permissions

wikipedia:Modes_(Unix)

wikipedia:Chmod

https://www.freebsd.org/doc/handbook/permissions.html

http://www.unix.com/tips-and-tutorials/19060-unix-file-permissions.html