|
Permissions and Ownerships - the CHMOD and CHOWN commands
Below is a a general reference on file ownership and permissions related information you may find useful in day-to-day management of your content: use the "ls -l" command to show most of the user-level information UNIX keeps about a file % ls -l total 2 -rw-r--r-- 1 kns visitors 1203 Mar 1 23:49 motd % the name of the file appears on the far right the date and time is when the file was last modified 1203 is the size of the file in bytes kns is the username of the file's owner visitors is the group the file is in the 1 in front of kns is the link count, that will get covered later the group of ten characters at the beginning of the line is the mode of the file the first character indicates the file's type "-" means it is a plain file "d" means it is a directory "p" means it is a pipe "l" means it is a symbolic link "b" means it is a block special file "c" means it is a character special file the other nine characters indicate permission settings UNIX has three basic operations it will check for a file read : contents of the file can be read (looked at with cat, more, copied with cp) write : contents of the file can be written execute : file can be used as a command UNIX also has three classes of users it will check these permissions for owner of the file users in the same group as the file anyone else in the mode "-rw-r--r--" above: first dash means it is a plain file next three characters are read/write/execute permissions for the owner of the file ("-" in one of those positions means that permission is denied, so the owner can not execute this file) next three characters are read/write/execute permissions for users in the same group as the file last three characters are read/write/execute permissions for everyone else with the above mode the owner of the file may read from or write to the file but not execute it as a command users in the visitors group may read the file but not write to the file or execute it as a command the same for anyone else the command to change permissions is chmod chmod lets you grant or deny permissions to each class of user the simplest forms of chmod are: chmod c+p file [file ...] chmod c-p file [file ...] the first form will grant (add) permissions, the second form will deny (subtract) permissions for both forms c specifies the class "u" for user (your) permissions "g" for group permissions "o" for "other" permissions (everyone else) "a" for effecting all three classes at the same time the p specifies the permission(s) to add or subtract "r" for read permission "w" for write permission "x" for execute permission can give more than one permission here replace file with the name of the file you want to change the permissions on [file ...] is a standard way of saying more filename(s) may be given first example denies "other" read permissions: % ls -l motd -rw-r--r-- 1 kns visitors 1203 Mar 1 23:49 motd % chmod o-r motd % ls -l motd -rw-r----- 1 kns visitors 1203 Mar 1 23:49 motd % to grant group write permission: % chmod g+w motd % ls -l motd -rw-rw---- 1 kns visitors 1203 Mar 1 23:49 motd % to grant "other" read and write permission: % chmod o+rw motd % ls -l motd -rw-rw-rw- 1 kns visitors 1203 Mar 1 23:49 motd % to deny everyone write permission: % chmod a-w motd % ls -l motd -r--r--r-- 1 kns visitors 1203 Mar 1 23:49 motd % it can be useful at times to deny yourself write permission it will prevent you from accidentally editing files you don't want changed rm command will ask for confirmation before removing a file with write permission turned off % rm motd rm: motd: override protection 444 (yes/no)? no % ls motd % permissions often get represented as octal digits here the three groups of permissions (the characters rwxrwxrwx) get converted to three numbers, each number representing the permissions for one class under this scheme "r" is worth 4, "w" is worth 2, and "x" is worth 1 add up the numbers representing the letters to get the number for this octal representation permissions of "rw-r-----" would be 640 permissions of "r--r--r--" would be 444 permissions of "rwxrw-r--" would be 764 chmod will take an octal number for a mode setting as well % ls -l motd -r-------- 1 kns visitors 1203 Mar 1 23:49 motd % chmod 644 motd % ls -l motd -rw-r--r-- 1 kns visitors 1203 Mar 1 23:49 motd % unless you know octal number schemes fairly well it is best to stick with the other method of using chmod permissions have slightly different meanings for directories read permission on a directory means you can get a listing of the files with ls write permission on a directory means you may make new files there or remove files in the directory execute permission means you can access files inside the directory but only if you know their name, you can't get a listing with ls usually unless you are in a special group for sharing information you will set group permissions to be the same as "other" for your files and directories sys-admin picks a group to put you in when your account is made can also add you to "supplemental" groups if necessary for you to share files with others command groups will show you what groups you are in % groups visitors lab % here primary group is "visitors" and supplemental group is "inven" command chgrp will change a file to a different group % ls -l motd -rw-r--r-- 1 kns visitors 1203 Mar 1 23:49 motd % chgrp lab motd % ls -l motd -rw-r--r-- 1 kns lab 1203 Mar 1 23:49 motd % now permissions could be set so only people in group "lab" may access "motd" sys-admin must set up groups quickly mentioned modification date of file earlier for some things modification time of file is very important when using mv modification date will not be changed by default when using cp modification date will be the present time for the target file, source file will be unchanged can have cp set modification date of target to be the same as the source with "p" option % date Tue Mar 7 23:26:03 EST 2000 % ls -l motd -rw-r--r-- 1 kns lab 1203 Mar 1 23:49 motd % cp motd motd_1 % ls -l total 8 -rw-r--r-- 1 kns lab 1203 Mar 1 23:49 motd -rw------- 1 kns visitors 1203 Mar 7 23:26 motd_1 % cp -p motd motd_2 % ls -l total 12 -rw-r--r-- 1 kns lab 1203 Mar 1 23:49 motd -rw------- 1 kns visitors 1203 Mar 7 23:26 motd_1 -rw-r--r-- 1 kns lab 1203 Mar 1 23:49 motd_2 % touch command will set last modification time to the current time if file exists, will create the file if it does not exist file created by touch will be zero length % date Tue Mar 7 23:29:11 EST 2000 % ls -l total 4 -rw-r--r-- 1 kns lab 1203 Mar 1 23:49 motd % touch motd foo % ls -l total 4 -rw------- 1 kns visitors 0 Mar 7 23:29 foo -rw-r--r-- 1 kns lab 1203 Mar 7 23:29 motd % Using chown To change the owner of a file/directory, type the following command: chown user.group file (where user is the new owner, group is the new group and file is the name of the file or directory you want to change the owner of) Typically you should not have to use the chown command very often, but in some cases you may want to assign ownership to different userrs for your web site or for multiple accounts, etc. support@mercuryd.com |