Skip to content

Latest commit

 

History

History
131 lines (90 loc) · 4.51 KB

users-and-perms.md

File metadata and controls

131 lines (90 loc) · 4.51 KB


Users and Permissions

What are Permissions?

Permissions grant others the ability to read, write, and execute files. Linux file permissions are important to understand as you collaborate with fellow researchers on the supercomputer. It is quite easy to modify the permissions of files you own. Read, write, and execute permissions have different meanings depending on whether the listed item is a file or a directory.

Permissions for Files and Directories

Bolded attributes are essential to know; others are good to know.

Attribute Abbreviated File meaning Directory meaning
readable r can view can list with ls
writeable w can edit can delete, rename, add files
executable x can run can access
suid s all users can execute with owner's privileges N/A
sgid s all users can execute with group's privileges newly created directories will mimic parent permissions
sticky bit t N/A only file owner can delete or rename

Being able to 'access' a directory with executable permissions means being able to enter into the directory and access the files inside.

User Sets

User sets define who has which permissions for a file. The letters r, w, x, - represent the permissions read, write, execute, and no permissions in that order. Each user set will have some combination of those letters to represent their permissions for a specific file. For example:

$ ls -l # performs a long listing of files in a directory
total 24
drwxr-xr-x 2 root root 4096 Oct 9 16:28 cataction
drwxr-xr-x 2 root root 4096 Oct 9 16:28 catcomedies
drwxr-xr-x 2 root root 4096 Oct 9 16:28 catdocumentaries
drwxr-xr-x 2 root root 4096 Oct 9 16:28 catdramas
drwxr-xr-x 2 root root 4096 Oct 9 16:28 cathorror
drwxr-xr-x 2 root root 4096 Oct 9 16:28 catnovels 

At the beginning of each line, you can see the letter combinations of rwx, r-x, and r-x. These combinations represent the permissions for three distinct user sets: user (u), group (g), and other (o).

The user sets are in order of user, group, and other. Let's break down an example with the directory cataction where pipes ( | ) have been added to more clearly see the distinction between user sets:

 | u | g | o |
d|rwx|r-x|r-x| 2 root root 4096 Oct 9 16:28 cataction

As an example, the following user has read access to file_a and file_b, and write access to file_a:

$ whoami
user
$ groups
g1 g3
$ ls -l
total 0
-rw-r----- 1 user g1 0 Sep  5 15:50 file_a
-rw-r----- 1 abc  g3 0 Sep  5 15:50 file_b
-rw-rw-r-- 1 abc  g2 0 Sep  5 15:50 file_c

Changing Permissions

The command chmod will allow you to change permissions for user sets. The user, group, and other categories each represent their permissions with a single octal value–a value ranging from 0 to 7 (8 possible values). Values are then added together to define the permissions for each user group (e.g., a value of 7 would represent rwx whereas a value of 5 represents r-x). When you use chmod to change permissions, it takes three octal values. The first value represents the user's permissions, the second is the group's permissions, and the third is the other permissions.

Attribute Abbreviation Value
read r 4
write w 2
execute x 1

An example of how to use octal values with chmod:

$ chmod 750 myfile
rwxr-x---
# user can read/write/execute (4+2+1); group can read/execute (4+1); other can do nothing (0)

The letter representations can also be used, at the expense of brevity:

chmod u+rwx,g+rx-w,o-rwx myfile # equivalent to above

+ adds permissions; - subtracts permissions.

Changing Ownership

Let's revisit user's access:

$ whoami
user
$ groups
g1 g3
$ ls -l
total 0
-rw-r----- 1 user g1 0 Sep  5 15:50 file_a
-rw-r----- 1 abc  g3 0 Sep  5 15:50 file_b
-rw-rw-r-- 1 abc  g2 0 Sep  5 15:50 file_c

What if user wants to give read permission on file_a to person, another member of the group g3?

chown can be used to change ownership of the file (requires root):

chown person file_a

Since root access is not guaranteed, changing groups with chgrp is often a better option:

$ groups person # which groups is person a member of?
g2 g3
$ chgrp g3 file_a

Warning: Opening Permissions

Opening permissions to 777 will allow anyone to do anything to a given file; it can make life easier, but consider the security risk before doing so.