Main Menu

search

You are here

Home

Permissions, Owners, & Groups

[last updated: 2023-04-14]
Linux home page
-----

  • In Linux, everything is a file.
      There are lots of highly technical if not philosophical discussions about what this means,
      but bottom line is:
        everything in Linux has properties/parameters,
          ( 'Permissions'   is one of the properties of files that we're dealing with in the current context.)

        and generally the same tools are used to work with all different kinds of "files."

      In particular, text files, image files, Directories, and ports, (and other things of course), are all "files."


    So...

  • When you "do things" in Linux, you are doing something to a file.
    ---------------------------------------------------------------------------

  • There are three things you can do to a file in Linux:
    • you can Read it ("r")
    • you can Write it ("w")
    • or you can Execute it ("x")

  • You must have Permission to do any of these things.
    ---------------------------------------------------------------------------

  • All Files and Directories have a parameter called "Permissions".
    This defines who has 'permission' to do things to the file or directory.
    The 'do things' includes reading, writing, and executing (r, w, x).
    The 'who' is specified in 3 categories:
    • user owner (u),
    • group owner (g),
    • and other (o).

    • Owners:
      • Every file and directory has a single user-owner and a single group-owner.
          The group-owner however, can have any number of members, each which will have their respective 'g' privileges.
      • Owners (and Permissions) get defined when a file (or directory) is created.
      • When you log in to a Linux computer, you log in with your user name. This is the 'who'.
        In fact, you can find the name of the current user with:
        $ who
      • Any file you create will have your user name as the user-owner of the new file.
        As such, you are granted all the 'u' privileges that are specified.

  • View permissions on a file with:
    • $ ls -l ... (lower-case "L")
    • This command returns a line for each element in the directory, whether the element is a file or a sub-directory.
        For example, a given line might look like this:
          drwxr-xr-x 18 pi pi 4096 Jan 6 08:26 pi

    • Each line (one for each file or directory) returned from ls -l has 7 fields:
           permissions
           number of links
           user-owner name
           group-owner name
           file size
           date last modified
           file or directory name.
    • The first data field, permissions, is 10 characters long
      • The first character is either "-" or "l" or "d" and defines the type of file:
        "d" denotes a directory, "-" denotes a file, and "l" denotes a symlink or soft link
          [there are also 'b' and 'c' prefixes of unknown meaning in /dev directory]
      • The next 3 characters specify the permissions of the file owner.
      • The next 3 characters specify the permissions of the owning group.
      • The next 3 characters specify the permissions of others.


    If you want to edit a file, but the editor says it's Read-only,
    or if you want to read a file in a particular directory, but you get an error that you're not authorized,
    or if you want to copy a file INTO a particular directory, but you get same error, ...

    you must change your permissions or change group membership
    -----

    Short Version:
    Set rwx (ie. all) permissions for users: other on file: filex

      $ sudo chmod o=rwx filex

    to change all directories in a folder:

      $ sudo chmod o=r *

    -----

  • Permissions get set when the file or directory is created
    • If you are logged on as eg. user: pi
      and you open LXT, navigate to root directory (ie. "/"),
      then: $ ls -l will show you that the current permissions for the media directory are:
      "rwx" for the owner (root), and "r-x" for group and others.
      This means if you (as user: pi) try to create (write) a directory with: $ mkdir tmp01,
      it will fail with permission denied, because you are not the owner, nor in owner's group,
      meaning you're in the 'other' category, which does not have write permission.
    • However if you execute:
        $ sudo mkdir tmp01

      then you are acting as root, so the folder will be created, with owner root, and permissions: drwxr-xr-x

    • If you are in file manager, in root directory, and try to create a new directory with:
      <right-click> Create New > Folder,
      it will fail for permission denied, since you are user: pi, and therefore are in "other" category, which does not have write permissions
  • Permissions can be changed
    • chmod (change mode) will change permissions.
      • Syntax is as follows:
          $ chmod [options] [permissions] [filename]
          (options are optional, ie not required)
      • Permissions can be set independently for each of the three categories for which they are defined:
        u = user/owner, g = owning group, and o = others
      • Permission values can be specified with letters or with octal digits (0 - 7)
        for example, this instance of chmod uses letters to specify the permissions:
          $ chmod u=rwx,o+r myfile

        sets user permission to rwx, and adds read permissions to others

        • (note: commas, without spaces, separate multiple categories specified with one command)
        • (note: using '=' will erase previously defined permissions and set new permissions as listed)
        • (note: using '+' will keep previously defined permissions and add the new permission listed)
          $ chmod o+w myfile: adds write permission to others for the file myfile
      • chmod on just some files in a folder:
        • to change all directories in a folder to 755...
          $ find [source directory] -type d -exec chmod 755 {} \;
        • This is clearly incomplete/ambiguous if not wrong...
          however when you have a directory with writable group and other permissions,
          and you want to remove those so just owners can write,
              $ chmod 755 [folderName]
      • examples using octal digits:
        • $ chmod 777 myfile: this command sets rwx permission for all three categories (u, g, & o)
        • Three octal digits are used to specify permissions for all three categories, u, g, & o
        • Each octal digit represents a rwx triplet of permissions
          • Each octal digit is the sum of the r, w, & x permissions :
            4 = sets read permission
            2 = sets write permission
            1 = sets execute permission
          • So eg. a 7 (= 4 + 2 + 1) will set all rwx,
            while a 4 will set r-- ,
            and a 5 will set: read and execute permission

      • chmod examples:
        • $ chmod -x *.txt
          removes execute permission on all txt files in current directory for all users (u, g, & o)

      • Caveat: These descriptions of the operation of chmod are approximate, incomplete, and may be wrong in some very specific usages. but they're close for an average user like me. The caveat is to research more complete and official descriptions if you need to.

    =====================================================================================

  • Groups:
    • Groups are collections/lists/groups of users
    • You can see a list of all the groups defined on your system with:
      $ cat /etc/group
      for each group defined, this command will print out a line of the form:
      groupName : x (the encrypted password) : groupID : (comma-separated list of members)
    • If a group has ownership of a file, with some allowed permissions, then every member of the group will have those same permissions.
    • To see a list of groups to which you belong:
      $ id [userName]
      OR: $ groups [userName]
    • To see if you are a member of a particular group:
      $ cat /etc/group|grep [groupName]
    • To see a list of all members of a particular group:
      $ grep [groupName] /etc/group
      OR: $ members [groupName]
        (However: the members command is not usually included in a distro.
        Get it with: $ sudo apt-get install members)
    • If you need access to a file, but you are not the owner, and you don't want to change the file's permissions, you can gain access by becoming a member of the file's owning group.
      $ sudo usermod -a -G [groupname] [username]
        Always use the -a option when adding a user to a group.
        If you don't use the -a option, the user will be removed from any other groups that he might belong to that are not explicitly listed after the -G option.

      OR: add yourself to the group with this. You must logout and back in to make it effective.
      $ useradd -g [groupName] $USER ... (have not tested this. not sure of '$USER' sysntax)

    -------------------------------------------------------------------------------

  • Change the group owner of a file:
    • $ chgrp [newGroupOwnerName]   [fileName]
      You may need sudo/root to execute this...

.

.

.

eof

Powered by Drupal