Navigating
the Linux File System
◾
99
much time, a system administrator should schedule the update to take place in some off
hour time.
3.5 PERMISSIONS
So far, we have mentioned permissions but have not discussed them. If you have already
been experimenting with some of the instructions described in Sections 2 and 3, you may
have found that you did not have proper permissions for some operations. So here we
examine what permissions are.
3.5.1 What Are Permissions?
Permissions are a mechanism to support operating system
protection
. Protection ensures
that users do not misuse system resources. A system’s resources include the CPU, memory,
and network, but also include the partitions, directories, and
files stored throughout the
file system. Permissions protect the entities in the file system so that a user cannot misuse
the entities owned by another user.
In Linux, permissions are established for all files and directories. Permissions specify
who can access a file
or directory, and the types of access. All files and directories are
owned by a user. If we limited ownership by user only, then the only permissions that a file
or directory could support are one set for the owner and one set for everyone else.
For instance, imagine that you have a file, abc.txt. You could
make it so that you had
read and write access and no one else could access the file at all. However, if there are a few
other users that you want to give access to, your only recourse would be to give those users
your password so that they could log in as you to access the file (bad idea), send them a
copy of the file (but then, if you modified the file, they would have an out-of-date version),
or alter the file’s permissions so that everyone could read it.
This is where groups come in. By default, every Linux user account comes with a private
group account whose name is the same as the user’s username. Whenever you create a new
file or directory, that item is owned by you and your private group. You can change the group
ownership to be of another group. This is how you can share the item with other users.
Let us imagine that we have a group called
itstaff
and that you and I are both in that
group. I create a file that I want all itstaff to be able to read, but no one else. I establish the
file’s permissions to be readable and writable by myself, readable by anyone in the itstaff
group, and not accessible to anyone else. Next, I change the group ownership from my
private group to itstaff. Now you can read it (but not write to it).
In Linux, permissions are controlled at three levels:
• Owner (called user, or ‘u’ for short)
• Group (‘g’ for short)
• The rest of the world (called other, or ‘o’ for short)
For every item, you can establish eight different types of
access for each of owner, group,
and world. These eight types consist of all of the combinations of read, write, execute, and
100
◾
Linux with Operating System Concepts
no access. We will denote read access as ‘r,’ write access as ‘w,’ and execute access as ‘x.’
For instance, one file might be read-only (r), another might be readable and writable (rw),
another might be readable, writable, and executable (rwx). Although there are eight com-
binations, some will probably never be used such as “write only.” We will explore why in a
little while.
The following list describes what each level of access provides:
• Read—for a file, it can be viewed or copied
• Write—for a file, it can be overwritten (e.g., using save as)
• Execute—for a file, it can be executed (this is necessary for executable programs and
shell scripts)
• Read—for a directory, the directory’s contents can be viewed by ls
• Write—for a directory, files can be written there
• Execute—for a directory, a user can cd into it
Note:
to delete a file, you must have write access to the directory that contains it.
3.5.2 Altering Permissions from the Command Line
To change a file’s permission,
the command is
chmod
. The command’s syntax is
chmod
Do'stlaringiz bilan baham: 
