3101 SUSE Linux Enterprise

11 Fundamental

Managing the Linux File Syste,

 Permission and ownership
In this topics
1.Understand File Permissions
2.Change File permissions with chmod
3.Change file ownership with chown and chgrp
4.Manage file permission and ownership
5.Modify default access permission with
unmask
6.Configure special file permissions
 Understanding file permissions
You can use the ls -l command to display
the contents of the current directory with
the assigned permissions for each file or
subdirectory.
Create a file/directory named by your
name using vi text editor or mkdir and see
its permission.
 The permission characters are grouped
(rwx rwx rwx) for (owner groups users)
i.e.
Characters 1 to 3. These represent the
permissions of the file owner.
Characters 4 to 6. These represent the
permissions of the owning group.
Characters 7 to 9. These represent the
permissions of all other users.
 Change file permission with
chmod
You can use the chmod command to add
(+) or remove (-) permissions. Both the
owner of a file and root can use this
command.
There are options to change the
permissions for the owner (u), group
(g), other (o), or all (a).
 chmod u+x; The owner is given permission to
execute the file.
chmod g=rw; All group members can read and
write.
chmod u=rwx The owner receives all permissions.
chmod u=rwx,g=rw,o=r All permissions for the
owner, read and write for the group, read for all
other users.
 chmod +x All users (owner, group, others)
receive executable permission
(depending on umask).
chmod a+x All users (owner, group,
others) receive executable permission (a
for all).
 ex. To change the permission of the group
to rwx for file named xyz.txt

Chmod g+rwx xyz.txt

Verify it with ls la xyz.txt
 The above permission is based on the letter
but you can assign also using octal values.
The first digit represents the permissions
assigned to the file or directory owner.
The second digit represents the
permissions assigned to the group
associated with the file
or directory.
 The third digit represents the permissions
assigned to others.
Each digit is the sum of the following three
values assigned to it:
Read: 4
Write: 2
Execute: 1
 For example, let us assign the file named
xyz.txt with the permission 754
What is the permission of owner ?
What is the permission of the group where
the owner belongs ?
What is the permission for all random
users?
 What will be the permission if xyz.txt is
assigned with the following permission?
Chmod 777 xyz.txt?
Chmod 641 xyz.txt?
 Change File Ownership with
chown and chgrp
Q:Now assume an employee called Tigist
leave for some reason and you replaced her
with new employee, you want her task to be
transferred Solomon. But her file permission
was associated her UID what would you do
to give permission to Solomon so he can
continue on the assigned task?
 Use chown command to change the user
and group affiliation of a file by using the
following syntax:
syntax:
Chown [new_user].[new_group] [File]
 To change only the owner, not the group,
you can use the following command
syntax: chown new_user file
To change only the group, not the user,
you can use the following command
syntax:chown .new_group file
 As root, you can also change the group
affiliation of a file with the chgrp command
using the following syntax:
chgrp new_group file
A normal user can use the chown command to
allocate a file that he owns to a newgroup by
using the following syntax:
chown .new_group file
 NB The user can only change the group
affiliation of the file that he owns if he is a
member of the new group.
 Setting default Mode & Group
When a user creates a file, that file has
default ownership and permissions.
The default owner is, understandably, the
user who created the file.
The default group is the users primary
group.
The default permissions are configurable.
 These are defined by the user mask
(umask), which is set by the umask
command
Q: what are the default permission values?
If the default settings are not changed, files
are created with the access mode 666 and
directories with 777.
 To see the default umask value
Umask, displays in numerical value
Umask S with symbolic value
 Special Permission Bits
Here are a few special permission options
Set user ID(SUID): used in conjunction with
executable files
It tells the Linux to run the program with the
permission of whoever owns the file that with the
permissions of the user who runs the program
SUID programs are indicated by an s in the
owners execute bit position in the permission
string, as in rwsr-xr-x
 Set group ID (SGID)
The set group ID (SGID) option is similar
to the SUID option, but it sets the group of
the running program to the group of the
file.
rwxr-sr-x
new files or subdirectories created in the
original directory will inherit the group
ownership of the directory
 Sticky bit
its used to protect files from being deleted
by those who dont own the files
can be deleted only by their owners, the
directorys owner, or root
rwxr-xr-t.