Tag Archives: file permissions

January 5, 2012

Permission to execute the others

I don’t remember exactly how I learned about most of my Linux command line knowledge and file permissions, but this morning at 3am I found myself learning something new. I actually knew permissions are user, group and others, but I really didn’t pay attention to what others really means. At 3am I created a shell script to back up some configuration files and I gave that shell script execute permission:

chmod o+x myshellscript

When I tried to run the shell script I found I didn’t have permission to execute the shell script. Even though the shell script was marked executable and I was the owner and could change permissions on the script I couldn’t execute it. It makes perfect sense though, and my thinking was flawed. It’s best not to think of yourself as the owner of a file, better to think of yourself as the user of the file. O is others and adding others execute permission means just that, all others (besides you) can execute the script. For the user who owns the file to execute the file they must have the user execute permission set:

chmod u+x myshellscript

Of course you could also be a member of a group with permission to execute provided that group execute permission is set. Yes, it’s a simple thing, but it shows how lazy osmosis learning isn’t always comprehensive. Better to read a few books, take a few courses, or read a lot online.

Leave a Comment

Filed under Linux, Technology

Tagged as ,

November 16, 2011

Linux permissions part 1

Linux files have 2 basic kinds of permissions:

  1. read, write, and execute (rwx) which control if a file can be read, written to, and run (executed).
  2. user and group permissions that control who owns the file and the group of people that have some sort of access to the file.

It’s this second set of permissions that this post covers.

Each file (or directory, which is just really a fancy file that stores information about files) has one owner. That owner has permissions (the read, write and execute kind) that are normally different from others who might have access to a file. An owner of a file can do anything with the file, including changing the permissions on the file (e.g. to give someone else access or revoke someone’s access to a file).

Files are also affected by group permissions. A group is simply a list of users. The simplest way to think of this is an office type environment where you might have different departments: accounting, sales, marketing. Within each of those departments you have staff (Bob, Betty, Billy, etc.). Bob might own a file that he wants to share with the accounting group. The simplest way Bob can do this is with the chown command:

sudo chown bob.accounting nextyearsbudget.odf

Chown changes the ownership of the file, in this case nextyearsbudget.odf, to the user bob (it’s already bob, but you could assign another person ownership), and the group accounting. The period separates the user ownership and the group access. If we listed the nextyearsbudget.odf in a terminal (ls -al nextyearsbudget.odf) we might see permissions like the following:

-rwxrw-r–

The first – identifies the file either as a (-) file, (d) directory or link (l). The next 3 letters, rwx, are the owner’s permissions. Without going into this too much in this case the owner has read, write and execute permission, but this is not always the case. The second set of three characters, rw-, show the group’s permission. In this case they can read and write to the file, but they cannot run the file. Lastly, the r– set of permissions indicates the permissions for all users other than the owner and those in the file’s group. Others can read the file, but not write to it (change it) or execute it. You can deny others permission to even view the file by removing the read permission using the chmod command:

chmod o-r nextyearsbudget.odf

Think of o as others, not owner. User, Group, Others, ugo are used in conjunction with the chmod command. So if you wanted to change both the user/owner’s permission and the group’s permission at the same time you’d type:

chmod ug+x nextyearsbudget.odf

In this case the user/owner already had +x (execute) permission, so all we’ve really done is give the group execute permission. If we listed the same file now we’d see it changed these permissions:

-rwxrwxr–

Again the first character is the type of file (-), the three characters after represent the user/owner’s permission, then the group permission, then the others’ permission. Notice the 7th character in has changed from a – to an x (execute) permission. More on permissions in the next post.

Leave a Comment

Filed under Linux, Technology

Tagged as , ,