This shows you the differences between two versions of the page.
Last revisionBoth sides next revision | |||
tutorials:permissions [2011/04/30 13:18] – created clemens | tutorials:permissions [2011/10/02 15:24] – Fix ToC and improve readability in example et al. memnon | ||
---|---|---|---|
Line 3: | Line 3: | ||
===== Contents ===== | ===== Contents ===== | ||
- | - [[#introduction|Introduction]] | + | - [[# |
- | - [[#permissions|Permissions]] | + | - [[# |
- | * [[#permissiontypes|Permission types]] | + | * [[# |
- | * [[#userclasses|User classes]] | + | * [[#User classes]] |
- | * [[#anexample|An example]] | + | * [[#An example]] |
- | * [[#linksandpermissions|Links and permissions]] | + | * [[#Links and permissions]] |
- | - [[#changing|Changing permissions…]] | + | - [[#Changing permissions…]] |
- | - [[#explained|…explained]] | + | - [[# |
- | - [[#anotherway|…another way]] | + | - [[# |
- | - [[#flags|File Flags]] | + | - [[#File Flags]] |
- | ===== [[|Introduction]] ===== | + | ===== Introduction ===== |
Unix was created to be a multi-user operating system. The intention was not for everybody to have full access to all files, but to allow file owners to specify which users should have what kind of access. | Unix was created to be a multi-user operating system. The intention was not for everybody to have full access to all files, but to allow file owners to specify which users should have what kind of access. | ||
- | ===== [[|Permissions]] ===== | + | ===== Permissions ===== |
A Unix file system allows users to assign to files (including directories: | A Unix file system allows users to assign to files (including directories: | ||
- | ==== [[|Permission types]] ==== | + | ==== Permission types ==== |
The effect of the three permission types varies depending on whether they apply to a file or a directory. | The effect of the three permission types varies depending on whether they apply to a file or a directory. | ||
Line 36: | Line 36: | ||
However, directory **x** permission //does// affect permissions for subdirectories and files farther down the directory subtree. To access a file, a user must have **x** permission on every directory in the file's path. In other words, lack of **x** permission for a directory effectively prevents access to any files in the directory' | However, directory **x** permission //does// affect permissions for subdirectories and files farther down the directory subtree. To access a file, a user must have **x** permission on every directory in the file's path. In other words, lack of **x** permission for a directory effectively prevents access to any files in the directory' | ||
- | ==== [[|User classes]] ==== | + | ==== User classes ==== |
For a given file, the Unix file system divides users into three classes: | For a given file, the Unix file system divides users into three classes: | ||
Line 46: | Line 46: | ||
| **Notes: | | **Notes: | ||
- | ==== [[|An example]] ==== | + | ==== An example ==== |
File permission information can be obtained with the long listing option of the " | File permission information can be obtained with the long listing option of the " | ||
Line 58: | Line 58: | ||
- File type. " | - File type. " | ||
- | - **r** permission for file owner (user class **u**). " | + | - **r** permission for file owner (user class **u**). " |
- | - **w** permission for file owner (user class **u**). " | + | - **w** permission for file owner (user class **u**). " |
- | - **x** permission for file owner (user class **u**). " | + | - **x** permission for file owner (user class **u**). " |
- | - **r** permission for file user group (user class **g**). " | + | - **r** permission for file user group (user class **g**). " |
- | - **w** permission for file user group (user class **g**). " | + | - **w** permission for file user group (user class **g**). " |
- | - **x** permission for file user group (user class **g**). " | + | - **x** permission for file user group (user class **g**). " |
- | - **r** permission for other users (user class **o**). " | + | - **r** permission for other users (user class **o**). " |
- | - **w** permission for other users (user class **o**). " | + | - **w** permission for other users (user class **o**). " |
- | - **x** permission for other users (user class **o**). " | + | - **x** permission for other users (user class **o**). " |
Field //b// is the user ID of the //file owner//. Field //c// is //user group// the file has been assigned to. | Field //b// is the user ID of the //file owner//. Field //c// is //user group// the file has been assigned to. | ||
Line 72: | Line 72: | ||
So for the three files in the " | So for the three files in the " | ||
- | Directory " | + | * //Directory " |
+ | User " | ||
+ | * //File " | ||
+ | User " | ||
+ | * //File " | ||
+ | User " | ||
- | ==== [[|Links and permissions]] ==== | + | ==== Links and permissions ==== |
In general, the above discussion also applies to hard and symbolic file links. The files system automatically maintains links to keep the same effective permissions as the target file. (For symbolic links, the " | In general, the above discussion also applies to hard and symbolic file links. The files system automatically maintains links to keep the same effective permissions as the target file. (For symbolic links, the " | ||
Line 80: | Line 85: | ||
However, it is possible for hard links to avoid directory **x** permission restrictions in some configurations. Suppose a user has access to a file " | However, it is possible for hard links to avoid directory **x** permission restrictions in some configurations. Suppose a user has access to a file " | ||
- | ===== [[|Changing permissions…]] ===== | + | ===== Changing permissions… ===== |
Permissions are changed with the command " | Permissions are changed with the command " | ||
Line 92: | Line 97: | ||
What does that number, 644, stand for? | What does that number, 644, stand for? | ||
- | ===== [[|…explained]] ===== | + | ===== …explained ===== |
The // | The // | ||
Line 114: | Line 119: | ||
Et voila! | Et voila! | ||
- | ===== [[|…another way]] ===== | + | ===== …another way ===== |
" | " | ||
- | //<user-classes& | + | //<user-classes><operation><permission-types>//[,//<user-classes><operation><permission-types>//]… |
- | //user-classes//User class(es) for which permissions are to be changed. Specify with one-character class symbols " | + | ===user-classes=== |
+ | User class(es) for which permissions are to be changed. Specify with one-character class symbols " | ||
+ | ===operation=== | ||
+ | One of the following: | ||
+ | *" | ||
+ | *" | ||
+ | *" | ||
+ | ===permission-types=== | ||
+ | Permission type(s) to be set or removed. Use one-character type symbols " | ||
Therefore the command: | Therefore the command: | ||
Line 134: | Line 147: | ||
"chmod g+w index.html" | "chmod g+w index.html" | ||
- | ===== [[|File Flags]] ===== | + | ===== File Flags ===== |
In addition to the file permissions we've already discussed, we also have file flags. File flags add additional security and control over files, but not directories. File flags are altered using the chflags(1) utility. | In addition to the file permissions we've already discussed, we also have file flags. File flags add additional security and control over files, but not directories. File flags are altered using the chflags(1) utility. |