Linux/Unix allows users to protect their data from access by other users.

Introduction

File permissions are usually confusing to newer Linux users. Most 'newbies' are not accustom to implementing file security because of thier DOS/Windows background. Why do we need file security? It is primarly needed to ensure data protection and privacy from other system users. In other cases, file security is needed to prevent 'normal users' (as opposed to system administrators) from changing configurations or accidently damaging a system. File permissions allow users to share selected data and programs with other users by the means of a simple but effective protection scheme.

Q. How do you know what permissions are granted for a particular file?

A. Use the command: ls -l
The first 10 characters displayed are the file type and access permissions: -rwxrwxr-x or drwxrwxr-x.

  • The first character is either - or d. A dash indicates that it is a file and a indicates that it is a directory.
  • The next 3 characters show the owner's permissions.
  • The following 3 indicate the permissions for users in the file's group.
  • The last 3 characters show the permissions for all other users.

The possibilities for permissions include:

r - read
w - write
x - execute
- - no permission

Q. How do I change permissions for a particular file that I own?

A. Use the 'chmod' utility. Syntax: chmod who [operation] [permission] file(s)

Who:
-------------
u - user/owner
g - group
o - other users
a - all users

Operation:
-------------
+ add permission
- remove permission

Permission:
-------------
r - read
w - write
x - execute

File(s):
------------
List 1 or more filenames.

Examples of using 'chmod' to change permissions:

% chmod a+r /home/usr/abd01/data
This gives everyone on the system permission to read 'data'

% chmod og=, u+rwx /home/usr/abd01/protect
This takes away rwx permission from group members and all other users on the system. It also adds rwx permissions for the file owner.

Note: chmod can also be used with an octal absolute system. This method is described in another tip. ( i.e. chmod 755 filename ).