Deleting Files

The rm command deletes (removes) files. Its syntax is shown here: rm [options] files

This command accepts many of the same options as cp, In, and mv. Specifically, from Table 5.2, -f, -i, and -r work with rm. Unlike some operating systems' file-deletion tools, rm is permanent; Linux doesn't store deleted files in any sort of "trash can" folder. Chapter 12 provides pointers to tools and utilities you can use to recover deleted files or to implement a holding area to prevent files from being immediately deleted.

The rm command doesn't normally delete directories, but if you pass it the -r or -R option, it will delete an entire directory tree, whether or not there are files in the target directory.

Warning The rm command is potentially dangerous, particularly when used with its recursive (-r or-R) option or in the hands ofroot. If you're not careful, you can easily wipe out all the files on the computer by misusing this command. For instance, consider rm -r I home/nemo. You might type this command to delete a former user's (nemo's) home directory—but there's a stray space between the leading / and home, so the effect is to delete all the files in the entire directory tree. Always pause and examine an rm command before typing it as root! Changing Ownership

In Linux, all files have owners. This information is encoded in the form of a user ID (UID) number, but most utilities work with the associated username. For instance, a long file listing might look like this:

-rw-r-r- 1 homer users 5271 Dec 12 12:07 report.tex

The username in this case is homer. The file is also associated with a specific group—users in this example. It's sometimes necessary to change the ownership of a file—for instance, a system administrator may want to move files into a specific person's account for that person's exclusive use. Ordinary users can't change the ownership of a file, but root can, by using the chown command, which has the following syntax:

chown [options] owner[\group] files

You can specify the owner as a username or as a UID number. The optional group specification can also be a name or a group ID (GID) number. This command accepts several options, the most important of which is -R, which initiates a recursive ownership change. You can use this option to change ownership of an entire directory tree.

Although only root has the power to change a file's ownership, ordinary users can change a file's group, within certain limits. Specifically, the user must belong to the target group and must own the file in question. For instance, if homer is a member of the users, horse, and bow groups, homer can assign a file to any of these groups, but not to the library group. The tool to change a file's group is chgrp, and it works much like chown:

chgrp [options] group files

As with chown, you can use the -R option to perform a recursive change. Changing Permissions

Linux file security is based upon both ownership and permissions. Three permissions are paramount: read, write, and execute. The first grants the ability to read the contents of a file; the second enables the ability to modify a file's contents; and the third grants the right to run a file as a program (of course, it must be a program file for this access to be meaningful). These three permissions can be set differently for three increasingly broad classes of users: the file's owner, the file's group, and all others (that is, world permissions).

The combination of three permission types and three scopes to which they apply means that there are nine primary permission bits. These permissions are frequently expressed as a nine-character string, such as rwxr-x—. The first three characters represent read, write, and execute permissions for the owner. If these characters are letters matching the type of permission (r for read, w for write, and x for execute), then the owner has the specified permission. If the character is a dash (-), then the owner lacks the specified permission. The next block of three characters represents the access granted to the file's group, and the final block of three characters represents world access. Thus, in the case of rwxr-x—, the owner has full read, write, and execute permission; the group has read and execute but not write access; and everybody else has no access. These nine characters are sometimes preceded by another that represents the file's type—a dash (-) for an ordinary file, d for a directory, s for a symbolic link, and so on.

Note Linux treats directories as files. Therefore, to add files to a directory, a user must have write access to the directory. Likewise, deleting files from a directory requires write access to the directory, but this action doesn't require write access to the files in question. One exception is if a special permission bit, known as the sticky bit, is set, as described shortly; in this case, only root or the owner of a file may delete it.

These permissions can also be expressed by using octal (base 8) numbers. An octal 0 represents no access; a 1 means execute permission; a 2 means write permission; and a 4 means read permission. These numbers can be added together when more than one permission is present. The result is a single octal digit for each permission scope, and these numbers are displayed one after another. For instance, rwxr-x— is equivalent to 750.

You can change permissions using the chmod command, which takes the following syntax:

chmod [options] mode files

The mode specification is potentially complex. You can specify the mode as an octal number, such as 750. You can also use a symbolic format in which you specify whose permissions are to be affected; whether you're adding, deleting, or setting permissions; and what permissions you're changing. Table 5.3 summarizes the options for symbolic modes. Pick one or more elements from the Affects Symbol column, one from the Operation Symbol column, and one or more from the Permission Symbol column.

Table 5.3: Symbolic Mode Components

Affects

Affects Symbol

Operation

Operation Symbol

Permission

Permission Symbol

Owner

u

Add permission

+

Read

r

Group

g

Subtract permission

-

Write

w

World

0

Set permission

=

Execute

X

All

a

Execute for directories or if any execute permission exists

X

Set user ID or set group ID

s

Sticky bit

t

Existing owner's permission

u

Existing group permissions

g

Existing world permissions

0

You can combine multiple symbolic mode options by separating them with commas (,). As an example of chmod's symbolic modes, Table 5.4 presents some before-and-after scenarios. As a general rule, you can achieve the same goals using either symbolic or octal modes; however, there are exceptions. For instance, you can use the u, g, and o permission symbols to set permissions on a group of files uniquely for each file, depending on their existing permissions for a specific user set. The uppercase X permission symbol can also be useful in setting permissions on directories, which normally have execute permissions set whenever their read permissions are set. (Execute permission for a directory enables searching the directory's contents, not executing code in the directory.)

Table 5.4: Examples of chmod Symbolic Mode Commands

Permissions Before

Symbolic Mode

Permissions After

rwxr-x—

a-x

rw-r—

rwxr-x—

o=g

rwxr-xr-x

rw-r-r-

a+x

rwxr-xr-x

r-r-r-

u+wx,g+x

rwxr-xr-

A couple of special permission settings deserve attention:

SUID and SGID Bits The set user ID (SUID) and set group ID (SGID) bits can be set on executable files by applying the s permission symbol to owner or group permission, respectively. Ordinarily, when you run a program, that program runs with the permissions of the user who launched the program. With the SUID or SGID bit set, though, the program runs with the permissions associated with the program file's owner or group, respectively. This feature is used by a handful of key system programs to enable users to do things that they otherwise wouldn't be able to do, such as access a CD-R drive's device files. You should use this feature sparingly, though; a bug in a program that's run with its SUID bit set (particularly if its owner is root) can be a security risk if the program has a bug or enables users to write arbitrary files. For instance, an SUID root editor would enable any user who can run the editor to edit key configuration files. You can spot SUID or SGID programs by the presence of an s rather than an x as the execute permission symbol in their permission strings, as in rwsr-sr-x.

Sticky Bit Ordinarily, write permission on a directory enables any user to create and delete any file within a directory. Sometimes, though, this isn't desirable; for instance, you probably don't want to let users delete each others' temporary files in /tmp or similar shared directories. You can set the sticky bit on such directories by using the t symbolic permission symbol. This bit keeps users from deleting files they don't own. You can tell when a directory has its sticky bit set by the presence of a t rather than an x in the world permission string, such as rwxrwxrwt.

Computer Hard Drive Data Recovery

Computer Hard Drive Data Recovery

Learn How To Recover Your Hard Drive Data After A Computer Failure.

Get My Free Ebook


Post a comment