Directory Permissions

Directories are also files under Linux. For example, again use the ls command to show permissions like this:

$ mkdir foo $ ls -ld foo drwxrwxr-x 2 andrew andrew 4096 Jan 23 12:37 foo

In this example, the mkdir command is used to create a directory. The ls command and its -ld option is used to show the permissions and other information about the directory (not its contents). Here you can see that the directory has permission values of 775 (read+write+execute or 4 + 2 + 1, read+write+execute or 4 + 2 + 1, and read+execute or 4 + 1).

This shows that the owner and group members can read and write to the directory and, because of execute permission, also list the directory's contents. All other users can only list the directory contents. Note that directories require execute permission in order for anyone to be able to view their contents.

You should also notice that the ls command's output shows a leading d in the permissions field. This letter specifies that this file is a directory; normal files will have a blank field in place. Other files, such as those specifying a block or character device, will have a different letter.

For example, if you examine the device file for a Linux serial port, you will see

crw-rw---- 1 root dialout 4, 64 2006-05-31 20:04 /dev/ttyS0

Here, /dev/ttyso is a character device (such as a serial communications port and designated by a c) owned by root and available to anyone in the uucp group. The device has permissions of 660 (read+write, read+write, no permission).

On the other hand, if you examine the device file for an SATA hard drive, you see

$ ls -l /dev/hda brw-rw---- 1 root disk 8, 0 2006-05-31 20:04 /dev/sda

In this example, b designates a block device (a device that transfers and caches data in blocks) with similar permissions. Other device entries you will run across on your Linux system include symbolic links, designated by s.

You can use the chmod command to alter a file's permissions. This command uses various forms of command syntax, including octal or a mnemonic form (such as u, g, o, or a and rwx, and so on) to specify a desired change. The chmod command can be used to add, remove, or modify file or directory permissions to protect, hide, or open up access to a file by other users (except for root, which can access any file or directory on a Linux system).

The mnemonic forms of chmod's options (when used with a plus character, +, to add, or a minus sign, -, to take away) designate the following:

u Adds or removes user (owner) read, write, or execute permission g Adds or removes group read, write, or execute permission o Adds or removes read, write, or execute permission for others not in a file's group a Adds or removes read, write, or execute permission for all users r Adds or removes read permission w Adds or removes write permission x Adds or removes execution permission

For example, if you create a file, such as a readme.txt, the file will have default permissions (set by the umask setting in /etc/bashrc) of

-rw-rw-r— 1 andrew andrew 12 Jan 2 16:48 readme.txt

As you can see, you and members of your group can read and write the file. Anyone else can only read the file (and only if it is outside of your home directory, which will have read, write, and execute permission set only for you, the owner). You can remove all write permission for anyone by using chmod, the minus sign, and aw like so:

-r--r—r— 1 andrew andrew 12 Jan 2 16:48 readme.txt

Now, no one will be able to write to the file (except you, if the file is in your home or /tmp directory because of directory permissions). To restore read and write permission for only you as the owner, use the plus sign and the u and rw options like so:

-rw------- 1 andrew andrew 12 Jan 2 16:48 readme.txt

You can also use the octal form of the chmod command, for example, to modify a file's permissions so that only you, the owner, can read and write a file. Use the chmod command and a file permission of 600, like this:

$ chmod 600 readme.txt

If you take away execution permission for a directory, files might be hidden inside and may not be listed or accessed by anyone else (except the root operator, of course, who has access to any file on your system). By using various combinations of permission settings, you can quickly and easily set up a more secure environment, even as a normal user in your home directory.

Was this article helpful?

0 0

Post a comment