John George Bauer-Buis
2018-02-24
NET-140-001N
Synopsis: Chapter 6 Permissions
This first section is a synopsis of this chapter using the headings and subheadings from the textbook, with descriptions in my own words.
- Intro and Decoding Permissions
- There are different categories for files. Various different characters or symbols are used to represent them, such as a - (hyphen/dash) for regular files such as text files and binaries, b for block files, c for character files
- There are three types of permissions that can be granted for a file or directory/folder: read (r), write (w), and execute/run (x).
- Changing Permissions
- Changing permissions is actually fairly simple. There are two methods: Symbolic (letter based) permissions and Numeric Based Permissions. Both methods use the change mode command, chmod, to apply them.
- Symbolic permissions are the rwx as already described. They are applied or removed with the chmod command and the +,-, and = operator to add, remove or set as equivalent, respectively, the read, write, and execute bits of the underlying binary permissions settings.
- Numeric Based Permissions are the underlying method that permissions are applied with. To use them directly, they are applied in 3 digit (owner, group, and everyone) codes. Each digit has multiple possible values with specific meanings. 7 grants all permissions (read, write, execute), 6 grants read and write, 5 read and execute, 4 read only
- Commonly Used Permissions include: rwx------ or 700, allowing the owner full permissions and none for their group nor everyone else; rw-rw-r-- or 664, which allows the user and their group to read and write but not execute the file
- Working with Groups
- As I’d mentioned, groups are users that share the same permissions for a file. Groups can be used to control permissions for shared computers, such as file servers or workstations. The chgrp command is used to change the group a file is shared with.
- Directory Permissions
- Directories can have permissions set the same way as files can, although directories need their permission set carefully or it may be impossible to run files within them.
- Default Permissions and the File Creation Mask
- Adding or subtracting permissions allows the setting of different permissions for files than the directory they are located in.
- Special Modes
- It is possible to run files as other users, so the umask (user mask) will return a fourth digit when the command umask is run by itself, to display the actual umask.
Observations and questions:
I notice that odd digits of permissions are always executable, although even numbers can be read, write, or both. It can often be easier to add permissions for a user or group than to change the entire permissions settings. I tend towards adding permissions as needed rather than just granting all permissions to everyone if I can’t do something with a file that I need to do, usually writing to a directory or editing a file, sometimes running a file without moving it to some obscure spot. This is definitely a chapter that I will refer back to as needed, since numerical commands are not terribly memorable, at least for me, although I already remember that 7 is all permissions for a given user, group or for all users depending on position, and 6 just read and write.
This article on umask (user mask) might be useful: https://www.linuxnix.com/umask-define-linuxunix/
I may add to this post at a later date if I discover more useful information that I think I should feature here.
