Version 10

    element14's The Ben Heck Show

    Join the Ben Heck team every week for amazing hacks! Watch them build and mod community-inspired projects using electronics!

    Back to The Ben Heck Show homepage

    sudo Sergeant
    Featured Bonus Content
    See All Episodes

     

     

    Felix discusses how file permissions work with Linux. He covers what they mean, what they’re for, and how to set them. You’ll learn to use command line to create a file and decipher user, group, and others rights. You can then add or remove permissions by CHMOD or by permission bits in octal notation.

     

     

    File permissions are the most basic form of security control on a Linux based operating system. They are implemented in a manner which can be configured to grant or deny access to files. The permissions can be modified by either the one who owns the file, or the super user.  The instruction to modify the permissions can take numeric arguments or symbolic arguments.

     

    Felix uses a command line example to show you how to see the permissions of a file: Typing “ls” shows you the root directory structure.

     

    sergeant@raspberrypi: ~ $ ls

    Desktop   Documents   Downloads Music   Pictures  Public  Templates test  Videos

     

    He wants to go the test directory so he types the command cd test. Typing ls again shows that this directory has two directories that were previously mounted.

     

    sergeant@raspberrypi: ~ $ cd test

    sergeant@raspberrypi: ~ $ ls

    mount0  mount 1

     

     

    Next he creates a files using command line using the touch command followed by the file he is creating and uses the ls command to verify the file was created:

    sergeant@raspberrypi: ~/test  $  touch testfile.text

    sergeant@raspberrypi: ~/test  $ ls

    mount0 mount1 testfile.txt

     

    To find the file permissions of this newly created file he types in ls -l:

     

    sergeant@raspberrypi: ~/test  $ ls -l

    total 8

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1

    - rw-r-- r-- 1  sergeant sergeant       0 Aug 30 09:46 testfile.txt

     

    For testfile.txt the information to left of the number 1 are the file permissions. The first bit in the file permissions is the file type, the next 3 are the permissions of the owner,  the following three bits are the permissions of the group, and the last three are the permissions of anybody who is either not in the group or not the owner.  The last bit is a single character that specifies alternate access methods.

     

    For instance, if you see "drwxr" it means that the file type is director, the r means that the owner can read the directory, the w means the owner can write to the directory,  and x means the owner can execute the directory (since it's a directory it doesn't really get executed). The next 3 bits are the group rights. For testfile.txt, "r--" means that the group can read this but cannot write or execute.

     

    There are two ways to modify the file permissions.  They can either be done through numeric method or via a character method. With the character method, you would change the file permissions by sending the instruction chmod (change modify).  Felix suggests expanding the help anytime you have an instruction. After, using the  command "--help" Felix decides to give execution permissions to the user for the file by typing in the following command:

     

    In this example, read and write are turned off execute is turned on:

    sergeant@raspberrypi: ~/test  $ chmod u=+x testfile.txt

    sergeant@raspberrypi: ~/test  $ ls -l

    total 8

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1

    ---xr-- r-- 1  sergeant sergeant       0 Aug 30 09:46 testfile.txt

    In this example, read and write are added along with execute:

     

    sergeant@raspberrypi: ~/test  $ chmod u=+rwx testfile.txt

    sergeant@raspberrypi: ~/test  $ ls -l

    total 8

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1

    -rwxr-- r-- 1  sergeant sergeant       0 Aug 30 09:46 testfile.txt

    To give those same permissions to the group simply use the following command:

    sergeant@raspberrypi: ~/test  $ chmod g=+rwx testfile.txt

    sergeant@raspberrypi: ~/test  $ ls -l

    total 8

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1

    -rwxrwxr-- 1  sergeant sergeant       0 Aug 30 09:46 testfile.txt

    To give those permissions to others you would use the following command:

    sergeant@raspberrypi: ~/test  $ chmod o=+rwx testfile.txt

    sergeant@raspberrypi: ~/test  $ ls -l

    total 8

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1

    -rwxrwxrwx 1  sergeant sergeant       0 Aug 30 09:46 testfile.txt

    To take away group permissions you would use the minus sign instead of the plus sign:

    sergeant@raspberrypi: ~/test  $ chmod g=-rwx testfile.txt

    sergeant@raspberrypi: ~/test  $ ls -l

    total 8

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0

    drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1

    -rwx---rwx 1  sergeant sergeant       0 Aug 30 09:46 testfile.txt

    This is covers adding and removing permissions using the character method.  To change permissions via the numeric method you can head over to  Unix Permissions and Lookup . Select your permissions bits. We're focusing on user, group, and others.If you want to have read write execute for user group and others you would select those permissions on the page.

    sergeant@raspberrypi: ~/test $ chmod 777 testfile.txt

    sergeant@raspberrypi: ~/test $ ls -l testfile.txt

    -rwxrwxrwx 1 sergeant sergeant 0 Aug 30 9:46 testfile.txt

    Trying again with a different numeric value changes the file permissions:

    sergeant@raspberrypi: ~/test $ chmod 700 testfile.txt

    sergeant@raspberrypi: ~/test $ ls -l testfile.txt

    -rwx------ 1 sergeant sergeant 0 Aug 30 9:46 testfile.txt