File Permissions
Latest revision as of 19:32, 13 August 2012
Contents |
[edit] File Permissions
FBSD, is a direct descendant of the multiuser system UNIX, and has inherited the underlining permission structure that FBSD uses for the control of sharing and managing requests for hardware devices, peripherals, memory, CPU time, files and directories. Everything FBSD manages has a set of permissions governing who can read, write, and execute the resource.
These permissions are stored as a 10 position control field.
The format of the permission control field, (from left to right) is
Position 1 values = d This is a directory l This is a link file - This is a file
The remaining 9 positions are broken into groups of 3 positions. The first group of 3 positions refers to the owner, the next group of 3 positions refers to the account group, and the last 3 positions refer to all other users. Any of the positions may hold a ‘-‘ dash which means no permission.
Position 2, 3, 4 = owner Position 2 can contain an R means the owner has read access - means the owner has no read access Position 3 can contain a W means the owner has write access - means the owner has no write access Position 4 can contain an X means the owner has execute access - means the owner has no execute access Position 5, 6, 7 = account group Position 2 can contain an R means the group has read access - means the group has no read access Position 3 can contain a W means the group has write access - means the group has no write access Position 4 can contain an X means the group has execute access - means the group has no execute access Position 8, 9, 10 - all users Position 2 can contain an R means all users have read access - means all users have no read access Position 3 can contain a W means all users have write access - means all users have no write access Position 4 can contain an X means all users have execute access - means all users have no execute access
Read permission: Enables you to look at a file or directory. You can use an editor to see the content of the file. You can copy this file. If it's a directory, lets you list content of directory.
Write permission: Enables you to change the content of the file and save it. You need write permission to the directory to delete files or create new files.
Execute permission: Enables you to run the program or shell script contained in the file.
You can use the ls -l command to view a long directory listing that displays the 10 position permission control field to the far left side of the listing.
For example, a ls -l /etc/
drwxr-xr-x 2 root wheel 512 Oct 9 2002 X11 -rw-r--r-- 1 root wheel 1340 Jan 7 2003 adduser.conf lrwxrwxrwx 1 root wheel 12 Jan 9 2003 aliases -> mail/aliases -rw-r--r-- 1 root wheel 65536 Jan 9 2003 aliases.db -rw-r--r-- 1 root wheel 208 Oct 9 2002 amd.map -rwxr-xr-x 1 root wheel 7183 Jan 7 2003 cvsupfile drwxr-xr-x 2 root wheel 512 Jan 9 2003 defaults -rw-r--r-- 1 root wheel 271 Oct 9 2002 dhclient.conf -rw-r--r-- 1 root wheel 6990 Oct 9 2002 disktab -rw-r--r-- 1 root wheel 478 Oct 9 2002 dm.conf -rw-rw-r-- 1 root operator 0 Oct 9 2002 dumpdates -rw-r--r-- 1 root wheel 142 Oct 9 2002 fbtab -rwxr-xr-x 1 root wheel 832 Nov 10 13:13 fstab -rwxr-xr-x 1 root wheel 1886 Jan 7 2003 gettytab drwxr-xr-x 2 root wheel 512 Jan 9 2003 gnats -rw-r--r-- 1 root wheel 477 Jul 9 18:14 group -rwxr-xr-x 1 root wheel 1996 Jan 7 2003 newsyslog.conf -rw------- 1 root wheel 1603 Oct 9 2002 nsmb.conf
Lets look closely at the first line in the above listing.
drwxr-xr-x 2 root wheel 512 Oct 9 2002 X11
The file and directory names are on the far right side. This is a directory, because the first position of the permission control field is populated with a d. The word root means the owner of the directory is root. The word wheel is the name of the account group. The permission control field says the owner root has read, write, and execute permission. The account group wheel has read and execute permission, and the same for all other users.
Lets look at one more
-rw-rw-r-- 1 root operator 0 Oct 9 2002 dumpdates
Here, this is a file, because position one of the permission control field has a -. Owner root has read and write permission, account group operator has same permission as owner root, while all other users only have read permission.
[edit] Managing Permissions
Root and members of the account group 'wheel' are the only users who have permission to change settings of files not belonging to themselves. The command chmod is used to change the permission settings in the permission control field. It accepts a 3 digit numerical number or a group of r's and w's as input. The 3 digit numerical number form of input is easier to understand and use. The 3 digit numerical number represents the 3 groups in the permission control field, one digit per category: owner, account group, and all other users. The permission digits are:
Digit Permission
0 None 1 Execute Only 2 Write Only 3 Write and Execute 4 Read Only 5 Read and Execute 6 Read and Write 7 Read, Write, and Execute
Change file permissions
chmod 700 dumpdates
would assign owner read, write, and execute permissions, and account group and all other users get no permission.
An ls -l dumpdates would show this:
-rwx------ 1 root operator 0 Oct 9 2002 dumpdates
chmod 764 dumpdates
would assign owner read, write, and execute permissions, account group gets read and write permissions, and all other users get read only permission.
ls -l dumpdates would show this:
-rwxrw-r-- 1 root operator 0 Oct 9 2002 dumpdates
[edit] Change file owner
The chown command is used to change the owner. If my personal FBSD account name was joe and I wanted to change the owner of dumpdates from root to joe, I would use this:
chown joe dumpdates
[edit] Change file group
The chgrp command is used the change the account group. If I wanted to change dumpdates group from operator to network, I would use this:
chgrp network dumpdates.