lsg17.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<FONT SIZE=4 COLOR="#FF0000"><B>Changing Permissions</B></FONT></CENTER></H4>



<BR>



<P>You may want to change the permissions attached to a file or directory. You change permissions with the chmod command, which can operate in either symbolic or absolute mode. Symbolic mode is the easiest mode to learn and use, but absolute mode offers better control.



<BR>



<P>Using chmod in symbolic mode requires that you follow a strict syntax. Once you understand that syntax, the command is easy to use. Symbolic mode lets you instantly understand the changes that you are making to permissions. The general syntax of the chmod in symbolic mode is



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chmod who-change-perms files</FONT></PRE>



<P>where who indicates who you want the changes to apply to. Valid values are u for user, g for group, and o for other, in any combination and order. The change indicates whether you want to take away permissions (-), add them (+), or explicitly set them (=). You can use only one symbol in each chmod command. The perms indicate whether you want to change read (r), write (w), or execute (x) permission. These three components (who, change, and perms) of the command are run together without a space. A few examples may help make this concept a little clearer. The command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chmod u+rwx bigfile</FONT></PRE>



<P>alters the permissions on bigfile to add read, write, and execute for the user. If any of these three permissions already existed on bigfile, they are left alone, but they are added if they didn't exist before the command. The permissions for the group and other users are not affected, as this command deals specifically with the user's permissions. On the other hand, the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chmod go-x bigfile</FONT></PRE>



<P>takes away execute permission for the group and other, without changing the group's and other's read or write permissions (they stay the way they were) or the user's permissions (as a u was not included in the command). You can use wildcards in the chmod command, as well, so the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chmod uo+w chapter*</FONT></PRE>



<P>adds write permission for the user and other for any file starting with chapter.



<BR>



<P>If you don't specify whether the command applies to user, group, or other, all three are affected, so the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chmod +rwx</FONT></PRE>



<P>changes the permissions for user, group, and other to read, write, and execute.



<BR>



<P>You also can use the symbolic mode of chmod to set permissions explicitly. As you have seen, if you do not specify a parameter on the command line, it is not changed. In other words, if you issue the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chmod u+r bigfile</FONT></PRE>



<P>only the read permission for the user is changed, and the write and execute permissions are left as they were.



<BR>



<P>You can do the same sort of command to set permissions for directories, remembering what they mean in the context of changing into, adding to, and listing directories. For example, the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chmod go+rx mydir</FONT></PRE>



<P>allows users in group and other to list mydir's contents and change into mydir, but they cannot add files to this directory.



<BR>



<P>Sometimes you want to explicitly set the permissions to some value, for which you can use the equal sign. For example, the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chmod u=rx bigfile</FONT></PRE>



<P>turns on read and execute permission for the user, but turns off write permission (whether it was on or off before the command, it will be off after). However, the group and other permission blocks are left unaffected. If you want to make changes to all three blocks (user, group, and other) at the same time, you must use chmod's absolute mode.



<BR>



<P>The chmod command's absolute mode uses numbers to specify permissions. There are three numbers, one for the user, one for the group, and one for the other permissions. All three must be specified on the command line. Each number is the sum of values that represent read, write, and execute permissions. The following list shows the values:



<BR>







<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="100%" CELLPADDING=2 >



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



000



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



no permissions</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



001



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



other, execute</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



002



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



other, write</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



004



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



other, read</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



010



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



group, execute</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



020



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



group, write</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



040



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



group, read</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



100



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



user, execute</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



200



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



user, write</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



400



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



user, read</FONT>



</TABLE><P>You can see that the numbers are in three columns. From left to right, they represent user, group, and other permissions. To use these numbers, add together the values of one (execute), two (write), and four (read) to form the combination you need. For example, if you want to set read and execute permissions, the number you specify is five. Setting all the permissions gives you seven, and a value of zero signifies no permissions. You then use these numbers on the chmod command line. For example, t<A NAME="I2"></A>he command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chmod 644 bigfile</FONT></PRE>



<P>sets user permissions to read and write (six), group permissions to read (four), and other permissions to read (four). Permissions that aren't set are replaced with blanks, resulting in following file permission block:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">rw-r--r--</FONT></PRE>



<P>You may recognize this block as the default permission block for users with a umask of 022. This example points out the fact that the umask and chmod absolute numbering schemes are not the same.



<BR>



<P>Absolute mode is useful for setting the entire permission block in one shot. Although the addition process may seem awkward at first, it becomes quite easy after a while. A couple of settings are used frequently. The 644 setting shown previously produces the usual permissions for files, and the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chmod 755 mydir</FONT></PRE>



<P>sets mydir to allow only the owner to add files and let everyone list the contents and change into the directory. You can use wildcards with this mode of chmod to make blanket changes.



<BR>



<P>Which mode of chmod you use at any time depends on the type of permission change you want to make. If you just want to change a single permission (such as adding execute permission for yourself or read-write permission for the group), the symbolic format is easy. For setting complete permission block details, the absolute mode is fastest.



<BR>



<BR>



<A NAME="E69E129"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Changing the Owner and Group</B></FONT></CENTER></H4>



<BR>



<P>Every file and directory on a Linux system has an owner and a group, both of which can be seen in the long directory listing. The owner of the file is usually the username of the person who created the file, and the group of the file is the group the person was in when the file was created. You may want to change the owner and group when sharing files or moving them to another user. To do this, use the chown and chgrp commands.



<BR>



<P>To change the owner of a file or directory, use the chown command with the name of the new owner. For example, the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chown bill datafile</FONT></PRE>



<P>changes the owner of datafile to bill. When the command is issued, it checks to make sure that the specified owner is valid (by searching /etc/passwd) and that you own the file. Only the file owner or the superuser can change file ownerships. You can use wildcards to change many files or directories at once. For example, the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chown yvonne chapter*</FONT></PRE>



<P>changes the owner of all files starting with chapter to yvonne.



<BR>



<P>To change the group owner of a file or directory, use the chgrp command (not to be confused with newgrp, which changes your current group). For example, the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">chgrp accounts bigfile</FONT></PRE>



<P>changes the group to accounts. Again, Linux checks that the group name exists in /etc/group and that the person changing the group is in the group that currently owns the file. As with chown, you can use wildcards to change many files and directories at once.



<BR>



<P>If you know the UID or GID of the user or group, you can use it on the command line instead of the name. Linux searches the /etc/passwd and /etc/group files to make sure the UID or GID is valid, and you must have permission to change the owner for this procedure to work.



<BR>



<BLOCKQUOTE>



<BLOCKQUOTE>



<HR ALIGN=CENTER>



<BR>



<NOTE>Use caution when changing ownerships. It's easy to change an owner or a group, and then realize you have locked yourself out of the file!</NOTE>



<BR>



<HR ALIGN=CENTER>



</BLOCKQUOTE></BLOCKQUOTE>



<BR>



<A NAME="E68E97"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>Summary</B></FONT></CENTER></H3>



<BR>



<P>This chapter explained how to give your system a name and assign access permissions. Naming a system is very important when you are connected to a network, but it is more of a personality issue when you are running a stand-alone system. Still, it is nice to refer to your machine as more than thing or the default darkstar name.



<BR>



<P>File permissions are one of the most misunderstood and misused concepts of UNIX, yet they are surprisingly easy to manage. Using the commands explained in this chapter should make it easy for you to alter file permissions and ownership to suit your needs.



<P ALIGN=LEFT>



























</td>
</tr>
</table>
<!-- begin footer information -->


</body></html>