Click here for ObjectSpace: Business- to- Business Integration Company
home account info subscribe login search My ITKnowledge FAQ/help site map contact us


 
Brief Full
 Advanced
      Search
 Search Tips
To access the contents, click the chapter and section titles.

Complete Idiot's Guide to Linux
(Publisher: Macmillan Computer Publishing)
Author(s): Manuel Ricart
ISBN: 078971826x
Publication Date: 12/22/98

Bookmark It

Search this book:
 
Previous Table of Contents Next


Chapter 16
Permissions: Protecting and Sharing Your Work

In This Chapter

  Working with Permissions
  User Categories
  Assigning Permissions by Numbers
  Assigning Permissions by Symbols

As you know, Linux is a multi-user system. This means that many people can access and work on the same computer at the same time. Because of this, there’s a need to provide a mechanism that allows users to share and protect files as necessary to make collaboration and security work properly. The mechanism for accomplishing this is the permissions mechanism built into the file system.

This chapter explains permissions and strategies for sharing files with other users. If your system has more than one user, you might need to protect your files. If your system is a standalone machine that only you have access to, this chapter provides an informative overview.

How Does Permissions Work?

When you add a user to the system, several things happen, including the following:

  You create a home directory for the user’s files
  The system adds entries on one of the its databases so that files the user creates are marked as being owned by that user
  The user is added to at least one default user group Adding users and groups is covered in Chapter 17, “Users, Groups, and Passwords.”

All these steps serve one purpose: to give you a mechanism for protecting private or group-owned files from public view or use. Under Linux, given the appropriate hardware resources, you could easily sustain thousands of users comfortably in one machine. I know of a place where two little Pentium boxes with 128MB of RAM and several gigabytes of storage serve more than 400 users, plus 200 different Internet services—each running under its own virtual domain name and serving a large number of users! (Each machine can actually handle the entire load plus a lot more, but for safety reasons the services are available from two machines.)

Now just imagine 400 strangers snooping through your files! You have two solutions:

1.  Don’t keep or author any sensitive materials you don’t want others to read—a drastic but very secure option.
2.  Utilize the UNIX permissions mechanism to avoid most unwanted eyes from prying at your secrets.

We’ll explore the second option. Every user is assigned a certain level of access when his or her account is created. The level of access is indicated by the group memberships of the user. The system’s administrator (root) can change these memberships at any time. When a user logs in, the system associates the user with a particular identity. Using this identity and the file permissions system, Linux decides what the user is allowed to do and which files the user is allowed to read or manipulate.

At the most basic level, the permissions system is actually quite simple. Each file in the system is owned by exactly one user and related to exactly one group. Every file also has a set of nine switches that control who can read, write, or execute the file. (There are more switches, but I’ll talk about them in the next section, “The Effective User ID.”)

Any given user fits into one or more roles in relation to a given file:

  The owner or user role: The user in question is the owner of this file (typically its creator). The owners can assign permissions to the file as he or she sees fit.
  The group role: The user in question is a member of the group related to the file. Groups are designed to help control access to files in a multi-user collaboration. By relating a file to a group of people, access to a file can be controlled for many people at once. Any user can belong to any number of groups, but a file is related to exactly one group at a time.
  The other role: This user is not the owner of this file, nor is the user a member of the group related to this file.

For each file in a Linux system, three permission “switches” exist for each of these roles (for a total of nine switches):

  Read (R)—This switch grants permission to look at the file’s contents.
  Write (W)—This switch grants permission to change the file’s contents or delete the file.
  Execute (X)—This switch grants permission to run the file as a program. In the case of directories, this level also means permission to cd into the directory.

By default, even if not purposefully assigned, files will have some permissions already set. Thinking of permissions as a table like that shown in the following figure is very useful.


A checkmark indicates granted permissions, and a dash means the lack of such permission.

So according to the table, owners are allowed to read, write, and execute the file.

Group members are only allowed read and execute permissions. Anyone not an owner or member of a group cannot read, write, or execute a program; if the file in question was a directory, such a user could not traverse it, either.

Let’s look at an example to demonstrate the way permissions are usually represented. You can display permission information for a file by using the ls command with the -l option:

     [root@digital alberto]# ls -l
     total 2
     -rw-rw-r--   1 alberto  alberto       388 Jul 29 19:03 readme.txt
     drwxrwxr-x   4 alberto  alberto      1024 Aug  2 14:39 stuff


Previous Table of Contents Next


Products |  Contact Us |  About Us |  Privacy  |  Ad Info  |  Home

Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc.
All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement.