Difference between revisions of "File permissions"

From Funtoo
Jump to: navigation, search
m (Added info about -r option of userdel)
(Added a general overview of user rights in Linux systems.)
Line 1: Line 1:
 
__NOTOC__
 
__NOTOC__
  
== Add user ==
+
== File permissions ==
 +
 
 +
With Linux, the most common way to handle user rights provides three distinct rights on files. The meaning of these rights for directories (which '''are''' files in Linux) is slightly different.
 +
 
 +
{|class="table table-striped"
 +
! Subject                  || Right              || Description        || Typical granted commands
 +
|-
 +
|rowspan=3| '''File'''      || <code>r (4)</code> || Read                || cat ''f'', less ''f'', grep ''f'', file ''f''
 +
|-
 +
                            || <code>w (2)</code> || Write              || sed -i ''f'', shred ''f'', truncate ''f'', vi ''f''
 +
|-
 +
                            || <code>x (1)</code> || Execution          || /absolute/path/to/''f'', relative/path/to/''f''
 +
|-
 +
|rowspan=3| '''Directory''' || <code>r (4)</code> || List contents      || ls ''d''
 +
|-
 +
                            || <code>w (2)</code> || Create/Remove files || touch ''d''/a_file, mkdir ''d''/a_dir, rm ''d''/a_file, rmdir ''d''/a_dir, chmod ''d''/a_file, chown ''d''/a_dir
 +
|-
 +
                            || <code>x (1)</code> || Browse hierarchy    || cd ''d'', pushd ''d''
 +
|}
 +
 
 +
File permissions are split into three categories of users:
 +
 
 +
; The owner of the file (<code>u</code> as user): Typically the creator of the file
 +
; The group of the file (<code>g</code> as group): Typically the main group of the owner
 +
; The others (<code>o</code> as others): Anybody else
 +
 
 +
As you would have notice, this does not provide a fine-grained way to manage permissions, but this is quite light, simple, and sufficient for most usages. However, if you think you need a really fine-grained level, you should consider looking at [[SELinux]].
 +
 
 +
== Manage user and groups ==
 +
 
 +
=== Add user ===
  
 
You can add user with useradd.
 
You can add user with useradd.
Line 9: Line 39:
 
</console>
 
</console>
  
== Delete user ==
+
=== Delete user ===
  
 
You can delete user with userdel.
 
You can delete user with userdel.
Line 23: Line 53:
 
}}
 
}}
  
== List groups ==
+
=== List groups ===
  
 
You can list groups with group.
 
You can list groups with group.
Line 32: Line 62:
 
</console>
 
</console>
  
== Add or remove user from group ==
+
=== Add or remove user from group ===
  
 
You can add or remove user from group with gpasswd.
 
You can add or remove user from group with gpasswd.
Line 41: Line 71:
 
</console>
 
</console>
  
== Create new group ==
+
=== Create new group ===
  
 
You can create new group with groupadd.
 
You can create new group with groupadd.
Line 49: Line 79:
 
</console>
 
</console>
  
== Delete group ==
+
=== Delete group ===
  
 
You can also delete group with groupadd.
 
You can also delete group with groupadd.
Line 57: Line 87:
 
</console>
 
</console>
  
== File permissions ==
+
== Manage rights on files ==
 +
 
 +
=== Change file permissions ===
  
You can change file permissions with chmod.
+
You can change file permissions with <code>chmod</code>.
  
 
<console>
 
<console>
$ chmod <r><g><u> <file>
+
$ chmod <u><g><o> <file>
 
</console>
 
</console>
  
<nowiki><r></nowiki> = number for root permissions
+
Where <nowiki><u>, <g> and <o></nowiki> are respectively the octal representation of the rights you want to set for the owner, the group and others.
<nowiki><g></nowiki> = number for group permissions
 
<nowiki><u></nowiki> = number for user permissions
 
  
 
<pre>7 = 4+2+1 (read/write/execute)
 
<pre>7 = 4+2+1 (read/write/execute)
Line 77: Line 107:
 
1 = 1 (execute)</pre>
 
1 = 1 (execute)</pre>
  
== Change owner and group of file ==
+
=== Change owner and group of file ===
You can change owner and group of file with chown.
+
 
 +
You can change owner and group of a file with <code>chown</code>.
 +
 
 
<console>
 
<console>
 
# chown <user>:<group> <file>
 
# chown <user>:<group> <file>
 
</console>
 
</console>
You can change owner of folder and files inside recursively with:
+
 
 +
You can change owner of a directory and children recursively with:
 +
 
 
<console>
 
<console>
 
# chown -R <user>:<group> <folder>
 
# chown -R <user>:<group> <folder>

Revision as of 11:47, September 27, 2014


File permissions

With Linux, the most common way to handle user rights provides three distinct rights on files. The meaning of these rights for directories (which are files in Linux) is slightly different.

Subject Right Description Typical granted commands
File r (4) Read cat f, less f, grep f, file f
w (2) Write sed -i f, shred f, truncate f, vi f
x (1) Execution /absolute/path/to/f, relative/path/to/f
Directory r (4) List contents ls d
w (2) Create/Remove files touch d/a_file, mkdir d/a_dir, rm d/a_file, rmdir d/a_dir, chmod d/a_file, chown d/a_dir
x (1) Browse hierarchy cd d, pushd d

File permissions are split into three categories of users:

The owner of the file (u as user)
Typically the creator of the file
The group of the file (g as group)
Typically the main group of the owner
The others (o as others)
Anybody else

As you would have notice, this does not provide a fine-grained way to manage permissions, but this is quite light, simple, and sufficient for most usages. However, if you think you need a really fine-grained level, you should consider looking at SELinux.

Manage user and groups

Add user

You can add user with useradd.

root # useradd -g users -G wheel,portage,audio,video,usb,cdrom,tty -m <username>

Delete user

You can delete user with userdel.

root # userdel <username>
   Note

If you want to remove user files as well (home directory and mail spool, use the -r option:

root # userdel -r <username>

List groups

You can list groups with group.

user $ groups
user $ groups <username>

Add or remove user from group

You can add or remove user from group with gpasswd.

root # gpasswd -a <user> <group>
root # gpasswd -d <user> <group>

Create new group

You can create new group with groupadd.

root # groupadd <group>

Delete group

You can also delete group with groupadd.

root # groupdel <group>

Manage rights on files

Change file permissions

You can change file permissions with chmod.

user $ chmod <u><g><o> <file>

Where <u>, <g> and <o> are respectively the octal representation of the rights you want to set for the owner, the group and others.

7 = 4+2+1 (read/write/execute)
6 = 4+2 (read/write)
5 = 4+1 (read/execute)
4 = 4 (read)
3 = 2+1 (write/execute)
2 = 2 (write)
1 = 1 (execute)

Change owner and group of file

You can change owner and group of a file with chown.

root # chown <user>:<group> <file>

You can change owner of a directory and children recursively with:

root # chown -R <user>:<group> <folder>