Now that you know about users and groups, it’s time to decode the cryptic file permissions you’ve seen when using the ls command. This section describes how to decipher the permissions and where they come from.
Using file permission symbols
If you remember from previous sections, the ls command allows us to see the file permissions for files, directories, and devices on the Linux system:$ ls -l
The first field in the output listing is a code that describes the permissions for the files and directories. The first character in the field defines the type of the object:
After that, there are three sets of three characters. Each set of three characters defines an access permission triplet:
If a permission is denied, a dash appears in the location. The three sets relate the three levels of security for the object:
This is broken down in Figure below.
The Linux file permissions
the easiest way to discuss this is to take an example and decode the file permissions one by one:
-rwxrwxr-x 1 rich rich 4882 2007-09-18 13:58 myprog
The file myprog has the following sets of permissions:
These permissions indicate that the user login name rich can read, write, and execute the file (considered full permissions). Likewise, members in the group rich can also read, write, and execute the file. However, anyone else not in the rich group can only read and execute the file; the w is replaced with a dash, indicating that write permissions are not assigned to this security level.
Default file permissions
You may be wondering about where these file permissions come from. The answer, is umask. The umask command sets the default permissions for any file or directory you create:$ touch newfile
The touch command created the file using the default permissions assigned to my user account. The umask command shows and sets the default permissions:$ umask
Unfortunately, the umask command setting isn’t overtly clear, and trying to understand exactly how it works makes things even muddier. The first digit represents a special security feature called the sticky bit. We’ll talk more about that later on in this chapter in the ‘‘Sharing Files’’ section.
The next three digits represent the octal values of the umask for a file or directory. To understand how umask works, you first need to understand octal mode security settings.
Octal mode security settings take the three rwx permission values and convert them into a 3-bit binary value, represented by a single octal value. In the binary representation, each position is a binary bit. Thus, if the read permission is the only permission set, the value becomes r--, relating to a binary value of 100, indicating the octal value of 4. Table below shows the possible combinations you’ll run into.
Octal mode takes the octal permissions and lists three of them in order for the three security levels (user, group, and everyone). Thus, the octal mode value 664 represents read and write permissions for the user and group, but read-only permission for everyone else.
Now that you know about octal mode permissions, the umask value becomes even more confusing.The octal mode shown for the default umask on my Linux system is 0022, but the file Icreated had an octal mode permission of 644. How did that happen?
The umask value is just that, a mask. It masks out the permissions you don’t want to give to the security level. Now we have to dive into some octal arithmetic to figure out the rest of the story.
The umask value is subtracted from the full permission set for an object. The full permission for a file is mode 666 (read/write permission for all), but for a directory it’s 777 (read/write/execute permission for all).
Thus, in the example, the file starts out with permissions 666, and the umask of 022 is applied, leaving a file permission of 644.
The umask value is normally set in the /etc/profile startup file. You can specify a different default umask setting using the umask command:$ umask 026
By setting the umask value to 026, the default file permissions become 640, so the new file now is restricted to read-only for the group members, and everyone else on the system has no permissions to the file.The umask value also applies to making new directories:
since the default permissions for a directory are 777, the resulting permissions from the umask are different from those of a new file. The 026 umask value is subtracted from 777, leaving the 751 directory permission setting.
Shell Scripting Related Interview Questions
|Perl Scripting Interview Questions||Python Interview Questions|
|Linux Interview Questions||Linux Embedded systems Interview Questions|
|AWK Interview Questions||BioPerl Interview Questions|
|Sed (Stream Editor) Interview Questions||Advanced Linux Interview Questions|
|Unix/Linux Interview Questions||Unix Shell Scripting Interview Questions|
All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.