• No results found

File and Directory Permissions

Earlier in this chapter, you saw that the ls command with the option -al displayed the permissions associated with a file or a directory. The permissions associated with a file or a directory tell who can or cannot access the file or directory, and what the user can or cannot do.

In UNIX, each user is identified with a unique login id. Additionally, multiple users can be grouped and associated with a group. A user can belong to one or more of these groups. However, a user belongs to one

primary group. All other groups to which a user belongs are called secondary groups. The user login id is defined

in the /etc/passwd file, and the user group is defined in /usr/group file. The file and directory permissions in UNIX are based on the user and group.

All the permissions associated with a file or a directory have three types of permissions:

Permissions for the owner: This identifies the operations the owner of the file or the directory can perform on the file or the directory

Permissions for the group: This identifies the operations that can be performed by any user belonging to

the same group as the owner of the file or the directory.

Permissions for world: This identifies the operations everybody else (other than the owner and members of the group to which the owner belongs) can do.

Using the permission attributes of a file or directory, a user can selectively provide access to users belonging to a particular group and users not belonging to a particular group. UNIX checks on the permissions in the order of owner, group, and other (world)--and the first permission that is applicable to the current user is used.

Here is an example of a file called testfile in the current directory, created by a user called guhas

belonging to a group called staff. The file is set up so that only the user guhas can read, modify, or delete the file; users belonging to the group can read it, but nobody outside the group can access it. Executing the following command from current directory

ls -al testfile

displays the permissions of the file testfile:

-rw-r--- 1 guhas staff 2031 Nov 04 06:14 testfile

You should be careful when setting up permissions for a directory. If a directory has read permissions only, you might be able to obtain a list of the files in the directory, but you will be prevented from doing any operations on the files in that directory.

For example, if you have a directory called testdir in the current directory, which contains a file called

testfile, and the group permissions for testdir is read-only, executing the following command

ls testdir

will display the result

testfile

However, if you want to see the content of the file testfile using the following command:

cat testdir/testfile

you will get the following error message:

cat: testdir/testfile permission denied

To perform any operation on testfile in testdir, you must have the execute permission for testdir. If you want all the members in your group to know the names of the files in a particular directory but do not want to provide any access to those files, you should set up the directory using only read permission.

The owner of a file is determined by the user who creates the file. The group to which the file belongs is dependent on which UNIX system you are working on. In some cases, the group is determined by the current directory. In other cases, you might be able to change to one of you secondary groups (by using the newgrp

command) and then create a file or directory belonging to that group.

Similarly, if you set up a directory with just execute permission for the group, all members of the group can access the directory. However, without read permission, the members of the group cannot obtain a list of

directories or files in it. However, if someone knows the name of a particular file within the directory, he or she can access the file with the file's absolute pathname.

For example, let us assume that we have a sub-directory testdir under /u/guhas that has a file called

testfile. Let us assume the sub-directory testdir has been set up with 710 permission (that is execute permission for the group). In such a case, if a member of the group executes the ls command on testdir, the following will be the result

ls -l testdir testdir unreadable

total 0

while if someone is aware of the file testfile and executes the following command

ls -l testdir/testfile

-rw-r--r-- 1 guhas staff 23 Jul 8 01:48 testdir/testfile

then he or she will get all the information about the file testfile.

In UNIX, there is a special user who has blanket permission to read, write and execute all files in the system regardless of the owner of the files and directories. This user is known as root.