File Permissions and Statistics

As we discussed in the section on the ls command, each file and directory has an owner and a group with which it's associated. Each file is created with permissions that allow or prevent you access to the file dependent on your user ID and group. In this section we discuss how to view and change file permissions and ownership.

4.3.3.1 Viewing file attributes with stat

Usage: stat -[options] filename

stat lets you view the complete set of attributes of a file or directory, including permissions,

image1.rgb:

inode 11750927; dev 77; links 1; size 922112

regular; mode is rw---; uid 12430 (jambeck); gid 280 (weasel) projid 0 st_fstype: xfs

change time - Sun Mar 14 14:21:50 1999 <921442910> access time - Sat Mar 13 18:11:21 1999 <921370281> modify time - Sat Mar 13 10:28:39 1999 <921342519>

4.3.3.2 Changing file ownership and permissions with chmod

On most Unix systems, you wouldn't want every file to be readable, writable, and executable by every user. The chmod command allows you to set the file permissions, or mode, on a list of files and

directories. The recursive option, -R, causes chmod to descend recursively through a directory tree and change the mode of the files and directories.

For example, a long directory listing for a directory, a symlink, and a file looks like this:

drwxr-xr-x 7 jambeck weasel 2048 Feb 10 19:08 image/

lrwxr-xr-x 1 jambeck weasel 10 Mar 14 13:12 image.rgb-> image1.rgb -rw-r--r-- 1 jambeck weasel 922112 Mar 13 10:28 image1.rgb

The first character in each line indicates whether the entry is a file, directory, symlink, or one of a number of other special file types found on Unix systems. The three listed here are by far the most common. The remaining nine characters describe the mode of the file. The mode is divided into three sets of three characters. The sets correspond —in the following order—to the user, the group, and other. The user is the account that owns the directory entry, the group can be any group on the system, and other is any user that doesn't belong to the set that includes the user and the group. Within each set, the characters correspond to read (r ), write (w), and execute (x) permissions for that person or group. In the previous example, to change the mode of the file image1.rgb so that it's readable only by the user and modified (writable) by no one, you can issue one of the following commands:

chmod u-w,g-r,o-r image1.rgb chmod u=r,g=-,o=- image1.rgb chmod u=r,go=- image1.rgb

Any one of these commands results in image1.rgb 's permissions looking like:

-r--- 1 jambeck weasel 922112 Mar 13 10:28 image1.rgb

The first two commands should be fairly obvious. You can add or subtract user's, group's or other's read, write or execute permissions by this mechanism. The mode parameters are:

[u,g,o]

User, group, other [+,-,=]

[r,w,x]

Read, write, execute

u, g, and o can be grouped or used singly. The same is true for r, w, and x. The operators +, -, and =

describe the action that is to be performed.

4.3.3.3 Changing file and directory ownership with chown and chgrp

Usage: chown -[options] filenamesitem

Usage: chgrp -[options] filenames

The chown command lets you change the owner (or, in file-permission parlance, the user) of a file or directory. The operation of the chown command is dependent on the version of Unix you are running. For example, IRIX allows you to "give" the ownership to someone else, while this is impossible to do in Linux. We will cite only examples of the chgrp command, since in Linux, you can be a member of two groups and get this command to work for you.

chgrp lets you change the group of a file or directory. You must be a member of the group the file is being changed to, so you have to be a member of more than one group and understand how to use the

newgrp command (which is described later in this chapter). Assume for a moment that you created

image/, a directory containing files, while you were in your default group. Later, you realize that you want to share these files with members of another group on the system. So, at first, the permissions look like this:

drwxr-xr-x 7 jambeck weasel 2048 Feb 10 19:08 image/

Change to the other group using the command newgrp wombat, then type:

chgrp -R wombat image

to make all files in the directory accessible to the wombat group. Finally, you should change the permissions to make the files writable by the wombat group as well. This is done with the command:

chmod -R g+w image

Your entry should now appear as follows:

drwxrwxr-x 7 jambeck wombat 2048 Feb 10 19:08 image/ 4.3.4 System Administration

Most files that control the configuration of the Unix system on your computer are writable only by the system administrator. Adding and deleting users, backing up and restoring files, installing new software in shared directories, configuring the Unix kernel, and controlling access to various parts of the

filesystem are tasks normally handled by one specially designated user, with the username root. When you're doing day-to-day tasks, you shouldn't be logged in as root, because root has privileges ordinary users don't, and you can inadvertently mess up your computer system if you have those privileges. Use

only those tasks that need to be done by the system administrator, and then exit back to your normal user status.

If you set up a Unix system for yourself, you need to become the system administrator or superuser and learn to do the various system-administration tasks necessary to maintain your computer in a secure and useful condition. Fortunately, there are several informative reference books on Unix system administration available (several by O'Reilly), and an increasing number of easy-to-use graphical system-administration tools are included in every Linux distribution.