Now that you have a thorough understanding of how to understand the permission system in Linux, we can work on actually changing the permissions of objects. To do so, we have two commands: chmod and chown. The chmod command is the one we'll use to modify the permission string of an object. The chown command is what we'll use to change the owner or group of an object.
In order to understand these concepts better, create some spare files and directories anywhere on your system so that you aren't modifying any critical component. You can set up a little lab in your home directory, for example, and create several files to modify their permissions. To start with, we'll walk through the basic usage of the chmod command.
For instance, let's assume that we have the following output of the ls -l command in our current working directory:
drwxr-xr-x 4 Sally users 4096 Dec 31 13:54 Budget drwx--- 11 Tom users 4096 Dec 24 14:11 Music
In the preceding example, we see that Sally is allowing everyone to see her Budget files. This may not be what she wants. If Sally wants to make her Budget files private (and she should), the following command would do the trick:
chmod 700 -R Budget
So what exactly did that command do? The chmod command changes permissions, and in this case, Sally is applying the numerical permission of 700 to the Budget folder. Since the r bit is worth 4, the w bit is worth 2, and the x bit is worth 1, the first digit of 7 means full control. The first digit in the numerical value of 700 refers to the user, so Sally is giving herself full access to the folder. As the second and third digits are 0, both the group and other categories are denied any access. If Sally were to list the contents of the working directory, the permission string for the Budget directory would now be changed to the following command:
-rwx---
Sally also added the -R flag to the command. The -R flag clarifies that Sally not only wants to change the permissions of the Budget folder, but everything inside it as well. If Sally were to omit the -R flag, it would have changed the permissions for the Budget folder itself but not the contents. In this example, Sally could have omitted the -R flag, as neither Group nor Other are given execute permissions (which means that they can't enter the directory anyway). Adding the flag makes the
[ 174 ]
Numerically, however, this is not the only way to use the chmod command. Let's take Tom's Music folder as an example. In the previous sample output, the permission string for Tom's Music folder is drwx---. As you can see, only Tom can access it. However, what if Tom wanted to share his music collection with other users on the system? Tom could use the chmod command with a numerical value of 755 (which would give Group and Other access to read and enter into the Music folder, though not change it), or he could use the chmod command with a numerical value of 777 to give everyone complete access. You can actually explicitly state which category of permissions you would like to change by clarifying the bits. For example, consider the following chmod command:
chmod g+rx -R Music
In the preceding example, g represents group, and the +rx portion of the command means we're adding the read and execute bits. Now, all members of the users group can view the contents of this Music folder. If we changed our mind and wanted to reverse the changes, use the following command line:
chmod g-rx -R Music
The directory's permission string returns to the way it was. The chmod command can be used with the numerical system or by calling out the bits themselves. You can modify permissions clarifying u for User, g for Group, and o for Other. Then, you can add (+) or remove (-) permission bits: r for Read, w for Write, and x for Execute. As mentioned earlier, the -R flag applies the changes to the contents of a directory as well. If it were a file whose permission you were modifying, you would omit the -R flag. Permissions in Linux are an important concept to master. Feel free to practice with files on your own system until you learn the concepts. It may be tricky at first, but with a little bit of practice, the concepts will become clear.
Summary
In this chapter, we started off with a walkthrough of creating new users. We explored how to do so using Mint's handy Users and Groups tool as well as via the shell. Then, we explored removing a user permanently as well as blocking access on a temporary basis. Next, we went over groups in Linux and how to add and remove them. Our journey then explored how to run commands as other users, and then we had a more in-depth look at the sudo command and how to configure it. This chapter then ended with a detailed look at how permissions in Linux are handled.
In the next chapter, we will explore networking in Mint, including connecting to wired and wireless networks, setting up a static IP, accessing your system via SSH, as well as sharing files.