Do I Have Permission?

Posted: 23 Feb 2005

Part of what makes Linux so much more secure than proprietary operating systems is its filesystem permissions. However, this is sometimes a difficult concept for some people who are newer to Linux. The aim of this guide is to make this concept easy for these types of users.

The illustrations in this guide were created in Gnome, the default window manager installed with Novell Linux Desktop. That in mind, the concepts discussed here are also true in KDE and many other window managers.

First, open your HOME directory:

The File Browser opens, showing the contents of your home directory:

Over at the right of the window, there's a drop-down box that says VIEW AS ICONS in it. Click on this, and select VIEW AS LIST. The layout changes:

Now, go up to the VIEW menu, and select VISIBLE COLUMNS. In the window that appears, put a check in the PERMISSIONS box. When done, click CLOSE:

Your window should now look like this, with the new PERMISSIONS column at the far right:

You will notice that in this column there are rows of letters. These letters describe the access permissions of the corresponding files and directories in the list. The 'd' just means that the item is a directory. Generally, the other letters will be an 'r', a 'w', or an 'x':

These letters determine whether or not access has been granted to a user or group of users. There are three types of permissions and three types of users. Let's take a closer look at these permissions and users.

First, create a test file that to use for practice. In the File Browser window, right-click below the bottom file. Select CREATE DOCUMENT, and then EMPTY FILE:

A new file appears. Right-click on this file and select PROPERTIES:

In the PROPERTIES window that appears, click on the PERMISSIONS tab:

In the top section, it lists the owner of the file, and the group to which the file belongs.

In the second section, it outlines the permissions. The OWNER line shows which permissions the owner of the file has. This file also belongs to a group. The GROUP line shows what things the users in this group can do to the file. The OTHERS line shows what everyone else can do to the file.

All of these types of users (owner, group, others) have different levels of access to the file. There are three types of these access permissions: READ, WRITE, and EXECUTE. The letters 'r', 'w', and 'x' are representative of these types of access.

The READ permission either grants or denies the ability to view the contents of a file. If this were a text file, it would basically mean whether or not we could open the file and view what's inside of it.

The WRITE permission has to do with saving the file. Let's say this was a text file. If I have the READ permission, I can open it. So I do, and I notice that something in it is misspelled. So, I fix the spelling. Naturally, I would want to save the change back out to the file. If I have the WRITE permission, I can save the change. If I do not have the WRITE permission, I cannot.

Lastly, the EXECUTE permission tells whether or not we can execute or run the file. If it is a script or a program, we might want to control who can run it.

So, we can see that there are three types of users that may want to have access to the file: the owner, the group to which the file belongs, and everyone else.

These permissions are also represented in condensed form at the bottom of this window.

The TEXT VIEW has ten spaces. The first is for a 'd' if it is a directory. This is a file, so the 'd' is not present.

The remaining nine spaces correspond to the nine checkboxes above. The first group of three spaces describe the OWNER's permissions. The next group of three show the GROUP permissions. The last three show the permissions of OTHERS, or everyone else. These spaces may have the letters 'r', 'w', and 'x' in them. The letters represent READ, WRITE, and EXECUTE, as we discussed above.

An even more condensed way of viewing these permissions is represented in the NUMBER VIEW. The first number represents the OWNER's permissions, the second represents the GROUP permissions, and the third represents everyone else's permissions.

In the number view, the permissions are added together to display the number that is shown. The 'r' permission has a value of four. The 'w' permission has a value of two. The 'x' permission has a value of one.

Check and uncheck the nine checkboxes above. The TEXT VIEW and NUMBER VIEW values will change to match the permissions you set for the file.

This system may seem a little complex. However, the complexity is necessary. After all, you wouldn't want to give everyone all access to all files and directories. The system would become compromised very quickly. As the owner of a file or directory, however, you would want to have full access to change it as you need to. Though you may not want to give the entire world permission to view the file, you may want to give it to a select group of users. Once the filesystem permissions are understood, it is actually quite easy to set up proper access for the different sets of users. Hopefully, this tutorial has been simple enough to introduce how and why these types of access are needed.

Informacja z serwisu