| The easiest way to learn Linux permissions is | | | | launched. |
| from an example. The ls -l command generates a | | | | Linux defines permissions for directories that are |
| list of contents, such as files along with their | | | | similar to but not exactly the same as the file |
| permissions. Let's take a look at the default | | | | permissions. A read permission on a directory |
| values for a file called Filename. We are adding | | | | means that its contents may be listed. A write |
| spaces to make the output more legible. | | | | permission on a directory means that the user |
| - rw- r-- r-- other information about the file | | | | can modify its contents, by adding, deleting, or |
| Filename | | | | renaming files. An execute permission on a |
| The initial - signifies that this is a file (not a | | | | directory means that it may be accessed, in |
| directory). The next three characters refer to the | | | | other words made the current working directory. |
| file permissions for the file owner, in many cases | | | | Permissions may be changed via the chmod |
| the person who created the file. The values rw- | | | | command as in the example chmod 770 Junque |
| signify that the owner has read and write | | | | which gives read, write, and execute permissions |
| (modify) permission but not execute permission. | | | | to the file owner and members of the ownership |
| Had these values been r-x the owner would be | | | | group but no permissions to anyone else. Not |
| able to read and execute the file (program) but | | | | everyone likes working with these numbers. The |
| not modify it. The second set of values r-- signify | | | | symbolic mode uses letters and the plus and |
| that the members of the group associated with | | | | minus signs to change permissions. |
| this file have read but not write or execute | | | | The following command removes the write |
| permission. The third set of values also r-- signify | | | | permission from the user (owner) of the Perm file |
| that other users have read but not write or | | | | chmod u-w Perm. To add the execute permission |
| execute permission. | | | | for others, people who do not belong to the |
| Permissions are often handled numerically. The r | | | | group that owns the file apply the command |
| has a value of 4, the w has a value of 2, and the | | | | chmod o+x Perm This command only makes |
| x has a value of 1. In all cases the lack of | | | | sense if the Perm file is executable. Furthermore, |
| permission has the value 0. So rw- has the value | | | | under most circumstances the file owner and his |
| 6 and r-- has the value 4. In the above example | | | | or her group will have more permissions that the |
| the permissions may be expressed as 644. The | | | | others. Linux doesn't always check to see that |
| full set of permissions for everyone is expressed | | | | your command really makes sense. Do you think |
| as 777 (not usually a good idea). | | | | that Windows is more intelligent in this respect? |
| Note that the root user's permissions aren't listed. | | | | The chown command is used to change the |
| This shouldn't be surprising because root has | | | | ownership of a file or a directory. The chgrp |
| essentially complete permissions. But even root's | | | | command is used to change the group ownership |
| doesn't have execute permissions for a file it | | | | of files and directories. These commands might |
| creates. This permission must be added in a | | | | be used when a project passes from the |
| separate step. Why? This two-step procedure has | | | | development to the testing stage. Needless to |
| important security implications. Let's say that | | | | say only the system administrator can execute |
| someone, perhaps root, has received an email | | | | these commands. |
| that contains a virus-infested executable program. | | | | Of course there is more to Linux permissions and |
| The program cannot be executed without the | | | | groups but we have covered the basics. The next |
| explicit permission of root or the recipient. If the | | | | article in this series discusses inodes, a topic that |
| user doesn't know what to do the virus won't be | | | | is sorely missing from the Windows bag of tricks. |