لطفا منتظر باشید ...
Who Goes There?
Unlike some operating systems we could name (such as . . . oh, Microsoft Windows, f’rinstance), UNIX was designed from the beginning to be used by more than one person. Like all multi-user systems, UNIX keeps track of who owns what file and who can do what with each file. Permissions attached to each file and directory determine who can use them.Permissions come in three types:Read permission: Enables you to look at a file or directory. You can use cat or a text editor to see what’s in a file that has read permission. You also can copy this type of a file. Read permission for a directory enables you to list the directory’s contents.
Write permission: Enables you to make changes to a file. Even if you can write (change) a file, you can’t necessarily delete it or rename it; for those actions, you must be able to write in the directory in which the file resides. If you have write permission in a directory, you can create new files in the directory and delete files from it.
Execute permission: Enables you to run the program contained in the file. The program can be a real program or a shell script. If the file doesn’t contain a program, execute permission doesn’t do you much good and can provoke the shell to complain bitterly as it tries (from its rather dim point of view) to make sense of your file. For a directory, execute permission enables you to open files in the directory and use cd to get to the directory to make it your working directory.
Rock groups, pop groups, and UNIX groups
Every UNIX user is a member of a group. When the system administrator created your username, she assigned you to a group. To see which group you’re in, type
id
You see something like this: uid=113(margy) gid=102(guest) groups=102(guest),101(book), 103(cheese)
Groups usually indicate the kind of work you do. UNIX uses groups to give a bunch of people the same permissions to use a set of files. All the people who work on a particular project are usually in the same group so that they can look at and perhaps change each other’s files.If you are part of the accounting department, for example (it’s a dirty job, but someone has to do it), you and the other accounting staff members may need read, write, and execute access to basically the same files. People in other departments should not have the same access to accounting programs and data. The system administrator probably made a group called something like acctg and put all you accounting boys and girls in it.Linux In Linux and BSD, you can be in several groups at a time, which is handy if you’re working on several projects. To find out what groups you’re in, type groups.
That’s mine!
Every file and directory has an owner and a group owner. The owner is usually the person who made the file or directory, although the owner can sometimes change the ownership of the file to someone else. The group owner is usually the group to which the owner belongs, although the owner can change a file’s group owner to another group.If you use Linux or System V, you can change who owns a file with the chown command (described later in this chapter).
Who can do what?
To see who can do what to a file, use the ls command with the -l option. Type this line:
ls -l myfile
You see something like this: -rw-r--r-- 1 margy staff 335 Jan 22 13:23 myfile
If you don’t specify a filename (in this case, myfile ), UNIX lists all the files in the directory, which is often more useful. For every file, this listing shows all the following information:
Whether it’s a file, symbolic link, or directory. The first character in the line is a hyphen (-) if it’s a file, an l if it’s a symbolic link, and a d if it’s a directory.
Whether the owner can read, write, or execute it (as shown by the next three characters, 2 through 4, on the line). The first character is an r if the owner has read permission or a hyphen (-) if not. The second character is a w if the owner has write permission or a hyphen (-) if not. The third character is an x (or sometimes an s) if the owner has execute permission or a hyphen (-) if not.
Whether the members of the group owner can read, write, or execute the file or directory (as indicated by the next three characters, 5 through 7). An r, w, or x appears if that permission is granted; a hyphen (-) appears if that permission is not granted.
Whether everyone else can read, write, or execute the file or directory (as indicated by the next three characters, 8 through 10). An r, w, or x appears if that permission is granted; a hyphen (-) appears if that permission is not granted.
The link count, that is, how many links (names) this file has. For directories, this number is the number of subdirectories the directory contains plus 2 (don’t ask).
The owner of the file or directory.
The group to which the file or directory belongs (group owner).
The size of the file in bytes (characters).
The date and time the file was last modified.
The filename — at last!
Permissions by number
Figuring out which permissions a file has by looking at the collection of rs, ws, and xs in the file listing is not too difficult. Sometimes permissions are written another way, however: with numbers. Only UNIX programmers could have thought of this method. (It’s an example of lazy typists at their finest.) Numbered permissions are sometimes called absolute permissions (perhaps because they are absolutely impossible to remember).
Technical Stuff Why those numbers?
You may well ask why those particular numbers are assigned to permissions. They weren’t assigned at random. For those of you who remember New Math from fourth grade, all this makes sense if you think in binary (base 2).Think of every permission digit as a three digit binary number, like 010 (that’s binary for 2). The first digit is 1 if you have read permission, or 0 if you don’t. The second digit is 1 if you have write permission, or 0 if you don’t. The third digit is 1 if you have read permission, or 0 if you don’t.So, the permission digit 6, which is 110 in binary, means that you can read and write, but not execute. If this subject still doesn’t make sense, find a fourth-grader to work it out for you.
When permissions are expressed as a number, it’s a three-digit number. The first digit is the owner’s permissions, the second digit is the group’s permissions, and the third digit is everyone else’s permissions. Every digit is a number from 0 to 7. Table 5-1 lists what the digits mean.
Digit | Permissions |
|---|---|
0 | None |
1 | Execute only |
2 | Write only |
3 | Write and execute |
4 | Read only |
5 | Read and execute |
6 | Read and write |
7 | Read, write, and execute |
If Mom says no, go ask Dad
If you own a file or directory, you can change its permissions. You use the chmod (for change mode) command to do it. You tell chmod the name of the file or directory to change and the new permissions you want the file to have for yourself (the owner), your group, and everyone else. You can either type the numerical absolute permissions (such as 440) or use letters.
To use letters to type the new permissions, you use a cryptic collection of letters and symbols that consists of the following:
Whose permissions you are changing: u for user (the file’s owner), g for the group, o for other (everyone else), or a for all three.
If the permission should be on or off: + (on, yes, OK) or - (off, no, don’t let them).
The type of permission you’re dealing with: r for read, w for write, and x for execute.
Type the following line, for example, to allow everyone to read a file called announcements :
chmod a+r announcements
This line says that the user or owner, the group, and everyone else can read the file. To not let anyone except the user or owner change the file, type
chmod go-w announcements
You can also use numeric (absolute) permissions with chmod . To let the user or owner and associated group read or change the file, type
chmod 660 announcements
This line sets the owner permission to 6 (read and write), the group permission to 6 too, and everyone else’s permission to 0 (can’t do anything).You can change the permissions for a directory in exactly the same way you do for a file. Keep in mind that read, write, and execute mean somewhat different things for a directory.
Finding a new owner
Linux When someone gives you a file, he usually copies it to your home directory. As far as UNIX is concerned, the person who copied the file is still the file’s owner. In Linux and System V, you can change the ownership of a file you own by using the chown command. (BSD users have to get the system manager’s help to change a file’s owner.)
You tell chown the new owner for the file and the filename or filenames whose ownership you are changing, as shown in this example:
chown john chapter6
This command changes the ownership of the file named chapter6 to john . Keep in mind that only you can give away files you own; if you put a file in someone else’s directory, it’s polite to chown the file to that user.Tip Another way to change the owner of a file is to make a copy of the file. Suppose that Fred puts a file in your home directory, and he still owns it. You can’t use chown to change the ownership because only the owner can do that (we have a chicken-before-the-egg problem here). You can get ownership of a file if you copy the file. When you copy a file, you own the new copy. Then delete the original.
File seeks new group; can sing, dance, and do tricks
If you own a file or directory, you can change the group that can access it. The chgrp command enables you to change the name of the group associated with the file, as shown in this example:
chgrp acctg billing.list
This command changes the group associated with the file billing.list to the group called acctg .
