How file and directory permissions work (II)

linux user permissions

Long ago, in our post How file permissions work in Linux (I) We saw a beginning to understand how to work with access permissions in our preferred operating system. We tried to be simple to be able to effectively reach those who have just made their first weapons on this platform, however, as in almost all topics, we have the possibility of reaching a more advanced level, and little by little we will see it.

We were left with what the command "ls -l" shows us, after which we obtain a detail of all that the system has established for each of the directories, subdirectories and files. But all these permissions can not only be set with the letters r, w and x that indicate reading, writing and execution respectively, but we can also use the numeral nomenclature of permissions, something that we are going to see in this post and that later will allow us to work with umask, a functionality that will define the permissions that each file that is created in a certain directory in Linux.

But first things first, let's see what those numbers mean that we sometimes see when talking about the chmod command, which has a syntax like the one below:

chmod [options] file mode.

So, surely we have ever seen something like: chmod 755 ~ / Downloads / DTStoAC3.

What has been done there is to grant read and execute permissions for all users who access the system (public) and for those who are part of the group of the user who owns the file, who also has write permission, and therefore is the only one who can modify the file content. To understand this we should go by parts, and for this we already saw in the previous post that it is convenient for us to separate the nine indicators into three groups: owner, group and others.

The owner is the creator of the file or the owner of the user account in whose folders they are created, and the usual thing is that it can perform all the operations on these files. The group permissions determine what a user can do, who is part of the same group as the user who owns the file, and the permissions for others imply what any user who accesses our system can or cannot do.. Here there is a substantial difference between files and directories, more than anything in relation to the execution permission (the read and write permission are quite clear in both cases) and that is that when you have it for a file it can be executed or launched ( for example, a program that is part of the operating system or a game) while In the case of a directory, the execution permission will allow us to make a list of it (that is, make "ls" to see what is inside it).

What determines this number that we sometimes see is the sum of the binary orders of the permissions, and it is that each one of them has the value assigned to it by its position. A) Yes, rwx, both for owner and group and for others, can be seen as 4, 2, 1, which is the nominal value of each of them, and then the total sum gives 7 when you have all the permissions on a certain file or directory, it gives 6 when you have read and write permissions (since r is worth 4 and w is 2), 5 when you have the read and execute (since r is 4 and x is 2), 4 when you only have the read, 2 when you only have the write and 1 when you only have the execution . We have a good example to understand this in the image that accompanies this post, where it is well demonstrated how to arrive at number 755; In a next installment, and having already understood how permissions work both in their numeral and letter nomenclature, let's see how to change user permissions in Linux.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.