Permissions

From MEPIS Documentation Wiki

Jump to: navigation, search

Contents

Basic permissions

The default file permissions structure in Linux is fairly simple, but more than adequate for most situations. For each file or folder, there are three permissions that can be granted, and three entities that they are granted to. The permissions are:

  • Read permission means that data can be read from the file; it also means the file can be copied.
  • Write permission means that the file or folder can be changed, appended, or deleted. For folders, it specifies whether a user can write to files in the folder.
  • Execute permission means whether or not the user can run the file as a script or program. For folders, it determines whether or not the user can enter the folder and make it the current working directory.

These permissions can be granted to:

  • owner
  • group
  • others

Every file and folder acquires a single user designated as its owner when it is created on the system. It also has a single group designated as its group, by default the group to which the owner belongs. The permissions you grant to "others" affect everyone who isn't the owner or in the group.

Viewing and changing permissions

GUI method

To view or change a file's permissions in KDE, right-click the file and select "Properties". Click the "Permissions" tab. Here you can view the permissions granted to the owner, group, and others entities. For files, you can check the box to make them executable, and for folders you can check a box to limit the deletion of files inside it to the owners (i.e. set the sticky bit). Alternately, you can click "Advanced Permissions" and see the permissions grid for the file.

See also KUser and MEPIS User Assistant

CLI method

To view permissions on the command line, use "ls -l". The -l switch will cause ls to list files in long format, displaying their permissions. You will see a listing like this:
-rwxr-xr-x 1 jdoe users 43321 2007-04-28 23:12 somefile.txt
The "-rwxr-x-r-x" bit shows us the permissions for owner, group, and others; the owner has read, write, and execute; the group has read and execute; others have read and execute. The owner in this case is "jdoe", and the group is "users".

Setting access permission on the command line is done with the Chmod command. For details on using chmod, see the man page or this tutorial. To change the actual ownership of files, use Chown.

Managing users and groups

To manage users and groups, there are two tools. The first, MEPIS User Assistant, is best used to add or remove users. Its interface is intuitive.

The other tool is Kuser, part of KDE. It is particularly useful for handling advanced permissions. To open it, click Menu --> System --> More applications --> User Management (KUser) to start it up, then Help --> KUser Handbook for orientation.

If you need more advanced permissions options, you can optionally configure support for access control lists.

Advanced permissions

There are three special permissions that can be set in addition to the nine above. They are setUID, setGID, and sticky.

  • If the setUID permission is activated, the file will execute with the credentials of the owner, regardless of who executes it (for example, if a file is owned by root and setUID is on, anyone executing the file will do so with root credentials).
  • If the setGID permission is activated, the file will execute with the credentials of the file's group, regardless of whether the user executing it is in that group or not.
  • The sticky bit means nothing on files; but on a folder, it specifies that only the owner (or root) of a file or subfolder may delete it, even if other users have write permissions on the folder.

Links

Personal tools
In other languages