Why Can t I Edit This File? How Permissions Work

Previous page
Table of content
Next page

Why Can't I Edit This File? How Permissions Work

If there's one thing that is important to know about Linux, it is that everything on your computer exists as a file. Your printer, sound card, hard-drive partitions, monitor, directories a file on your system represents that item. And each file has rules about who can access it and in what manner.

In this section, you will get an introduction to permissions. This is covered in more depth in Chapter 19. No matter what your skill level is, you should read the "User Accounts and Permissions" section of that chapter.

Linux is a multiuser operating system, with a minimum of two users on any machine: the Root user and a "generic user.

Note

The Root user is also the SuperUser when logged in as such, and other users can become the SuperUser with the Root password.


Each file (again, that means everything on your system) has an owner and is assigned to a group when it is created. Read, write, and execute permissions are set for three types of user: Owner, group, and the rest of the world.

The ls -l (long format) directory listing command displays the permissions for each file. To see the system default permissions for a file, use the touch command to create an empty file and then run ls -l, like this:

touch file mikemc@linux:~> ls -l file -rw-r--r--    1 mikemc   users           0 2004-12-08 09:43 file

Tip

Touch will also change the access time of any existing file.


Looking at this listing, you see a 10-character block of dashes and letters (-rw-r--r--). These characters identify the permissions for this file.

The first character in the block indicates whether it is a special file in some way (d identifies it as a directory, c is for a character device, and b is for a block device, such as a hard drive). We know this is a plain data file because there is a dash, noting it is not any of these special types.

The default permissions for this file show us that the Owner of the file can Read and Write it (rw-); it is Read-Only (r--)for both the Group and Others (the rest of the world). If this was supposed to be an executable program file, a problem would exist, because no one has permission to execute it.

The next columns tell us other important things about this file:

  • The number next to the permissions block shows the number of hard links to a file.

You may better understand this as the number of copies of this file that exist on the system. Files almost always have just one link/copy. Directories nearly always have at least two because it is linked in its parent directory.

  • After the link counter, you see the Owner of the file. Because we created the file logged in as user mikemc, mikemc is the owner. In this case, this user is the only person who can edit this file (that is, make changes to and write back to the hard drive). The owner can be changed by either the current owner or by Root using the chown command.

  • After the Owner is identified, you see the group (users) assigned to this file. This means that all users on the system can read the file, but cannot write (save changes) to it. As with any read-only file, other users can save changes in a different location or with a different filename. The group assignment can be changed by the owner or by Root using the chgrp command.

  • The file size and creation date are defined in the last columns. This file is empty, but the size is defined in bytes.

Changing Permissions

When you are the owner of a file (or the SuperUser), you have the right to make that file more (or less) accessible by adjusting its permissions. You do that with judicious use of the chown (Change Owner), chgrp (Change Group) and chmod (Change Mode) commands.

Note

You can make these changes in any of the GUI file managers (Konqueror, Nautilus, and so on) by opening the Properties dialog box of a file (or group of files). See Chapter 18.


To make user2 the owner of the file we created in the last section, type the following:

chown user2 file

Caution

If your system administrator has imposed disk quotas for users, only Root can change owners. This prevents you from exceeding your quota by fobbing off your excess files on another user. Disk quotas are covered in Chapter 18.


This works for multiple files, too. Name each file or use wildcards to specify similar files. For example, if you have a bunch of files in this directory that begin with "file" and you want to change ownership of them, modify the previous command to

chown user2 file*

As with many Linux commands, when you run this command the shell prompt will reappear unless there is a problem or error.

Our file allows only the owner to make changes (write) to the file. If you want anyone in the writers group to be able to edit it directly, you should change the group assigned to this file from users (which are all system users) to writers (a previously defined select group of users):

chgrp writers file

Caution

chgrp works only if you are both the Owner of a file and a member of the group you're changing to. If you want to change permissions to a different group, you may be able to use the newgrp command to temporarily join that group, if you know the group password. Otherwise, Root must make the change.


But we're not done; the group permission is still set for Read-Only. We complete the task here:

chmod g+w file

As noted in the previous section, permissions are defined as Read, Write, and eXecute--rwx. With the g+w switch, we've told chmod to add (+) Write (w) privileges to the group (g).

The choices for chmod include the following:

u user

g group

o others

a all users

Plus sign (+) add a Read, Write, or eXecute permission

Minus sign (-) remove a Read, Write, or eXecute permission

Some people prefer using octal (base 8) numbers when using chmod. This way, instead of adding or subtracting individual permissions, you can specify exactly what you want them to be when you complete the command. Using octals to make the same change we made previously, the command looks like this:

chmod 664 file

Why these numbers? Each digit represents one set of permissions: Owner Group Others. Each number represents the rights each entity has

4 = Read permission

2 = Write permission

1 = Execute permission

Add each permission number to signify the permission level the file should have. So, as shown, the Owner and Group has Read and Write (4+2=6); Others just has Read.

To confirm the changes you've made, just run ls -l again.

Directory Permissions

Directories also have permissions assigned to them. Use ls -dl (d for Directory, l for Long version) to see the permissions of your current directory (most likely, the home directory). You should see something like this:

drwxr-xr-x   64 mikemc   users        4056 2004-12-09 15:02

The distinguishing mark here is the leading d in the permissions block. This tells you that you are looking at a directory. Looking carefully, you can see that the Owner (mikemc) can do everything (rwx), whereas the Users group and Others can read a list of the directory's contents. You have to have execute rights (r-x) to view directory contents. Looking at this octally, permissions are set at 755.

You can perform the same permission changes on directories as with files, using the same tools, provided you have the rights to do so.


Previous page
Table of content
Next page
SUSE Linux 10 Unleashed
SUSE Linux 10.0 Unleashed
ISBN: 0672327260
EAN: 2147483647
Year: 2003
Pages: 332
Authors: Mike McCallister
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
C++ GUI Programming with Qt 3
Visual C# 2005 How to Program (2nd Edition)
Information Dashboard Design: The Effective Visual Communication of Data
802.11 Wireless Networks: The Definitive Guide, Second Edition
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy