Do I Have Permission?
Posted: 23 Feb 2005
Part of what makes Linux so much more secure than proprietary operating
systems is its filesystem permissions. However, this is sometimes a difficult
concept for some people who are newer to Linux. The aim of this guide is to make
this concept easy for these types of users.
The illustrations in this guide were created in Gnome, the default window
manager installed with Novell Linux Desktop. That in mind, the concepts
discussed here are also true in KDE and many other window managers.
First, open your HOME directory:
The File Browser opens, showing the contents of your home directory:
Over at the right of the window, there's a drop-down box that says VIEW AS
ICONS in it. Click on this, and select VIEW AS LIST. The layout changes:
Now, go up to the VIEW menu, and select VISIBLE COLUMNS. In the window that
appears, put a check in the PERMISSIONS box. When done, click CLOSE:
Your window should now look like this, with the new PERMISSIONS column at the
far right:
You will notice that in this column there are rows of letters. These letters
describe the access permissions of the corresponding files and directories in
the list. The 'd' just means that the item is a directory. Generally, the other
letters will be an 'r', a 'w', or an 'x':
These letters determine whether or not access has been granted to a user or
group of users. There are three types of permissions and three types of users.
Let's take a closer look at these permissions and users.
First, create a test file that to use for practice. In the File Browser
window, right-click below the bottom file. Select CREATE DOCUMENT, and then
EMPTY FILE:
A new file appears. Right-click on this file and select PROPERTIES:
In the PROPERTIES window that appears, click on the PERMISSIONS tab:
In the top section, it lists the owner of the file, and the group to which
the file belongs.
In the second section, it outlines the permissions. The OWNER line shows
which permissions the owner of the file has. This file also belongs to a group.
The GROUP line shows what things the users in this group can do to the file. The
OTHERS line shows what everyone else can do to the file.
All of these types of users (owner, group, others) have different levels of
access to the file. There are three types of these access permissions: READ,
WRITE, and EXECUTE. The letters 'r', 'w', and 'x' are representative of these
types of access.
The READ permission either grants or denies the ability to view the contents
of a file. If this were a text file, it would basically mean whether or not we
could open the file and view what's inside of it.
The WRITE permission has to do with saving the file. Let's say this was a
text file. If I have the READ permission, I can open it. So I do, and I notice
that something in it is misspelled. So, I fix the spelling. Naturally, I would
want to save the change back out to the file. If I have the WRITE permission, I
can save the change. If I do not have the WRITE permission, I cannot.
Lastly, the EXECUTE permission tells whether or not we can execute or run the
file. If it is a script or a program, we might want to control who can run
it.
So, we can see that there are three types of users that may want to have
access to the file: the owner, the group to which the file belongs, and everyone
else.
These permissions are also represented in condensed form at the bottom of
this window.
The TEXT VIEW has ten spaces. The first is for a 'd' if it is a directory.
This is a file, so the 'd' is not present.
The remaining nine spaces correspond to the nine checkboxes above. The first
group of three spaces describe the OWNER's permissions. The next group of three
show the GROUP permissions. The last three show the permissions of OTHERS, or
everyone else. These spaces may have the letters 'r', 'w', and 'x' in them. The
letters represent READ, WRITE, and EXECUTE, as we discussed above.
An even more condensed way of viewing these permissions is represented in the
NUMBER VIEW. The first number represents the OWNER's permissions, the second
represents the GROUP permissions, and the third represents everyone else's
permissions.
In the number view, the permissions are added together to display the number
that is shown. The 'r' permission has a value of four. The 'w' permission has a
value of two. The 'x' permission has a value of one.
Check and uncheck the nine checkboxes above. The TEXT VIEW and NUMBER VIEW
values will change to match the permissions you set for the file.
This system may seem a little complex. However, the complexity is necessary.
After all, you wouldn't want to give everyone all access to all files and
directories. The system would become compromised very quickly. As the owner of a
file or directory, however, you would want to have full access to change it as
you need to. Though you may not want to give the entire world permission to view
the file, you may want to give it to a select group of users. Once the
filesystem permissions are understood, it is actually quite easy to set up
proper access for the different sets of users. Hopefully, this tutorial has been
simple enough to introduce how and why these types of access are needed.
|