In Lesson 20, “File I/O and OS Operations,” we covered the use of files. A part of that use involved setting file permissions. In this appendix, we provide additional information about file permissions and access rights.

In general, each file has associated permissions that define how a user can interact with the file. In a Unix-like OS such as Linux, for example, there are three different access rights for files:

• Read Allows the user to read the file without making any changes.
• Write Allows the user to make changes to the file, including deleting the file itself. To have write privileges on a file, the user must have write privileges on the parent directory as well.
• Execute Allows the user to execute binary files and shell commands.

The access rights for each file are defined for three categories of users:

• The Owner of the File This is typically the user who created the file, although ownership can be transferred between users. The owner is represented by the letter u (for user).
• The Group to which the User Belongs In Linux, you can create a group of users who should all have the same access rights. For example, you can define a group for administrators who need to be able to execute commands and another group for users who only need to be able to view files on the server. Groups are represented by the letter g (for group).
• All Other Users Other users are represented by the letter o (for other).

In Linux, you can display the access right for each user by using the ls command. Use the ls command with the -l option to display user access rights to each object in the current directory. To see how this works, Figure A.1 shows an example of a Linux file named file.txt in the root directory. This shows the result of entering the following command at the root command line:

ls -l

To the left of the filename in Figure A.1, you will see the file permissions defined as follows:

-rw-rw-r--

The first dash refers to a file type. A plain file is represented by a - (hyphen) and directories are represented by d. The character c is used for character-device files, b is used for block-device files, s is for a local socket, p represents a named pipe, and l represents a symbolic link.

The –rw-rw-r-- values represent read, write, execute for the three types of users mentioned earlier:

-rw- rw- r--
uuu ggg ooo

• rw- (uuu) Read, write, execute for the owner of the file or directory. In this case, the user can read and write, represented by r and w, and the dash indicates that the user does not have execute rights.
• rw- (ggg) Read, write, execute for the group that the owner belongs to. In this case, the group has read and write, represented by r and w, and does not have execute rights, indicated by the final dash.
• r-- (ooo) Read only. Both write and execute are represented by a dash.

CHANGING OTHER USER ACCESS RIGHTS IN LINUX

In Linux, the chmod command can be used to change the access permission for files and directories. This command can be used to remove all access rights to other users by providing the empty access right for o (others), as evidenced by the change from -rwxr--r-- to -rwxr-----. With this change, file.txt can no longer be accessed by other users.

You can also combine access rights for different types of users. For example, the following command can be entered for the results shown in Figure A.2:

chmod og=r file.txt

In this example, we assigned read access rights to the group and to other users. Note that the permission settings on file.txt change from -rwxr----- to –rwxr--r--.

DIGITAL REPRESENTATION FOR PERMISSIONS

You can use a digit representation of the permissions using the values shown in Table A.1. For instance, the permissions –rw-rw-r-- of the text file can be represented as 664:

• 6 for the permission for the current user (read and write: rw-)
• 6 for the permission of the group that the user belongs to (read and write: rw-)
• 4 for the permission of all the other users (read: r--)