Users, groups and permissions - page 2
Carrying on from the users and groups discussion on page 1, this article introduces permissions, what they are and in what way they apply.
In the latter half of page 1, we talked about sharing a folder with the 'www-data' group. It would seem reasonable that to allow this folder to be shared we need to set some permissions - allowing some users and groups access and denying others.
Linux uses three sets of permissions for each file and directory. One set of permissions for the user, one for the group and one for everybody else (we'll call this lot 'other').
Within each of the three sets of permissions, there are three types of permission to set - read, write and execute.
Types of permissions:
Let's start with the types of permission:
- read (r) - allows the file to be read
- write (w) - allows the file to be written to (i.e. modified)
- execute (x) - allows the file to be executed (if it is a script or binary)
If you set all three types of permission to a file then it could be read, written to and, if it was a script, executed. Now it would be a bit silly if we set all of these permissions on all files and folders. So we can choose what we set and what we don't.
Now for some easy maths: each type of permission equates to a number, for example, read (r) permission is 4, write (w) is 2 and execute (x) is 1.
If a file has r, w and x permissions it would give a total of 7 (4 + 2 + 1)
If a file has r, w but no x permission would give a total of 6.
If a file has r, but no w or x permissions it would give a total of 4.
And so on. You can mix and match r, w and x as much as you want. It will always be a number between 0 (no permissions at all) and 7 (all permissions). I sometimes find it easier to visualise the permissions:
It's a foolproof way of assigning permissions. Not many options and pretty easy to work out.
Sets of permissions:
Earlier I mentioned 3 sets of permissions, each with 3 types of permissions. Well, we've dealt with the types, so lets look at the three sets:
- user - the individual user, such as 'paul'
- group - a group of users, such as the group 'www-data'
- other - all other users and groups not defined above
In page 1 we looked at users and groups and I'm sure the 'other' set needs no more explanation (it's everyone else).
When permissions are placed on a file they are set in the order shown above, i.e. user, group, other.
So, if I showed you a file with permissions of 777, what would you think?
Take it one number at a time. We know that 7 means r, w and x and we now know what order the sets of permissions are set.
So it means that the user, group and other all have universal permissions.
Obviously, it is rare to have a file or folder with 777 permissions as anyone could do anything. More commonly would be permissions set at 644 which would mean.... no, I'll let you work that out.
Again, visualisation of the permissions may help. So 765 could look like:
The 'user' has universal rights, 'group' has r and w while 'other' has r and x.
Referring to the image above, a format you might see on a server would be:
rwxrw-r-xWe'll leave the theory there. Quite a lot to get through but as I said right at the beginning, these concepts are the building blocks of the Linux OS and are the key-stone for all security measures on your VPS and server.
The next (and final!) article in this mini-series will be a practical example of setting and changing permissions and making sure all files in a folder have the same permissions.
PickledOnion.
Digg it | 
del.icio.us | 
reddit | 
StumbleUpon
Subscribe to Feed