Understanding operating systems is impossible without understanding permissions.
They are everywhere. They are needed everywhere. And once you understand how to alter them, you will be well on your way to comprehend the basics of today’s computers.
Managing Permissions
Viewing permissions on any Unix-based machine is simple.
$ ls -l
ls called with the -l parameter will output the POSIX permission convention. It will give you an idea as to what you can do with the file. There are only three type of permissions.
r : Read permission
w : Write permission
x : Execute permission
These permissions exist on three different user levels: user (u), group (g), and others (o). By calling ls -l on a directory, we get the following output.
-rw-r--r-- 1 myuser mygroup 6 Mar 1 16:40 touched.txt
This can be disected into four parts:
Directory/File User Group Others
- rw- r-- r--
The first ‘-‘ distinguishes between files, where it is ‘-‘, and directories ‘d’.
Then each other part displays read, write and execute permissions. A ‘-‘ indicates that the user or entity does not have the corresponding permission.
The ls -l output for the touched.txt can be translated in the following way:
-rw-r--r-- 1 myuser mygroup 6 Mar 1 16:40 touched.txt
- touched.txt is a file
rw- User (myuser) has read and write permission
r-- Group (mygroup) has read-only permission
r-- Others have read-only permission
With chmod we can change these permissions however we suit fit, given we have the permissions to do so.
There are two ways in which chmod works, the first is changing permissions using numbers and the second one is using the POSIX style notation. Using POSIX notation, we add write permissions to the group and others.
$ chmod go+w touched.txt
$ ls -l
-rw-rw-rw- 1 myuser mygroup 6 Mar 1 16:40 touched.txt
‘go’ stand for group and others, the ‘+’ adds permissions and ‘w’ is the writing permission.
The same can be done in order to revoke the permissions, just replacing the ‘+’ with a ‘-‘
$ chmod go-w touched.txt
The other way to change permissions is by relying on numbers. You might have seen something like this before:
$ chmod 644 touched.txt
Each number stands for a or multiple permissions. The way it works is that you add the different permissions together that you want to give the different levels.
0 = no operations allowed
1 = execute or the ability to cd in the case of a directory
2 = read
4 = write
Wanting to give the group and others read and write permissions but none to the user, you could write the following
$ chmod 066 touched.txt
user: 0 for no operations allowed
group: 6 = 4 (write) + 2 (read)
others: 6 = 4 (write) + 2 (read)
That’s it. The next step is to explore permissions more deeply.