UNIX like operating systems as Solaris, Linux etc are multi-user systems and file permissions are one way the system protects against unauthorized tampering, they are the first line of defense in the security of a Unix system. Files and directories in Unix systems have three types of permissions: read (r), write and execute (x). Each permission may be `on’ or `off’ for each of three categories of users: the file or directory owner i.e the user (u) himself; other people in the same group (g) as the owner; and all other (o) users. So every file in Unix Systems has the three attributes, one for each category of users and further every category has three type of permissions i.e read, write and execute. You must be aware of these Unix commands interview questions in case if you are working in an IT company or investment banking company. If you are a fresher then also these Unix commands are useful while preparing for technical interview.
Let’s have a look at file permissions using ls -l command on a testfile, it displays various information related to testfile permission as follows –
$ls -l /home/kumadh -rwxr-xr-- 1 kumadh users 1024 Jan 4 00:25 testfile
Here the very first attributes set is showing up as “-rwxr-xr–” for the testfile. Leave the first column and then remaining 9 letters in this set are for permissions assigned to three groups. The first column represent whether it is a file or directory, and that not related to permissions here. So after the first column:
First three letters from 2-4 columns represent permissions to owner of the file (u). So the owner has “rwx” permissions means he has all three permissions read, write and execute on the file. He can read, modify/delete and run the file, whatever he wants to do with the file he has all the rights.
Middle three letters from 5-7 columns represent permissions to the group (g). Here group has “r-x” permissions means only read and execute permissions. They can only read and run the file a program but they can not modify/delete the file.
Last three letters from 8-10 columns represent permissions to all other users (o). Here all other users have “r–” permissions means they only can read the file. They can not modify/delete the file nor they can run the file as a program.
Changing File Permissions in Unix:
1. Using chmod in Symbolic Mode +, – , = :-
The Unix file permissions can be changed by chmod Unix command with +, – or = symbols. Let’s have a look at following examples to clarify this:
$ chmod u+x testfile -- This will add execute permission to the owner of testfile. $chmod g-w testfile -- This will remove write permission from the group on testfile. $chmod o=r testfile -- This will assign only read permission to all other users on testfile.
2. Using chmod with Absolute Permissions:
You can also change the file/directory permissions using the numbers corresponding to r (read), w (write) and x (execute) = 4, 2 and 1 respectively.
Suppose you need to give all permissions to group then you have too add these three numbers which comes to be 4+2+1=7. And then keep 7 in place of group position.
Lets try an example where we need to provide read and write access to owner, read and execute permission to group and just read access to all others. Read and write access to owner is = 4+2=6, read and execute permission to group = 4+1=5 and read access to all other users = 4. So we have 654 number indicating the required permission set on the file or directory as shown in below unix command example.
$ chmod 654 README.txt
Directory Access Modes:-
Directory permissions are listed and organized in the same manner as any other file. The only difference is that execute permission on the directory does not make sense, it simply means execute permissions on any files inside that directory.
Changing Owners and Groups:-
chown : This unix command is used to change the ownership of Unix files and directories. It is important to understand that you can only change file ownership as a super-user (root) and any regular user cannot change the file ownership. In case when you’re changing an owner of a directory, this will not automatically change owner of all files inside that directory, you need to use a -R option of the chown command, which means recursive ownership change. The following command will change the owner of TestFile.txt to newuser:-
# chown newuser TestFile.txt
chgrp : Unlike chown command, chgrp command can be used by regular users of a system. You don’t have to be super user (root) if you want to change a group ownership for some of your files, provided that you’re changing the ownership to a group you’re a member of. That means if you belong to multiple groups then you can change the group ownership of anyfile from one of your groups to some other of your groups. For example if I belong to 2 groups admin1 and admin2 then I can change the group of any file which belongs to group admin1 using chgrp Unix command as below:-
$ chgrp admin2 TestFile.txt --This will change the group to admin2 for TestFile.txt.