90DaysOfDevOps:Day#6
Linux is a multi-user operating system with multiple users accessing the same system. System administrators are responsible for preventing a user from accessing another user’s confidential files. For these reasons, Linux divides authorization into two levels, Ownership and Permission.
File Ownership
Each file and directory has three kinds of owners.
User: A “user” is the owner of the file. If you create a new file, then you become the owner of the file.
Group: Every user is a part of the specific “group.” A group contains multiple users, all of whom will have the same access permissions to the file.
Other: All users and groups in the system are considered as “others.”
Owners are denoted with the following symbols:
u = user owner
g = group owner
o = other
a = all (user + group + other)
Change the Ownership with chown
To display the ownership of the file index.html in /var/www/html directory, run the following command:
ls -l /var/www/html/index.html
You should get the following output:
-rw-r--r-- 1 www-data www-data 11510 Feb 3 20:25 /var/www/html/index.html
As you can see, the group and user owner of the file is www-data.
A basic syntax to change the ownership of the file is shown below:
chown owner:group filename
To change the owner of the file index.html to root and group to root, run the following command:
chown root:root /var/www/html/index.html
You can use the -R option with the chown command to change the ownership of the directory recursively.
For example, to change the ownership of the directory /var/www/html to www-data as the user and www-data as the group, run the following command:
chown -R www-data:www-data /var/www/html/
This will change the ownership of all files and directories located inside /var/www/html/.
File Permissions
Each file and directory has three types of permission:
Read: You can view and read the content of the file, but can not edit or modify the file. You can list the content of the directory with “read” permission.
Write: You can read and edit the content of the file. You can also rename and remove the file. You can add, remove, and rename files in the directory with “read” permission.
Execute: You can execute the file.
Permissions are defined using octal permissions. These are nine characters created in three sets of three characters:
--- --- ---
rwx rwx rwx
user group other
Each letter denotes a particular permission:
r: Read permission
w: Write permission
x: Execute permission
–: No permission set
Permissions are also represented in numeric form as shown below:
r (read) = 4
w (write) = 2
x (execute) = 1
– (no permission) = 0
rwx \= 4+2+1 = 7
rw \= 4+2 = 6
You can also use mathematical operators to add and remove permissions.
+: Add the permissions.
-: Remove the permissions.
\=: Overriding existing permissions.
Change the Permissions with chmod
Chmod stands for change mode, and it is a basic syntax used to change the permissions of the file:
chmod permissions filename
To check the permissions of the file, run the following command:
ls -l /var/www/html/index.html
Output:
-rw-r--r-- 1 www-data www-data 11510 Feb 3 20:25 /var/www/html/index.html
As you can see, the owner of the file has read/write permissions, the group has read permission and the other has read permission.
To add execute permissions to the user, run the following command:
chmod u+x /var/www/html/index.html
Now, verify the permissions with the following command:
ls -l /var/www/html/index.html
Output:
-rwxr--r-- 1 www-data www-data 11510 Feb 3 20:25 /var/www/html/index.html
To add write permissions to group and others, run the following command:
chmod g+w,o+w /var/www/html/index.html
Now, verify the permissions with the following command:
ls -l /var/www/html/index.html
Output:
-rwxrw-rw- 1 www-data www-data 11510 Feb 3 20:25 /var/www/html/index.html
To remove the write permissions from others, run the following command:
chmod o-w /var/www/html/index.html
Now, verify the permissions with the following command:
ls -l /var/www/html/index.html
Output:
-rwxrw-r-- 1 www-data www-data 11510 Feb 3 20:25 /var/www/html/index.html
You can also set the permissions using the octal value. You can use the following values for each permission:
777 = rwxrwxrwx
765 = rwxrw-r-x
654 = rw-r-xr–
For example, change the permissions of the file so that the user can read/write and execute, the group can read and execute and the others can only read the file.
chmod u=rwx,g=rx,o=r /var/www/html/index.html
Or
chmod 754 /var/www/html/index.html