90DaysOfDevOps:Day#6

Linux is a multi-user operating system with multiple users accessing the same system. System administrators are responsible for preventing a user from accessing another user’s confidential files. For these reasons, Linux divides authorization into two levels, Ownership and Permission.

File Ownership

Each file and directory has three kinds of owners.

  • User: A “user” is the owner of the file. If you create a new file, then you become the owner of the file.

  • Group: Every user is a part of the specific “group.” A group contains multiple users, all of whom will have the same access permissions to the file.

  • Other: All users and groups in the system are considered as “others.”

Owners are denoted with the following symbols:

  • u = user owner

  • g = group owner

  • o = other

  • a = all (user + group + other)

Change the Ownership with chown

To display the ownership of the file index.html in /var/www/html directory, run the following command:

ls -l /var/www/html/index.html

You should get the following output:

-rw-r--r-- 1 www-data www-data 11510 Feb  3 20:25 /var/www/html/index.html

As you can see, the group and user owner of the file is www-data.

A basic syntax to change the ownership of the file is shown below:

chown owner:group filename

To change the owner of the file index.html to root and group to root, run the following command:

chown root:root /var/www/html/index.html

You can use the -R option with the chown command to change the ownership of the directory recursively.

For example, to change the ownership of the directory /var/www/html to www-data as the user and www-data as the group, run the following command:

chown -R www-data:www-data /var/www/html/

This will change the ownership of all files and directories located inside /var/www/html/.

File Permissions

Each file and directory has three types of permission:

  • Read: You can view and read the content of the file, but can not edit or modify the file. You can list the content of the directory with “read” permission.

  • Write: You can read and edit the content of the file. You can also rename and remove the file. You can add, remove, and rename files in the directory with “read” permission.

  • Execute: You can execute the file.

Permissions are defined using octal permissions. These are nine characters created in three sets of three characters:

---    ---    ---
rwx    rwx    rwx
user   group  other

Each letter denotes a particular permission:

  • r: Read permission

  • w: Write permission

  • x: Execute permission

  • –: No permission set

Permissions are also represented in numeric form as shown below:

  • r (read) = 4

  • w (write) = 2

  • x (execute) = 1

  • (no permission) = 0

  • rwx \= 4+2+1 = 7

  • rw \= 4+2 = 6

You can also use mathematical operators to add and remove permissions.

  • +: Add the permissions.

  • -: Remove the permissions.

  • \=: Overriding existing permissions.

Change the Permissions with chmod

Chmod stands for change mode, and it is a basic syntax used to change the permissions of the file:

chmod permissions filename

To check the permissions of the file, run the following command:

ls -l /var/www/html/index.html

Output:

-rw-r--r-- 1 www-data www-data 11510 Feb  3 20:25 /var/www/html/index.html

As you can see, the owner of the file has read/write permissions, the group has read permission and the other has read permission.

To add execute permissions to the user, run the following command:

chmod u+x /var/www/html/index.html

Now, verify the permissions with the following command:

ls -l /var/www/html/index.html

Output:

-rwxr--r-- 1 www-data www-data 11510 Feb  3 20:25 /var/www/html/index.html

To add write permissions to group and others, run the following command:

chmod g+w,o+w /var/www/html/index.html

Now, verify the permissions with the following command:

ls -l /var/www/html/index.html

Output:

-rwxrw-rw- 1 www-data www-data 11510 Feb  3 20:25 /var/www/html/index.html

To remove the write permissions from others, run the following command:

chmod o-w /var/www/html/index.html

Now, verify the permissions with the following command:

ls -l /var/www/html/index.html

Output:

-rwxrw-r-- 1 www-data www-data 11510 Feb  3 20:25 /var/www/html/index.html

You can also set the permissions using the octal value. You can use the following values for each permission:

777 = rwxrwxrwx

765 = rwxrw-r-x

654 = rw-r-xr–

For example, change the permissions of the file so that the user can read/write and execute, the group can read and execute and the others can only read the file.

chmod u=rwx,g=rx,o=r /var/www/html/index.html

Or

chmod 754 /var/www/html/index.html