Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
3.  Working With Files and Directories Searching for Files (find)  Previous   Contents   Next 
   
 

File and Directory Security

File permissions help to protect files and directories from unauthorized reading and writing. Often you will have files you want to allow others to read but not change. In other situations, you might want to share executable files or programs. File permissions enable you to control access to your files.

The following list describes the three basic file and directory permission types.

  • r - read permission. A file must be readable in order for you to examine or copy it. A directory must be readable in order for you to list its contents.

  • w - write permission. A file must be writable in order for you to modify it, remove it, or rename it. A directory must be writable in order for you to add or delete files in it.

  • x - execute permission. A file with executable permissions is one you can run, such as a program. A directory must be executable in order for you to gain access to any of its subdirectories.

You can set permissions for three categories of users.

  • User - The file owner

  • Group - Other users within the same group as the user, such as all staff members of a particular division. The system administrator establishes and maintains groups.

  • Others - All users.

Displaying Permissions and Status (ls -l)

Use the -l with the ls command to display a long listing of files and directories in alphabetical order.

Figure 3-2 Displaying Permissions and Status

The first character on the line indicates the file type. A dash (-) indicates an ordinary file, a d indicates a directory, and other characters can indicate other special file types.

The next nine characters indicate the permissions for the file or directory. The nine characters consist of three groups of three, showing the permissions for the owner, the owner's group, and the world, respectively. The permissions for emptyfile are rw-r--r--, indicating that the owner can read and write this file, everyone can read it, and no one can execute it. The permissions for the directory veggies2 are rwxr-xr-x, indicating that everyone has read and execute permissions, but only the owner can write to it.

In addition to file permissions, the display shows the following information:

  • Number of links to this file or directory

  • Name of the owner (user2 in this case)

  • Name of the group owner (users in this case)

  • Number of bytes (characters) in the file

  • Date and time the file or directory was last updated

  • Name of the file or directory

    Use the cd command to move to your home directory, and try the ls -l command.

    Now type the following command, where dirname is the name of an actual directory in your file system.

    $ ls -l dirname

When you give the name of a directory, the ls -l command prints information on all the files and directories in that directory.

Listing Hidden Files (ls -a)

Some files are not listed by the ls command. These files have names that begin with the character . (called "dot"), such as .cshrc, .login and .profile. Use the ls -a command to list these dot files: 

$ ls -a
.
..
.cshrc
.login
.profile
emptyfile

Notice that the files beginning with . are listed before the other files. The file . is the reference for the current directory, and the file .. is the reference for the parent directory.

In general, system utilities use files that begin with . and the user cannot modify these files. Some exceptions to this rule do exist.

Changing Permissions (chmod)

Use the chmod command to change permissions for a file or directory. You must be the owner of a file or directory, or have root access, to change its permissions. The general form of the chmod command is: 

chmod permissions name

In this example, permissions indicates the permissions to be changed and name is the name of the affected file or directory.

You can specify the permissions in several ways. Here is one of the forms that is easy to use:

  1. Use one or more letters to indicate the type of users.

    • u (for the user)

    • g (for group)

    • o (for others)

    • a (for all three of the previous categories.))

  2. Indicate whether the permissions are to be added (+) or removed (-).

  3. Use one or more letters to indicate the permissions.

    • r (for read)

    • w (for write)

    • x (for execute)

In the following example, write permission is added to the directory carrots for users who belong to the same group (thus, permissions is g+w and name is carrots).

$ cd veggies2
$ ls -l
drwxr-xr-x   2 user2    users        512 Nov  1 09:11 carrots
$ chmod g+w carrots
$ ls -l
drwxrwxr-x   2 user2    users        512 Nov  1 09:11 carrots
$
 		 
 
  Previous   Contents   Next