massive-website-banner

Managing File Permissions

In a shared Linux environment it is important to understand the implications of file permissions as they allow you to control who has access to your files. To see file permissions use the "ls -al" command, which will show a list of file permissons in the first column e.g.

drwxr-xr-x 3 paulmc mosp 8192 Jul 8 11:49 VPAC
-rw-r--r-- 1 paulmc mosp 36 Mar 17 2011 working_machines

 

The characters in the first column represent the permissions. Here's how to interpret them:

permissions

The first character specifies whether or not a file is a directory or not. In the above the "d" shows that "VPAC" is a directory.

The next letters have the following meaning:

"r" - means "read" or the ability to look inside a file

"w" - means "write" or the ability to write to and modify a file

"x" - means "execute" or the ability to use the file as an executable process (Note: directories are treated as executable processes)

These are grouped in 3 sets by "user" (U), "group" (G) and "other" (O). User is the person who owns the file (e.g. paulmc) and group is the group ownership (e.g. "mosp") and other is everybody else.

We can use these to interpret the above. "VPAC" is a directory, which "paulmc" can read/write and execute (i.e. go into the directory). Members of the group and others can also go into the directory but they cannot write to it. "working_machines" is a file which "paulmc" can change, but members of "mosp" and "others" can only read.

Now we have an understanding of permissions, the next sections explain how to manage those file permissions

Commands

Most of the following commands have an online manual with the "man" command e.g. "man chmod" or help with the -h option. Here we give a basic overview of the commands of interest with links to further information. The in the examples section we will provide some steps to achieve typical goals.

chmod

chmod - changes file access permissions directly by allowing you to set individual flags or recurse through a directory.

(also see http://en.wikipedia.org/wiki/Chmod)

chgrp

chgrp - changes group ownership of a file so that you can share a file with other groups other than your default.

(also see http://en.wikipedia.org/wiki/Chgrp)

umask

umask - sets the file mode creation mask of the current process. This allows you to set a default permission that a file gets created with to meet your needs.

umask can be used per session (as needed) or you can add it to your ~/.bashrc profile. .bashrc gets executed on every login and therefore will set the umask for every session. For example adding the following will grant the group read/write access to all files created:

umask 0002

 

(also see http://en.wikipedia.org/wiki/Umask)

find

find - search for files in a directory hierarchy. This allows you to do some tricky things by giving you a method to find files and then execute a command on the files that you have found.

(also see http://en.wikipedia.org/wiki/Find)

Examples

Here are some common steps to sharing and restricting access to files, the find ones work with just a cut and paste.

To change the group permissions on all subdirectories under the one you're in, using find :

find . -type d -exec chmod g+rwx '{}' \;

 

To change the group permissions on all files in the directory and subdirectories of the one you're in, using find :

find . -type f -exec chmod g+r '{}' \;

 

To recursively change the group membership of all the files and directories in a particular directory :

chgrp -R mosp MOSP_Scratch/

 

To recursively make the group have all the same file permissions that you have :

chmod -R g=u somedir

Copyright © 2016 MASSIVE. All Rights Reserved.