Changing privileges
A file has precisely one group associated with it; this can be
changed to another group by chgrp ('change group').
For instance, suppose our directory has the same contents as
before, and recall that we have linked foo and
bar, we might have the following dialogue:
$ ls -l
total 561
-rw-r--r-- 1 chris ugrads 122 Dec 21 18:40 myfile
drwxr-xr-x 2 chris general 512 Dec 22 14:55 dir1
drwx------ 2 chris general 512 Dec 22 14:55 dir2
-rw-r----- 1 chris proj 9912 Nov 22 17:55 prog.c
-r-x------ 2 chris general 147 Dec 22 17:56 foo
-r-x------ 2 chris general 147 Dec 22 17:56 bar
$ chgrp proj foo
$ ls -l
total 561
-rw-r--r-- 1 chris ugrads 122 Dec 21 18:40 myfile
drwxr-xr-x 2 chris general 512 Dec 22 14:55 dir1
drwx------ 2 chris general 512 Dec 22 14:55 dir2
-rw-r----- 1 chris proj 9912 Nov 22 17:55 prog.c
-r-x------ 2 chris proj 147 Dec 22 17:56 foo
-r-x------ 2 chris proj 147 Dec 22 17:56 bar
Note that the other file linked to foo has also had its group
changed, and that the access privileges for the file are not
changed. chgrp allows one option, -R
('recursive') - with this option, if its file argument is a
directory, all files and subdirectories will also have their groups
changed.
The above information does not tell us that foo and
bar are linked - it merely states that each of those
two files has two links (but not necessarily to each other), and
that they are the same size and created at the same time (to the
nearest second). To check that two files are in fact linked, it is
necessary to ask what their inodes actually are, and you should use
ls -i as discussed earlier. The options
-l and -i can be combined, giving
$ ls -il
but you may find the output becomes wider than the width of your
terminal. Try it!
Similar to chgrp is chown ('change
owner'), which has similar syntax, but can be used to change the
actual owner of a file. This is an operation you are unlikely to
wish to perform, and most systems restrict the command so that only
the super-user may use it.
The most frequent change you are likely to make to a file, apart
from its actual contents, is to the access privileges;
chmod ('change mode') is used for this change. The
syntax is chmod followed by a specification of changes
to the access permission, followed by a file (or files) the change
is to be applied to.
The specification can be done two ways - either the privileges
for the user/group/other sets of users can be set, or they
can be changed. A character known as a who
symbol, which is one of u (user),
g (group), o (other) or a
(all), or a sequence of who symbols, denotes those users to whom
the specification will apply. For instance, go refers
to the group and others, but not to the file's owner. The symbol
a is a synonym for ugo - this synonym is
simply shorthand, as ugo is a very frequently used
sequence of who symbols.
Following the sequence of who symbols comes one of
+, - or =, followed by zero
or more perm symbols (r,
w, x or -), which represent
permissions to be set or changed for the users specified by the
previous who symbols. A + indicates
add the permissions, - indicates
remove those permissions, and = means
set them. For example,
$ chmod go-w myfile
denies write permission to group and to others,
$ chmod u+x myfile
gives execute permission to the owner, and
$ chmod g=r-x myfile
sets group access to r-x, so that users in the
file's group are able to read and to execute file
myfile, but not write to it.
When a file is created, it has default access privileges that
would be set by the system administrator. These can be changed by
the user by means of the command umask ('user mask')
followed by a string with the same information as for
chmod above. For example,
$ umask u=rwx,g=r,o=
will cause all new files created to have read, write and execute
privileges for the owner, but to deny write and execute privileges
for the group, and to deny all privileges for others. This state of
affairs will continue during the current session until
umask is again invoked.
Worked example
Create a file that no-one can read, and confirm that you
yourself cannot read it.
Solution: First of all, choose a name for the file
(myfile, say) and use cat or
vi to create the file. In order to deny read access to
everybody, the command is
$ chmod a-r myfile
with a for all users, r for
read, and - to deny. To check that you can't
read it, try examining the contents using cat and you
should get an error message:
$ cat myfile
cat: myfile Permission denied
|