*nix Commands: Tha' Perms

Ok. For this section we are going to cover an introduction to files and navigation. As a reminder who think I should add something more, please send it to me as a PM. There are many tutorials envisioned for the *nix commands and everything shall be done step-by-step rather than to throw everything out at once.

Let's begin with the concept of permissions. As many of you know and realize *nix is an excellent server based OS and was developed as such right from the beginning. As such, users had to be kept from getting into each other's files and stuff. File names and directory names can be up to 256 characters in length. Any combination of numbers and letters are allowed but it is recommended not to use special characters as they have meaning to the OS. Some special characters like . are used to hide files or identify system files. These can be seen through the usage of ls -a. If you think someone has been into your *nix box, always check for these kinds of hidden files or directories.

I created a dumdumfile for this section. (Editor's Note:you'll see me reference these a lot. I might actually post some labs for the tutorials, perhaps here or on my website when I update it this month (yes, I will update it!)). The example I will use is from my RH box:

-rw-rw-r-- 1 mittens mittens 0 Dec 13 10:46 dumdumfile

This is further divided down into the following areas:

- = column 0 represents whether this is a file, directory or link; - means file, d means directory, l means link

rw-rw-r-- = is divided into 3 sections: columns 1-3 (rw-) represents permissions for owner/user, columns 4-6 (rw-) represents permissions for group and columns 7-9 represents permissions for everyone else or other.

1 = number of absolute links to the location. Files have 1 while directories have at least 2, one for the directory and one for it's parent directory

mittens = name of the owner/user of the file/directory

mittens = name of the group that has permission to the file

0 = size of the file/directory in bytes

Dec 13 10:46 = date of creation/modification/access

dumdumfile = name of file or directory

Now what is important to us is really the permissions for owner, group and others (everyone else). You'll notice that they are in groups of three. Permissions are assigned by a combination of r (read), w (write) and x (execute). To assign or alter permissions you would use:

chmod permissions <file/directory name>: prounounced as ch-mod and basically, to my understanding, means change mode. The permissions can either be added in the octal (numeric) method or the character (alphabetical) method. Now, the combination of permissions has an affect as to how one can use the file or directory.

For files:
r only = allows you to read the files contents
rw = allows you to read and modify the files contents
rx = allows you to read and execute (assuming its a program or a script)

For directories:
r only = allows you to see what is in the directory (files and subdirectories) using ls
rx = allows you to get a long listing (ls -l) of the directory as well as navigate into it
wx = allows you to create and delete directory contents
x = allows you to move into a directory

Remember that directory permissions affect the contents of the directory while file permissions affect the contents of the file. You'll notice that both are very similar in their concept. That is because *nix views everything that is on it -- you as a user, the files, the directories, the components, etc. -- as a series of files. Everything to *nix kernel and OS is a file.

Now that said, if I wanted to change the permissions of my dumdumfile to ensure that no one but me has access I can use either method:

chmod u+rwx,go-rwx dumdumfile

This would result as such:

-rwx------ 1 mittens mittens 0 Dec 13 10:46 dumdumfile

This would be the character method. The character method identifies the various permissions by their starting letter -- r, w and/or x -- and the users/groups by the starting letter: u = user/owner, g = users group, o = others/everyone else. By simply adding a permission or subtracting a permission you can alter the permissions. You need not add or subtract them all at once. I may decide that others should be allowed to read the file:

chmod o+r dumdumfile

results in perms as:

-rw----r-- 1 mittens mittens 0 Dec 13 10:46 dumdumfile

Simple. Easy enough. But what about octal method? Well, much like any computer system, *nix likes it's binary. You can find my tutorial on Binary here: http://www.antionline.com/showthread...hreadid=124423 . Remember that there are only 3 permissions. Which results in the following:

rwx decimal perm

So if I wanted to alter my permissions on my dumdumfile (say its a script and I want my group and others to be able to use it but not modify it) I would then try:

chmod 755 dumdumfile

results in perms as:

-rwxrw-rw- 1 mittens mittens 0 Dec 13 10:46 dumdumfile

Now, with the octal method this is an all or nothing. You cannot assign individual permissions but have to assign all the permissions needed. Sort of an all or nothing kind of deal. Play with some dumdum files and directories experimenting with the permissions to see more as to how they work. Ah but we need to know how to create those dumdum files and directories now, don't we?

Well for that we have two commands we can use:
touch <filename>: Touch creates an empty file.

file <filename/directory name>: tells you what kind of "file" something is. i.e., is it an ascii file, executable, script, directory, etc.

I had to edit this after reading some of the comments thus far. It had occurred to me to put this in but when a tutorial gets long I sometimes forget. By default, when a file is first created or a directory created they each have permissions of 666 and 777 respectively. Files do not have execute enabled by default because not all files will be scripts or programs. Directories, however, do need to be navigated into.

Now, if I wanted to ensure a secure system where users weren't getting into each other's stuff, I'd have to go and manually change everything, right? Well, nope.

umask value: refers to user mask. And basically removes the permissions you do not want to apply. The most common permission that we don't want to have is write of course, especially for our group and everyone else. So if I want to make sure that when I create files that permission is removed I would type umask 022. This will remove only the write permission every time I create a file or directory. Note that this applies only to new files. Existing files permissions will not be changed. (Note: there is no DOS command to match this one)

mkdir -p <directory(ies)>: to create a single directory use, mkdir directory name. To create a directory with subdirectories use the option -p. As an example I could create mkdir -p dir1/dir2/dir3 dir4. (note the space in between dir3 and dir4) This would result in two directories being created in my present location and dir1 would have a subdirectory of dir2 with a subdirectory of dir3.

I'm going to finish this off with the navigation command, cd. Much like it's DOS child, cd allows you to "change directory". Typing cd by itself results in being taken back to the home directory of the user you are logged in as. You can cd to the parent directory by typing cd ... Note the spaces. Unlike DOS, *nix is not forgiving with this command if you forget the spaces.

*nix CommandDOS Command
chmodattrib (this is the closest that exists)
mkdirno true equivilant other than multiple mds
touchno equivilant in DOS; in Windows you can create empty files by right-clicking on the desktop
ls -adir /ah

My next tutorial will probably cover commands that allow us to copy files, remove files and move/rename files. In addition, I will cover the differences between absolute addressing and relative addressing in*nix. As you may have noticed, their ain't no drive letters! Eeep!