intro unix/linux 09
Upcoming SlideShare
Loading in...5

intro unix/linux 09



setting and using permissions

setting and using permissions



Total Views
Slideshare-icon Views on SlideShare
Embed Views



1 Embed 1 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.


11 of 1

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • thanks...Good work
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    intro unix/linux 09 intro unix/linux 09 Presentation Transcript

    • Lesson 9-Setting and Using Permissions
    • Overview
      • Describing file permissions.
      • Using execute permissions with a file.
      • Changing file permissions using mnemonics.
      • Changing file permissions numerically.
    • Overview
      • Changing permissions for group and other.
      • Exploring the effect of granting different permissions.
      • Modifying directory permissions.
      • Setting permissions when files and directories are created.
      • Examining the impact of umask on other operations.
    • Describing File Permissions
      • The permissions read, write, and execute govern access to files and directories.
      • The owner can modify the permissions on a file for three classes of users.
      • The owner or user, the members of the owner’s group, and other users are the three classes of users.
    • Describing File Permissions
      • Examining the permissions field.
      • Employing read and write permissions.
      • Changing permissions for a file to read only.
      • Changing permissions for a file to write only.
    • Examining the Permissions Field
      • The “ls –l” command displays the permissions for regular files and directories.
      • Every slot in the permissions field is occupied by either a dash or a letter.
      • A minus sign indicates that a particular permission is denied.
      • The “t” field in the directory permissions is a special permission called the sticky bit.
    • Examining the Permissions Field
      • The first slot indicates whether the listing is for a directory, a plain file, or a special UNIX file.
      • A “c” or “b” at the beginning of many permissions fields indicates whether the device processes data in units of single characters or in whole blocks.
      • The remainder of the permissions field is divided into three sets of three slots each.
    • Examining the Permissions Field Permission Field For Users
    • Examining the Permissions Field
      • File permissions:
        • An owner has full powers over the assignment of permissions to self, its group members, and others.
        • The rwx value for the first slot indicates that the user has read, write, and execute permissions for the file.
        • Every file has an associated permissions field for user, group, and all others on the system.
    • Employing Read and Write Permissions
      • To access the contents of a file, a user must have read permissions for that file.
      • To make changes to or modify a file, a user needs write permissions for that file.
    • Changing Permissions for a File to Read Only Assigning Read Only Permission
    • Changing Permissions for a File to Write Only Assigning Write Permission
    • Using Execute Permissions with a File
      • The “vi” editor can be used for creating a shell script.
      • The “source” command in the C shell and the “dot” (.) command in the Korn or Bourne shell instruct the shell to read the file and execute each commands in it.
      • The process id (PID) of the current shell can be determined with the help of the “$$” sign.
    • Using Execute Permissions with a File
      • A file with the appropriate execute permission can run a shell script like any other UNIX command by typing its name and pressing the ENTER key.
      • The “+x” option instructs chmod to grant execute permission for a file.
      • When a script is run by entering its name, the current shell starts a child shell that reads the script file and runs the listed commands.
    • Using Execute Permissions with a File
      • The read permission is sufficient when sourcing a script, because the current shell needs to read it.
      • A user must have both, execute and read permissions, to run a script in a child process.
      • Only the owner of a file or directory can modify the permissions that are attached to it.
    • Changing File Permissions Using Mnemonics
      • The “chmod” command can accept permission settings in the form of letter arguments or numbers.
      • The mnemonic assignment method allows a user to set permissions for each type of user in several ways.
    • Changing File Permissions Using Mnemonics
      • Assigning specific permissions.
      • Adding and deleting permissions.
    • Assigning Specific Permissions Assigning All Permissions to All Users
    • Assigning Specific Permissions Assigning Specific Permissions to Specific Users
    • Adding and Deleting Permissions Denying Specific Permission to Specific Users
    • Changing File Permissions Numerically
      • Numbers can also be used for conveying permissions information for all the three types of users.
      • The number 700 specifies the rwx permissions only for the owner of a file.
      • The numerical approach allows a user to specify the exact permissions to be granted regardless of the current permission.
    • Changing File Permissions Numerically
      • Combination permissions are specified using the sum of the values for the specific permissions.
      • The primitives (0, 1, 2, and 4) can be added to grant any combination of permissions.
      • The combination of the three numbers 1, 2, and 4 can be used to express the eight possible combinations of execute, write, and read permissions.
    • Changing File Permissions Numerically Numerical Combination of Permissions
    • Changing File Permissions Numerically Permission Values
    • Changing File Permissions Numerically Basic File Permissions
    • Changing Permissions for Group and Other
      • Permissions are usually most restrictive for other, less so for group, and least restrictive for the owner of a file.
      • The process of determining the impact of permissions for a file or directory begins with the determination of the owner of the file, followed by all sets of permissions assigned to it.
    • Exploring the Effect of Granting Different Permissions
      • Changing the permissions of a file does not impact the current directory or the inode.
      • The permissions of a file are recorded in the inode.
      • Write permissions are required for removing a file.
    • Modifying Directory Permissions
      • Directories have the same kind of permissions fields as regular files, except that there is a “d” in the leftmost position.
      • Permissions are assigned to directories with the same letters and numbers that assign permissions to files.
      • Directories are special files containing the name of each file or directory along with its associated inode number.
    • Modifying Directory Permissions
      • Using permissions to control directory access.
      • Listing the files in a directory.
      • Denying write permissions for a directory.
      • Examining the need for execute permissions.
      • Changing permissions for files in all subdirectories.
      • Identifying other system permissions.
    • Using Permissions to Control Directory Access
      • The owner of a directory has the power and responsibility for setting the directory access permissions.
      • Like file permissions, directory permissions include read, write, and execute.
      • The “d” option instructs ls to provide a listing of information about the directory.
    • Using Permissions to Control Directory Access
      • The inode contains all the information about a file, including permissions, owner, date of creation, links, and addresses of data blocks on the hard drive where the file’s content resides.
      • A file is accessed by first retrieving its inode number, then examining its permissions, accessing the data block addresses, and then accessing the file itself.
    • Listing the Files in a Directory
      • Permissions for a directory are contained in the inode listed next to the current directory.
      • Permissions for files are listed in the inodes listed next to the filenames in the current directory.
      • Read permissions are required for reading the directory contents as well as to get a listing of its files.
    • Denying Write Permissions for a Directory
      • Write permissions must be granted before a user can modify the contents of the file or directory.
      • A new file cannot be added or an existing file cannot be removed if appropriate write permissions are not assigned.
    • Examining the Need for Execute Permissions
      • Execute permissions have a different impact on a directory than on a file.
      • A directory cannot be listed if it does not have execute permissions.
      • A file cannot be accessed if the directory does not have execute permissions.
    • Examining the Need for Execute Permissions
      • The files in a subdirectory within the parent directory cannot be accessed if there are no execute permissions on the parent directory.
      • With only execute permission on a directory, a user can “cd” into it, but cannot get a listing of its files.
      • The permissions on directories are specified for user, group, and other in the same fields of the long listing that are associated with file permissions.
    • Changing Permissions for Files in all Subdirectories
      • The “chmod” utility can be used to change the permissions for all files in a directory and even for all its subdirectories.
      • The “–R” option, when specified with the chmod utility, allows permissions to be applied recursively to all child directories and files encountered.
    • Identifying Other System Permissions
      • The “s” and “t” are some of the permissions that can only be set by the super user.
      • The executable passwd file is a program that users run to change their passwords.
      • Encrypted passwords are kept in the password file /etc/passwd or in /etc/shadow, depending on the system.
      • Ordinary users do not have write permissions on the password files.
    • Identifying Other System Permissions
      • The root user has “s” and “r” permissions on the passwd file, where s in the owner field indicates that anyone who has permission to execute the program executes it, the program runs as though root is running it.
      • When an ordinary user runs passwd, the s tells the system that while running the passwd program, the user has root’s identity.
      • The group ID of the program needs to be turned on if an administrator wishes to restrict users from executing specific programs.
      • A “t” in the last permission slot for a directory puts limits on who can remove files.
      Identifying Other System Permissions
    • Identifying Other System Permissions
      • A user cannot remove a file even though they have write permissions on the directory.
      • The t bit is a sticky bit, which, when set, permits only the owner of a file to delete or change the name of the file in the directory.
    • Setting Permissions when Files and Directories are Created
      • The three ways of creating files in UNIX are:
        • By copying an existing file.
        • Using a “tee” utility.
        • Redirection from a shell command.
    • Setting Permissions when Files and Directories are Created
      • Examining the default permissions.
      • Specifying default permissions for directories with umask.
    • Examining the Default Permissions
      • The operating system initially sets permissions for the owner as read and write when a file is created.
      • These default permission settings are determined by the umask value.
      • The umask value determines which permissions are masked from being set.
    • Examining the Default Permissions
      • The umask setting determines the value of permissions for new files as they are created.
      • Changing the umask has no effect on an existing file.
      • The umask setting is initially determined by default on the system, but can be modified from the shell command-line.
    • Specifying Default Permissions for Directories with umask
      • A directory created while umask is 000 has full permissions granted to user, group, and other.
      • A directory once created with umask can be modified with the chmod command.
    • Specifying Default Permissions for Directories with umask Umask Values
    • Examining the Impact of umask on Other Operations
      • The value of umask determines the initial permissions when files and directories are created.
      • The “cp” command directly copies the permissions of the source file to the destination file if the umask is not set.
      • The “–p” option, when specified, instructs the cp utility to ignore the umask when copying files.
    • Examining the Impact of umask on Other Operations
      • The “cat” utility can also be used for duplicating a file with the original permissions without applying the umask effect.
      • The shell follows umask instructions when creating files.
      • Permissions are added up to the limit set by umask when mnemonic arguments are used for specifying permissions in the chmod command.
    • Summary
      • Read permission is needed to access a file’s contents with a utility.
      • Write and execute permissions are required for adding a file, removing a file, or changing a file’s name in a directory.
      • A user must have the execute permission to cd into a directory or include the directory in a path.
    • Summary
      • Letters or numbers can be used for specifying permissions information in the chmod command.
      • Read and execute permissions are required by a script file to execute as a child process.
      • Files and directories are granted initial permissions at creation determined by the umask setting at the time that the file or directory is created.