|
|
Because the UnixWare system is a multiuser system, it is important that strict control is placed on file access. For example, as a user you cannot change files that belong to someone else without their authorization. Controlling access to files is achieved by use of permissions.
Every file has three sets of permissions that control who
can read it, write it (that is, change it), and execute it. You can
change the permissions on your own files to make them more or less
accessible to other users on the system.
The permissions field for a file is made up of nine character
positions following the file type indicator. They are divided into
three sets of three permissions each; a set for the owner of the
file, a set for the group of users to which the file belongs, and a
set for everyone else on the system. These are respectively known as
``owner'', ``group'' and ``other''.
Note that the superuser (root) can always read or write every file on the system. This is a special privilege that is not available to any other user.
Each set of permissions can include none, one, or more than one of the following privileges:
-r--r----- 1 johnd unixdoc 10586 Feb 25 12:26 1.startThe ``r'' in the first character position of owner's set and the group set means that the owner and members of the owner's group can read the file; nobody else is permitted to do so.
--w--w--w- 1 johnd unixdoc 8660 Feb 25 13:08 2.startThe ``w'' in the owner's set, the group set and the other users' set means that all classes of user can alter this file.
You cannot remove a file unless you have write permission on the directory it is stored in. If you try to remove a file from a directory for which you do not have write permission, you will see an error message like the following:
$ rm freds.file rm: fred/freds.file not removed. Permission denied
---x--x--x 1 johnd unixdoc Feb 25 13:08 2.start
More uncommonly, you may encounter other permissions in a long listing, for example ``s'' or ``t''. For details, see ls(1).
To see the permissions on the current directory, use the ls -d (directory) command, as follows:
$ ls -d drwxrwxrwx 21 johnd techpubs 1552 Dec 07 15:40 .
To change the permissions on a file, use the
chmod(1)
(change mode) command, which has two formats, ``symbolic'' and
``absolute'', as follows:
chmod who operator permission filename
chmod mode filename
Using the first, symbolic, format, the who field is one or more of the following characters:
Using octal numbers to set permissions
Permissions | Octal number |
---|---|
--- | 0 |
--x | 1 |
-w- | 2 |
-wx | 3 |
r-- | 4 |
r-x | 5 |
rw- | 6 |
rwx | 7 |
Three octal numbers (numbers in the range 0 to 7) are used to represent the owner, group and other permissions respectively. Thus, by adding the permissions for a given category of user, you produce a digit; and by specifying three digits (one for each set of users) you can specify all the permissions on a file, as follows:
$ l myfile -rw-r--r-- 1 johnd techpubs 5061 Feb 10 15:01 myfile $ chmod 640 myfile $ l myfile -rw-r----- 1 johnd techpubs 5061 Feb 10 15:01 myfilemyfile originally possessed permissions 644. The ``6'' gives read and write permissions (2 plus 4) to users in the specified group, while the ``4'' gives read permissions only. ``0'' gives no permissions at all. The effect of executing chmod 640 on this file was to deny all permissions to users of group ``other''.
When new files are created, their initial permissions are determined by their file creation mask. The umask(1) command is executed whenever you log in, and it automatically sets the mask to restrict the permissions placed on any files that you create. You can change the permissions placed on new files by running umask again; the new permissions override the old ones.
To change the permissions applied to a newly created file, specify the permissions you want to have removed from the new file. In this way, specifying a file creation mask of o=rwx causes read, write and execute permission to be denied to other users.
$ touch test $ l test -rw-rw-r-- 1 charles techpubs 0 Feb 22 09:29 test $ umask u=,g=w,o=rwx $ touch test.2 $ l test.2 -rw-r----- 1 charles techpubs 0 Feb 22 09:30 test.2The touch(1) command creates an empty file, in this case called test.
In the command lines above, the umask command specifies that write permission is to be removed from members of the file's group, and that read, write, and execute permissions are to be removed from other users. No change is made to the permissions available to the file's owner.
Note that you cannot normally create an executable file using umask; you can only change a file's permissions to make it executable. For example, if your umask is umask u=,g=,o=rwx this gives your default file permissions of 660 (rw-rw----), not 770 (rwxrwx---), even though execute permissions for user and group have not been removed. The only exceptions to this rule are when creating a directory or compiling a program to create an executable binary (in which case the executable bits are set in accordance with your umask).
You can set umask using octal permissions. To set the umask, work out what permissions you want to give newly created files in octal, then subtract them from 777. (Remember, the permissions specified in your umask are removed from the file, not added.) Accordingly, umask 022 removes write permission from the group and other user classes: a file created with an initial mode of 777 becomes 755 and a file created with 666 becomes 644.
To give a file to someone else, change the ownership of the file
with the
chown(1)
(change owner) command, as follows:
chown new_owner filename
The new_owner argument is the login name of the new owner.
For example, the following command line assigns ownership of 01.intro to the user charles:
$ chown charles 01.introYou must be the current owner of a file to change its ownership; that is, you cannot give the file to someone else unless it is yours to give. When you create a file, you automatically become its owner.
Depending on the permissions on a file, if you give away ownership you may give away your right to access the file afterwards.
In order to find out the groups of which you are a member, use the id(1M) command, as follows:
$ id uid=13052(johnd) gid=1014(techpubs)The command displays your numeric user identification (UID) and your group identification (GID). Your login and group names are given in parentheses.
To change the group of a file, use the
chgrp(1)
(change group) command, as follows:
chgrp new_group filename
For example, to change the group of a file called using_unix to techpubs, use the following command:
$ chgrp techpubs using_unixFiles and users on the system are identified as members of a group by their group name. Groups, together with group permissions, allow people who need to use the same files to share those files without sharing them with all users. When you create a file, it is automatically given the same group as your own. You must be the owner of a file to change its group.