Sixth Command: Grant Devine Rights

Earlier when playing around with the ‘ls’ command, we looked at more detailed output from the command that showed a set of permissions for the directory contents. The output looked similar to:

-rw-r–r– 1 shelleyp shelleyp 789 Aug 10 15:00 index.xml
drwxr-xr-x 10 shelleyp shelleyp 4096 Sep 25 16:21 internet

In the leftmost portion of the output, following the first character, which specifies whether the object is a directory or not, the remaining values specify the permissions for each object listed by owner of the object (the first set of triple characters), the group the owner belongs to (the second set of triples), and basically the world. Each triple permission states whether the person accessing the object has read access, write access, or can execute (run) the object — or all three.

In the first line, I as owner had read and write access to the file, but not execute because the file was not an executable. Any member of the group I belong to (the same name as my user name in this example, though on most systems, this is usually a different name), would have read access to the file, only. The same applies to the world, not surprising since this is a web accessible XML file. For the second line, the primary difference is that all three entities — myself, group, and the world — have executable permission for object, in this case a directory.

What if you want to change this, though? In particular, for weblog use, you’ll most likely need to change permissions for directories to allow weblogging tools to work properly. To change permissions for a file or a directory, you’ll use the Change Mode command, ‘chmod’.

There are actually two ways you can use the chmod command. One uses an octal value to specify the permission for owner, group, and world. For instance, to change a directory to all all permissions for the owner, but only execution permission for a group and the world, you would use:

host% chmod 755 somefile

The first value sets the permissions for the owner. In this case, the value of ‘7′ states that the owner has read, write, and execute permission for the object, somefile

-rwxr-xr-x 1 shelleyp shelleyp 122 Sep 27 17:48 somefile

If I wanted to grant read and write permission, but not execute, to owner, group, and world, I would use ‘chmod 666 somefile’. To grant all permissions to owner, read and write to group, and read only to world, I would use ‘chmod 764 somefile’.

To recap the numbers used in these examples:

4 - read only
5 - read and execute only
6 - read and write only
7 - read, write, and execute

The first number is for the owner, the second for the group, the final for the world.

Another approach that’s a bit more explicit and a little less mystical than working with octal values, is to use a version of chmod that associates permission with a specific group or member, without having to provide permissions for all three entities. In this case, the use of the plus sign (’+') sets a permission, the use of the subtraction sign (’-') removes it. The groups are identified by ‘u’ for user (owner), ‘g’ for group, and ‘o’ for others. To apply a permission to all three, use ‘a’, which is what’s assumed when no entity is specified.

This sounds suspiciously similar to that simple to put together table you bought at the cheap furniture place, but all’s clear when you see an example. To change a file’s permission to read, write, and execute for an owner, read and execute for group, and execute for the world, use the following:

chmod u+rwx,g+rx,o+x somefile

In this example, the owner’s permissions are set first, followed by the permissions for the group and then ‘others’, or the rest of the world.

To remove permission, such as removing write capability for owner, use the following:

host% chmod u-w somefile

Though a bit more complex and less abbreviated than using the octal values, the latter method for chmod is actually more precise and controlled and should be the method you use generally.

(Of course, there’s a lot more to permissions and chmod than explained in this essay, but we’ll leave this for a future Linux for Poets writing.)

Once you’ve created your lovely new directory, and made sure the permissions are set accordingly, the next thing you’ll want to do is fill it up.