Rights Management in UNIX - Change the rights
(Page 3 of 4 )
You can change rights with the chmod command. The syntax looks like this:
chmod [3 digit octal number] [on what file]
For example:
chmod 775 alfa.txt
This will set the right 775. Expand to 111 111 101. Now if we replace the 1 with a set of the right and a – for the unset (we got that from the ls), we will get back rwx rwx r-x. Everyone has all rights, but the final group cannot write to the file. The second option is to use the syntax:
chmod [letter from who] [+ or – (set or unset right] [ what right] [on what file]
For example:
chmod u-x, o+w alfa.txt
From the model, we can see that with the second syntax we can make multiple changes at once; we just need to separate the tasks with a comma. In this we unset the execute right from the user, and set the write right for the other group.
The chmod command also has a couple of option flags we can turn on. However, we rarely use them. The first is the –f, which forces the command to execute. In addition, it will not echo back with an error message if one occurs. The second is the –R. This will make the changes recursively along the file system tree of a directory we give. This is a dangerous option, as it will change the rights for both the folders and the files.
For a file, the rights are quite self-descriptive: to be able to write to a file means you can modify it, while the read right means you can see what is in the file, and the execute right is obvious. When we talk about directories, this changes a little.
The read right means that we can read the directory file. This just means that we can list the files found inside it. However, we can only list what is inside the file; we can't also access it. As said, the directory is only a file with directory entries inside. This allows us to read the file, not what is in each folder.
The write right means that we can add new entries to the directory file and create below it a new file/directory. The execute right means that we can pass through the directory. This is required to reach the files/directories below the directory.
This last one is very valuable for web servers. You are not allowed to cause havoc on the server. You have a given amount of storage space inside a directory; however, you should not modify the rest of the files found in the server, otherwise you may abuse it and the server would crash. In these situations, you will have only execute rights to a specific folder, and the rwx rights below that. This assures that you can use your storage and still not modify important files on the server.
Next: Some extra rights >>
More Miscellaneous Articles
More By Gabor Bernat
