In Red Hat Enterprise Linux, all files have file permissions that determine whether a user is allowed to read, write, or execute them. When you issue the command ls -l, the first column of information contains these file permissions.Within this first column are places for 10 letters or hyphens.
The first space is either a hyphen, the letter d, or the letter l.
- A hyphen means it is a file.
- If it is the letter d, the file is actually a directory.
- If it is the letter l, it is a symbolic link to a directory somewhere else on the file system.
The next nine spaces are divided into three sets of three as shown in image.
Files and directories belong to both an owner and a group. A group usually consists of a collection of users, all belonging to the same group. The first set of three is the read, write, and execute permissions for the owner of the file.
A group can also consist of one user, normally the user who creates the file. Each user on the system, including the root user, is assigned his or her own group of which he or she is the only member, ensuring access only by that user. The second set of three is the read, write, and execute permissions for anyone who belongs to the user group for the file.
The last set of permissions is for anyone who has a login to the system.
Create a directory /test we will use this for the practical demonstration of permission.
#mkdir /test #ls –ld /test
The root user, the system administrator, owns most of the system files that also belong to the root group, of which only the root user is a member. Most administration files, like configuration files in the /etc directory, are owned by the root user and belong to the root group. Only the root user has permission to modify them, whereas normal users can read and, in the case of programs, also execute them.
In this example, the root user owns the fstab file in the /etc directory, which also belongs to the root user group.
-rw-r--r-- 1 root root 621 jan 22 11:03 fstab
Certain directories and files located in the system directories are owned by a service, rather than the root user, because the services need to change those files directly. This is particularly true for services that interact with remote users, such as Internet servers. Most of these files are located in the /var directory. Here you will find files and directories managed by services like the Squid proxy server and the Domain Name Server (named).
In this example, the Squid proxy server directory is owned by the squid user and belongs to the squid group:
drwxr-x--- 2 squid squid 4096 Jan 24 16:29 squid
Changing a File's Owner or Group
Although other users may be able to access a file, only the owner can change its permissions. If you want to give other user to control over one of your file's permissions, you can change the owner of the file from yourself to the other user. The chown command transfers control over a file to another user. This command takes as its first argument the name of the other user. Following the username, you list the files you are transferring. In our example, we gives control of the /test directory to user a:
# chown a /test # ls -ld /test
You can also change the group for a file and directories, using the chgrp command. chgrp takes as its first argument the name of the new group for a files or directories.
#chgrp example /test
In next section you will learn how to change these permissions.