You will notice when you type ls -l in a directory you
will see 10 spaces first which might look like -rwxr--r-- this line tells
you the rights people have to a file or directory, note that directories
start with a d for example drwxr--r--. After this you will see maybe root
root. These words define the owner of a file and also its group membership.
The first root means the file is owned by root the superuser. The next
root says the group this belongs to is the root group.
So what does -rwxr--r-- mean well the r means the owner
can read a file, the w means the owner can write to the file and finally
the x means the owner can execute the file. But what about the rest i.e.
the r--r-- part at the end, good question. The next part of the permissions
means that the group assigned to the file can also read it but not write
to it or execute it. But if a file is owned by root and root is a member
of the root group then why does the read only right not stop the owner
from writing or executing a file even though like I said they are part
of the root group? The answer is that the most permissive right applies
and overrides the lesser rights. The last part of the permissions
is the last three spaces or r-- based on my example. These rights
apply to the other group or everyone else that has access to the system.
Note that while root is also a member of this group the same most permissive
right rules applies here as well.
Directory rights are similar to file rights but they
decide who has access to a directory and what they can do while in
a directory. Take the /root directory for example. As a non-root user i.e.
a normal user type ls /sbin. Even though you can see the directory contents
you do not have permission to write to files or execute them just because
you can see them. Go ahead type shutdown -r now and see what happens. If
root had decided that you could both write and execute files in this directory
you would only then be able to do so.
How to change file and directory rights
To change a file or directory rights
you must use the chmod command. In you /root directory type chmod +ug rw
.bash_profile. You just made the .bash_profile readable and writ able for
u which means user and g which means group. If you type chomd +rw .bash_profile
and don't specify user group i.e. chmod +ug then this change make the file
readable writable for everyone including the others group. This is the
same as typing chomd +ugo .bash_profile.
How to remove rights is just as
simply. Type chmod -o rwx .bash_profile. This removes the read write and
execute rights to the file .bash_profile for the o or others group. Its
all quite simple. Make some fake files and play around.
How to change file and directory group membership
You remember how if you typed ls -l in your home directory and saw -rwxr--r-- root root ? Well the second root means group membership. Say you have a file in /root we'll say .bash_profile that you want to give access to the group marketing. Type chgrp marketing .bash_profile. Now marketing can have access to this file based on rights you have given it. Note that when you type ls -l .bash_profile you'll see root marketing. The same can be done with directories and sub directories.
How to change individual ownership of a file
Filed when created are owned by the user that created them. If you type touch test, an empty file called test will be created that you own. The ownership would be say root root if indeed root created the file. To assign ownership of a file to another user let's say fred. Type chown fred test. Now type ls -l test and you will see that fred is now the owner of the file. Its basically that simple.
One last thing I wanted to mention is that you can also change rights to a file by using numbers instead of the traditional +ug rw etc. This is done by typing chomd and three digits like 600 644 etc. Please see the man page for chmod to see how to do this as I never use this method. A quick example is chmod 666 .bash_profile. This would grant read and write permission to everyone for .bash_profile . Again I do not user this approach but it is possible.