home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


UNIX Power Tools

UNIX Power ToolsSearch this book
Previous: 22.14 Add Users to a Group to Deny Permission Chapter 22
File Security, Ownership, and Sharing
Next: 22.16 Copying Permissions with cpmod
 

22.15 Juggling Permissions

Like any security feature, UNIX permissions occasionally get in your way. When you want to let people use your apartment, you have to make sure you can get them a key; and when you want to let someone into your files, you have to make sure they have read and write access.

In the ideal world, each file would have a list of users who can access it, and the file's owner could just add or delete users from that list at will. Some secure versions of UNIX are configured this way, but standard UNIX systems don't provide that degree of control. Instead, we have to know how to juggle UNIX file permissions to achieve our ends.

For example, suppose I have a file called ch01 that I want edited by another user, val . I tell her that the file is /books/ptools/ch01 , but she reports to me that she can't access it.

val % 

cd /books/ptools


val % 

more ch01


ch01: Permission denied

The reason val can't read the file is that it is set to be readable only by me. val can check the permissions on the file using the -l option to the ls command:

val % 

ls -l ch01


-rw-------  1 lmui       13727 Sep 21 07:43 ch01

val asks me ( lmui ) to give her read and write permission on the file. Only the file owner and root can change permission for a file. Now, what's the best way to give val access to ch01 ?

The fastest and most sure-fire way to give another user permission is to extend read and write permission to everyone:

lmui % 

chmod 666 ch01


lmui % 

ls -l ch01


-rw-rw-rw-  1 lmui       13727 Sep 21 07:43 ch01

But this is sort of like leaving your front door wide open so your cat can get in and out. It's far better to extend read and write access to a common group instead of to the entire world. I try to give val access to the file by giving group read and write access:

lmui % 

chmod 660 ch01


lmui % 

ls -l ch01


-rw-rw----  1 lmui       13727 Sep 21 07:43 ch01

But val reports that it still doesn't work:

val % 

more ch01


ch01: Permission denied

What happened? Well, I gave read and write permission to the file's group, but val doesn't belong to that group. You can find out the group a file belongs to using the -lg option to ls (this is the default on System V when you type ls -l ):

val % 

ls -lg ch01


-rw-rw----  1 lmui     power          13727 Sep 21 07:43 ch01

groups
You can use the groups command (the GNU version is on the CD-ROM) to find out what groups a user belongs to:

% 

groups val


val : authors ora
% 

groups lmui


lmui : authors power wheel ora

The ch01 file belongs to group power . val isn't a member of this group, but both lmui and val are in the authors group. To give val access to the file ch01 , therefore, I need to put the file in group authors . To do that, I use the chgrp ( 1.23 ) command:

lmui % 

chgrp authors ch01


lmui % 

ls -lg ch01


-rw-rw----  1 lmui     authors        13727 Sep 21 07:43 ch01

Now val can read and write the file. (On System V systems, she may need to run newgrp ( 22.13 ) first.)

- LM


Previous: 22.14 Add Users to a Group to Deny Permission UNIX Power Tools Next: 22.16 Copying Permissions with cpmod
22.14 Add Users to a Group to Deny Permission Book Index 22.16 Copying Permissions with cpmod

The UNIX CD Bookshelf Navigation The UNIX CD BookshelfUNIX Power ToolsUNIX in a NutshellLearning the vi Editorsed & awkLearning the Korn ShellLearning the UNIX Operating System