22.15 Juggling PermissionsLike any security feature, UNIX permissions occasionally get in your way. When you want to let people use your apartment, you have to make sure you can get them a key; and when you want to let someone into your files, you have to make sure they have read and write access. In the ideal world, each file would have a list of users who can access it, and the file's owner could just add or delete users from that list at will. Some secure versions of UNIX are configured this way, but standard UNIX systems don't provide that degree of control. Instead, we have to know how to juggle UNIX file permissions to achieve our ends. For example, suppose I have a file called ch01 that I want edited by another user, val . I tell her that the file is /books/ptools/ch01 , but she reports to me that she can't access it.
val % The reason val can't read the file is that it is set to be readable only by me. val can check the permissions on the file using the -l option to the ls command:
val % val asks me ( lmui ) to give her read and write permission on the file. Only the file owner and root can change permission for a file. Now, what's the best way to give val access to ch01 ? The fastest and most sure-fire way to give another user permission is to extend read and write permission to everyone:
lmui % But this is sort of like leaving your front door wide open so your cat can get in and out. It's far better to extend read and write access to a common group instead of to the entire world. I try to give val access to the file by giving group read and write access:
lmui % But val reports that it still doesn't work:
val %
What happened?
Well, I gave read and write permission to the
file's group, but
val
doesn't belong to that group.
You can find out the group a file
belongs to using the
-lg
option to
ls
(this is the default on System V when you type
val %
% The ch01 file belongs to group power . val isn't a member of this group, but both lmui and val are in the authors group. To give val access to the file ch01 , therefore, I need to put the file in group authors . To do that, I use the chgrp ( 1.23 ) command:
lmui % Now val can read and write the file. (On System V systems, she may need to run newgrp ( 22.13 ) first.) - |
|