start page | rating of books | rating of authors | reviews | copyrights

Unix Power ToolsUnix Power ToolsSearch this book

50.11. Juggling Permissions

Like any security feature, Unix permissions occasionally get in your way. When you want to let people use your apartment, you have to make sure you can get them a key; and when you want to let someone into your files, you have to make sure they have read and write access.

In the ideal world, each file would have a list of users who can access it, and the file's owner could just add or delete users from that list at will. Some secure versions of Unix are configured this way, but standard Unix systems don't provide that degree of control. Instead, we have to know how to juggle Unix file permissions to achieve our ends.

For example, suppose I have a file called ch01 that I want edited by another user, joe. I tell him that the file is /books/ptools/ch01, but he reports to me that he can't access it.

joe % cd /books/ptools
joe % more ch01
ch01: Permission denied

The reason joe can't read the file is that it is set to be readable only by me. joe can check the permissions on the file using the -l option to the ls command:

joe % ls -l ch01
-rw-------  1 lmui       13727 Sep 21 07:43 ch01

joe asks me (lmui) to give him read and write permission on the file. Only the file owner and root can change permission for a file. Now, what's the best way to give joe access to ch01?

The fastest and most sure-fire way to give another user permission is to extend read and write permission to everyone:

lmui % chmod 666 ch01
lmui % ls -l ch01
-rw-rw-rw-  1 lmui       13727 Sep 21 07:43 ch01

But this is sort of like leaving your front door wide open so your cat can get in and out. It's far better to extend read and write access to a common group instead of to the entire world. I try to give joe access to the file by giving group read and write access:

lmui % chmod 660 ch01
lmui % ls -l ch01
-rw-rw----  1 lmui       13727 Sep 21 07:43 ch01

But joe reports that it still doesn't work:

joe % more ch01
ch01: Permission denied

What happened? Well, I gave read and write permission to the file's group, but joe doesn't belong to that group. You can find out the group a file belongs to using the -lg option to ls. (This is the default on many systems when you type ls -l. Other systems are different. For instance, the GNU ls command ignores -g and has a -G option for when you don't want to see the group name.)

joe % ls -lg ch01
-rw-rw----  1 lmui     power          13727 Sep 21 07:43 ch01

You can use the groups command (Section 49.6) to find out what groups a user belongs to:

% groups joe
joe : authors ora
% groups lmui
lmui : authors power wheel ora

The ch01 file belongs to group power. joe isn't a member of this group, but both lmui and joe are in the authors group. To give joe access to the file ch01, therefore, I need to put the file in group authors. To do that, I use the chgrp (Section 1.17) command:

lmui % chgrp authors ch01
lmui % ls -lg ch01
-rw-rw----  1 lmui     authors        13727 Sep 21 07:43 ch01

Now joe can read and write the file. (On some systems, he may need to run newgrp (Section 49.4) first.)

-- LM



Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.