Introduction
In this second part, about understanding and use of permissions on Linux, we will work with the command umask, chown , and chgrp. The first command allows you to manipulate the default permissions (default) the system, the second is used to change the owner file or directory, and, finally, the third is used to change the group in which a file/directory belongs to.
For you to understand these features, it is extremely important the first part this topic has been read. This is because the concepts shown in the first article will be applied here. We’re going there?
Working with default permissions
Can you happen to, for example, create files with permissions read and write for the owner and for a group using chmod. In this case, you may not have allowed no access to the other users of the system. But very probably this was not his intent. You realizes that when you create permissions on files, permissions the default may differ. That is where that comes into play the command umask.
The umask (the mask for creation of files) it is responsible for controlling the default permissions of the files. But there is something important to mention in relation to this command: when this instruction is used, it can, for example, show the value 07. In this case, adds up a 0 to the left, turning the value into 007 (whenever there is a situation like this, one should interpret it as if there was one more zero to the left). But this does not mean the file has been created without any permission to the owner and to the group, and has been given permissions read, write and execute for all the other. In fact, it means exactly the opposite! Let’s see why:
The umask is a kind of filter through which the files pass to determine their permissions. If the value of the permission it is true, remains in the file, otherwise you should exit. Note the diagram below to understand better:
Let’s turn the mask (in our case, the value 007) in a binary value:
007 => 000 000 111
Now let’s align this value with the equivalent in binary to “all the permissions given to you”, or 777(this value is always used in this type of operation) and do one addition:
777 => 111 111 111
Then,
| 000.000.111 | ====> | 007 | |
| + | 111 111 111 | ====> | 777 |
| 111.111.000 |
Note the value that resulted from the addition. When there is 0 + 1, the value is 1. When there is 1 + 1 the value shall be 0 and not 2 as in the binary system there are only the values 0 and 1 (no 2 or other numbers). With the values of the result of the addition of the binary equivalent for 007 and 777 in hand, we are now going to turn them in a decimal value:
111 111 000 => 770
This then becomes the value of the default permission. Notice now that the value of the umask is the opposite the normal value, that is, when someone wants, for example, have 770 as the default permission for a file, then you should use a value of 007, the opposite. This means that the umask will give permission the default, that is, read, write and execute for the owner and for the group, butno permission for others. See, this situation it is exactly the opposite of 007 if it was used chmod. This makes it clear that the umask always work with the value opposite. This may, indeed, seem confusing, so it is necessary to reason and practice enough to have a clear understanding of the umask and of its usefulness. So, let’s exercise: create a directory any, for example, iw, and type:
umask 027 iw
Note that the file does not have execute permission for the owner and for the group because it is not a executable file. See this case for better understand: the work with 770 (mask 007) with certain files, why is it that some have, in reality, value 660? Simply because the system knows that for some files the execute permission it makes no sense. So, he hides this permission and gives to the file with permission 770 the value 660. Even so, it is recommended to use a value with execute permission even for text files, since there may be a directory on the the middle of everything and, for this case, the execution permission is valid.
Let’s assume now you want to have the default permission send files only to the owner (that is, the other users do not have access to) and leave them as read, that is, you want to have the permission r-x——. For use the umask is necessary to use the value otherwise, that is -w-rwxrwx. Passing this value to binary, the result is 010 111 111 and passing to decimal, 277 (010 = 2, 111 = 7). Then, the command that must be used is: umask 277.
Remember one important detail: the default permissions are given to files and directories so that created. Being thus, to change permissions, particularly) use the command chmod.
Changing ownership of a file/directory
As you may already know, every file or directory in Linux has an owner and a group. And if you need to, for some reason, transfer the “ownership” of that file/directory to another user? Doing this is very easy! To facilitate the understanding, we will do the following: download the file guia.txt user arthurfor the user marvin. For so, we’ll make use of the command chown. But, before we go on, be aware of the following details: if you “download” the ownership of a file its for a work colleague, for example, may not be able to “take” the file back. Only his colleague, now owner of the file, you may return it to you.
Now, let’s execute the procedure of transfer of property of guia.txt for the user to marvin by means of the command chown. Then, let’s again type “ls -l guia.txt” to show that the process was successful:
chown marvin guia.txt
ls -l guia.txt
In many cases, this command may not be permitted to the users (only the root) for security reasons. If you use the chown and appear a warning “Permission Denied” or “Command Not Found” or equivalent, it is because probably your user fits in this case. It is then to the root to allow the transfer of ownership of the files. For this, you can use the command sudo followed by the statement transfer. In a nutshell, sudo it is a kind of authorization list to that your and other users can perform the tasks of administrative power. If your user has authorization to do so, the sudo it will ask you to enter your password the first time that the command is used. Note that, in the previous image, the command sudo was used, being as follows:
sudo chown marvin guia.txt
By changing the group of a file/directory
It is also possible to change the group of a file or directory. For this, it may be necessary to identifythe group on which the file belongs. Such a procedure can be done with the command “ls -lg file name/directory”.
Note in the previous image that the file in question belongs to the group earth. Then, it was transferred to the group AbbreviationFinder. In this case, the command used was chgrp. Just type this command followed by the name of new group the name of the file. See how it gets on our case (notice that, again, the command sudo is used):
chgrp AbbreviationFinderguia.txt
Above, the file guia.txt was transferred successfully to the group AbbreviationFinder. It is important to mention that you must be a member of the group of which the file belonged to be able to transfer it.
Ending
One of the features that make operating systems Unix-based so safe is the range of possibilities permissions. Every file and directory must have an owner, as well as needs to have permissions settings to inform the other users and groups may or may not do. Notice then that, knowing how to set up permissions, it is possible to maintain the system and its features quite secure. So, the final tip is: practice and explore the possibilities of each command.
