File system access rights Linux Tutorial #6 Linux provides file system security using a three- level system of access rights. These special codes control who can read/write/execute every file and directory on the system. There are several Linux commands for viewing and modifying access rights. We will start with viewing. In your Linuxstuff directory, type % ls - l The - l flag stands for long listing and will cause the ls command to tell you everything it knows about the files in your directory. For example, you might see something like this -rw-r----- 1 csce_user csce_user 20 Jan 4 09:15 list1.txt -rw-r----- 1 csce_user csce_user 26 Jan 4 09:16 list2.txt Each output line describes one file in detail, and is divided into seven parts The file system access rights string (- rw- r- - - - - ) The user name of the owner of the file (csce_user) The name of the group that owns the file (csce_user) The size of the file in bytes (20) The date the file was created (Jan 4) The time the file was created (09:15) The name of the file (list1.txt) The file system access rights string is 10 characters long, consisting of the symbols d, r, w, x, -, and occasionally, s or S. The first character of this string will either be a d indicating that this is a directory, or a - indicating that this is a file. The next 9 symbols indicate the file permissions, or access rights, and are taken as three groups of 3 characters. The leftmost group gives the permissions for the user that owns the file The middle group gives the permissions for the group that owns the file The rightmost group gives the permissions for all other users on the system. The symbols r, w, x, -, have slightly different meanings depending on whether they refer to a simple file or to a directory.
Access rights on files The 3 character access rights string tells the system who can do what to each file. r indicates read permission, that is, permission to read and copy the file w indicates write permission, that is, the permission to change or delete a file x indicates execution permission, that is, the permission to execute a file If any of these fields is a - character, it means that the user does not have permission to perform that action. - read permission, means the user can not read and copy the file - write permission, means the user can not change a file - execution permission, means the user can not execute a file Some examples: -rwxrwxrwx a file that everyone can read, write and execute -rwx------ a file that only the owner can read and write and execute -rw-r----- a file the owner can read or write, the group can read Access rights on directories The 3 character access rights string tells the system about directory permissions. r means that user may list files in the directory w means that users may delete files from the directory or move files into it x means the right to access files in the directory, and may read files in the directory provided you have read permission on the individual files If any of these fields is a - character, it means that the user does not have permission to perform that action. - read permission, means the user can not list files in the directory - write permission, means the user can not delete files from the directory - execution permission, means the user can not access files in the directory So, in order to read a file, you must have execute permission on the directory containing that file, and hence on any directory containing that directory as a subdirectory, and so on, up the tree. Some examples: drwx------ a file that only the owner can read and write and execute dr-xr-xr-x a directory that everyone can read and execute
chmod (changing a file mode) Only the owner of a file or directory can change its access rights permissions. The Linux command to do this is chmod, which has a lot of command options to change the permissions of a file. The options of chmod are as follows Symbol Meaning u user g group o other a all r read w write (and delete) x execute (and access directory) + add permission - take away permission For example, to remove read write and execute permissions on the file list1.txt for the group and others, type % chmod go- rwx list1.txt This will leave the other permissions unaffected. To give read and write permissions on the file list2.txt to all and see the new file permissions, type % chmod a+rw list2.txt % ls - l You should now see the following -rw------- 1 jgauch jgauch 20 Jan 4 09:15 list1.txt -rw-rw-rw- 1 jgauch jgauch 26 Jan 4 09:16 list2.txt
ps (process status) A process is an executing program identified by a unique PID (process identifier). To see information about your processes, with their associated PID and status, type % ps You should see a short list of commands that are currently executing, including your login shell and the ps command itself. To get more information about your processes, including the start time, run time, percentage cpu and percentage memory you are using, type % ps ux If you are really curious, you can find out information about all of the processes that are running on your computer by typing % ps aux This will produce a very long list of user commands and Linux processes that are currently sharing your computer. At this point, only your system administrator really needs to know what all of theses commands are doing. A process may be in the foreground, in the background, or be suspended. In general the shell does not return the Linux prompt until the current process has finished executing. Backgrounding a process ( & ) Some processes take a long time to run and hold up the terminal. Backgrounding a long process has the effect that the Linux prompt is returned immediately, and other tasks can be carried out while the original process continues executing. To execute a command in the background, type an & at the end of the command line. For example, the command sleep waits a given number of seconds before continuing. To execute sleep, type % sleep 10 This will wait 10 seconds before returning the command prompt %. Until the command prompt is returned, you can do nothing except wait. To run the sleep command in the background, type % sleep 10 &
The & runs the job in the background and returns the prompt right away, allowing you do run other programs while waiting for that one to finish. When you background a command, you will see a message similar to the following [1] 6259 This line gives you the job number (1) and PID (6259) for the command. When the background process finishes, the operating system will print a message saying the command is done. bg (background) Backgrounding is useful for jobs which will take a long time to complete. Sometimes we forget to type in the & when we start a program, and after waiting a few minutes we decide we want the program to finish in the background. The bg command will let us do this. At the prompt, type % sleep 100 You can suspend the process running in the foreground by typing ^Z (control z). Then use bg to put it in the background. For example, type ^Z (control z) % bg Now the sleep command will run in the background for 100 seconds, and when it finally finishes you will get a message from the operating system. Note: It is not a good idea to background programs that require user interaction such as an editor. The background job will wait for user input and may never finish. jobs When a process is running, backgrounded or suspended, it will be entered onto a list along with a job number. The jobs command will let you find out what processes are running in the background. To create several background jobs, type % sleep 100 & % sleep 200 & % sleep 300 &
Now to see what is happening with these commands, type % jobs You should see output similar to this [1] Running sleep 100 & [2]- Running sleep 200 & [3]+ Running sleep 300 & If you wait 100 seconds, and type jobs again, you will see that the first job is no longer on the list, and the other two jobs are still running in the background. fg (foreground) Sometimes we want to take a program out of the background and run it in the foreground again. For example, if we accidently background a program that requires user input, we need to bring it back to the foreground so we can type input. To do this, we can use the fg command followed by the job number. For example, if we start several background jobs again by typing % sleep 100 & % sleep 200 & % sleep 300 & We can restart job 1 (the sleep 100 command) by typing % fg 1 To put this job back in the background, type ^Z (control z) % bg Typing fg with no job number foregrounds the last suspended process. kill (terminate a process) It is sometimes necessary to kill a process (for example, when an executing program that is in an infinite loop). The easiest way to kill a job running in the foreground is to type ^C (control c). For example, type
% sleep 100 ^C (control c) We can use the kill command to terminate a suspended or background process. One way to do this is to specify the job number after a % character. For example, type % sleep 100 & % jobs If the sleep 100 command is job number 4, we can terminate it by typing % kill %4 To check whether this has worked, examine the job list again to see if the process has been removed. Alternatively, processes can be killed by finding their process numbers (PIDs) and using kill followed by the PID number. To see how this works, type % sleep 100 & % ps You should see something like this PID TTY TIME CMD 25130 pts/3 00:00:00 bash 25908 pts/3 00:00:00 sleep 25909 pts/3 00:00:00 ps To kill off the process sleep 100, type % kill 25908 You can type ps again to see if it has been removed from the list. Sometimes a process will have something strange going on, and refuse to be killed using just the PID. In this case we need to use the kill - 9 PID option. Note: It is not possible to kill processes that were started by other users (unless you are the system administrator). If you ever see a process running in the background for hundreds of hours, you should email the administrator so they can kill it.
Summary Command Meaning ls - l list access rights for all files chmod [options] file change access rights for named file ps display process status information command & run command in the background ^Z suspend the job running in the foreground bg background the suspended job jobs list the current jobs fg %1 foreground job number 1 ^C kill the job running in the foreground kill 123 kill the process number 123 Author: M.Stonebank@surrey.ac.uk, 9th October 2000 Edited: jgauch@uark.edu, January 2015