Permissions

[00:00:00]
>> James Halliday: Maybe now would be a good time to talk a bit about permissions. Every file on a Unix system has permissions. And how it works is there are three main categories of permissions that you can grant. There's three kinds of permissions, and three categories. So there's this notion of the user, the group, and other, or everybody.

[00:00:28]
And these are specified by the shorthand U for the user, which is the owner of the file, G for the group, which is the group of the file, and O for other, which is anybody else on the system. So, if you do ls -l, you can see the permissions for any file.

[00:00:48]
In this case, a lot of systems these days especially, will create a new group called the same as your user names, so it's a little bit confusing sometimes. But if I go somewhere else on the system, like if I ls -l says it also by the user group.

[00:01:07]
Maybe there's a better spot, let's see maybe in etc somewhere.
>> James Halliday: Okay so a few of these things like this is the user and this is the group, its shadow.
>> James Halliday: So this second piece here, this is the user, the group. This bit right here, is the permission.

[00:01:27]
So how you read this is, it goes, U, G, O, so this is the user. So the owner of the file, the first one of these bits, this column, has these permissions. The user sub stack can read and write to this file. The group sub stack can only read to the file, but not write to the file, and everybody else can only read that file.

[00:01:53]
They can't write to it, and they can't execute it. So there's also this other piece of the permissions, which is called the executable bit. And how that works is for a directory, if the executable bit is set it's an x here, then that means that you can list the directory contents.

[00:02:16]
So here if I ls logs I see the contents. If I chmod -x logs, and try to ls logs, I get Permission denied. But then it does it anyways, that's weird. [LAUGH] Probably because I probably have to do it like this.
>> James Halliday: Yeah, and you can set it back.

[00:02:46]
For scripts you might recall that a moment ago we did chmod +x, and the name of our script because we wanted to execute it. So here, that script logger has its executable bit set, and that just means that you can run it as a program. So for files the executable bit means that you can run it, and for directories the executable bit means that you can list the contents.

[00:03:13]
>> James Halliday: If you wanna see what groups your user is in, you can type groups, and then you see a list of stuff. So, these are kinda standard things. I have access to the video, the audio, cdrom device, I guess they still have that in computers, also, bluetooth. So the permissions in /dev for example, are more interesting.

[00:03:39]
Because the user might be group, but then you can set different groups that users are members of. If someone is a member of the tty group, they can read and write depending, to these tty devices, or they can read and write to different kinds of dial out, whatever that means.

[00:04:00]
It looks like it's for serial devices.
>> James Halliday: Lots of stuff there.
>> James Halliday: Right so the basic thing to remember, is that it goes user, group, other, ugo, and then read, write, execute rwx. So there's a way to set this with numbers that you might have seen before like chmod 644 or whatever.

[00:04:29]
These correspond to the rwx in octal, which is kind of confusing. So how that works is the first number is the user, the second is the group, the final is the other, and then you have to think in binary for a bit. I don't usually use the octal codes, but you might, see stuff on the internet especially, that's written out in octal, so it's just good to know how it works.

[00:04:55]
And how it works, is you add 4 for writable. So 4 for write, I think 2 for read, and 1 for execute. And you can figure out what it means by decomposing the numbers into these. So, how that works for example is if a file is gonna be readable and writable, that would be 4 plus 2 is 6.

[00:05:24]
If a file is gonna be readable, writable, and executable, that would be 4 plus 2, plus 1, is 7. If a file is gonna be say, readable and executable, that would be 2 plus 1 is 3. That's basically how the octal permissions work. And then, it goes user, group, other.

[00:05:49]
>> James Halliday: Right, so there's more written in the notes if you need to consult that piece. And we've already used the chmod command, but this is how you can set permissions. So why don't we go ahead and use that a bit more. So if you ls -l, now if I wanna change the permissions.

[00:06:09]
For example, say I wanna add write permission to the group for that file 2017 whatever, .log. So I can do g, and then I wanna grant it, so I can do +w for that file. Now if I ls -l, I see that the group before didn't have write permission, but now it has write permission.

[00:06:31]
If I wanna take that permission away, I can do minus. And that is great, you can also stack the command. So if you wanna grant like say, group and other permission at the same time, you can do go or og, +w. You can also stack the readable and executables in a single go like this.

[00:06:55]
Sort of just a little bit of shorthand that is sometimes handy. If you wanna revoke everything, you can.
>> James Halliday: Do that as well.
>> James Halliday: Right.
>> James Halliday: So, just rwx and ugo, user, group, other. And plus and minus, and you just can string those together however you like.