A common error encountered by developers is an access error:
touch /etc/myfile
touch: cannot touch '/etc/myfile': Permission denied
It says that the current user does not have permission to create files in the /etc directory. Why? Let's get to the bottom of this.
In addition to the user and group name, each file is associated with access rights: r — read, w — write and x — execute. And these rights are set for three types of users: The owner, the users belonging to the same group, and Others (those who are not included in the previous two). Let's look at an example:
# Example of a line from the output of the ls -la command
-rw-r--r-- 1 kirill.m kirill.m 3771 Aug 31 2015 .bashrc
The entry on the left represents one of the options for describing permissions. For legibility, let's divide this entry into groups of characters - rw- r-- r--. The first character - in this entry indicates that we are looking at a file. This is followed by three groups, each with three characters. Each group describes accesses for different types of users. The first describes the access rights for the owner of the file. rw- means that the owner of this file can both read (r) this file and write (w) to it. The last dash means that the file cannot be executed. Execution is marked by x and will be discussed in the next lesson. No matter what file or directory we are looking at, the order of permissions in this group is always the same read-write-execute, and a dash means this right is not available.
The next group of permissions applies to those in the group kirill.m, since that is the group this file belongs to. The r-- entry states that access is read-only, and modification is forbidden. The same applies to those who are not in this group, that is, the set of rights of the latter two is the same.
Try answering this trick question: Who can delete this file? To answer this question, it is important to know the owner, group and permissions of the directory where the .bashrc file is located. The file itself cannot designate the rights to its deletion, they are always taken from where it is located. You can only delete a file if you have the ability to write to this directory (according to what type of user you are).
ls -la /home/ | grep kirill
drwxr-xr-x 5 kirill.m kirill.m 4096 Aug 29 11:34 kirill.m
The home directory has other rights. The first difference is d instead of - at the beginning. d indicates that we have a directory in front of us. The rights for the owner are rwx, and for everyone else, they are r-x. From this description you can see that no one but the user can write to the user's home directory.
What is x in relation to directories? This right allows you to navigate to a directory and access all the files and directories in it. You can access these files as long as they are readable, or writable, or executable: for example, if you put a readable file in the directory with the x right, you can read that file. If you remove the x right from the directory, you will not be able to access the file at all.
But then what is reading? Here, everything is more intuitive. A directory is essentially a list of files, so the right to read allows you to read this list of files, namely, to display a list of file names contained in the directory. However, if you want to see not just a list of file names but a list with additional information (as with ls -l), you also need the x right, because in this case, you have to refer to the files for their metadata (owner, group, modified date, rights, etc.). In any case, without r rights to the directory you cannot see its contents.
The literature (articles, books, manuals) sometimes uses a different way to describe access rights: 755. This is not one number, but three numbers, each representing the group rwx for our user types in the same order: for the owner, the members of the group and everyone else. 0 — means that there are no rights for this user type.
| A | B | C | D |
|---|---|---|---|
| # | Permission | rwx | Binary |
| 7 | read, write and execute | rwx | 111 |
| 6 | read and write | rw- | 110 |
| 5 | read and execute | r-x | 101 |
| 4 | read only | r-- | 100 |
| 3 | write and execute | -wx | 011 |
| 2 | write only | -w- | 010 |
| 1 | execute only | --x | 001 |
drwxr-xr-x in numerical form corresponds to 755, and -rw-r--r-- — 644.
However, the root user is outside this system. They doesn't care about permissions - a superuser can do anything.
