In recent years Gnu / Linux operating systems have changed a lot, making their appearance friendlier for the novice user and allowing many processes that were done only through the cold terminal console to be done from a desktop or graphical screen.
However, there are processes and tools that are useful to us to know and know how it works even if we like to work with the graphic mode or only with the terminal. This is the case of permissions to users and groups, a system that in Gnu / Linux works as a great security and privacy tool for our data.
As they exist in many other operating systems, in Gnu / Linux there is the possibility that certain files and folders may be restricted to certain users or that they are only available to certain users. In addition, in this case, this functionality goes much further with groups, so that in the same operating system we can have several types of users and assign certain privileges or certain actions to some user groups or others.
In any Gnu / Linux system all files and folders have three types of permissions: read permission, write permission and execute permission. If we have a file with read permission, we can read and view the file but we cannot modify it and we cannot execute it. If, on the other hand, we have execution permission, we can execute the file, but we cannot see or modify it. And finally, if we have write permission, we can modify a file but we will not be able to read or execute it.
These three options can be used as a form of security system, thus, we can assign that operating system files cannot be modified by anything other than an administrator. This would mean that only the administrator can modify system files, making it possible for users and programs run by these users to modify system files. We can also use it to restrict access to files, that is, if we have important files and if we are also the administrator, we can make access to certain files impossible or almost difficult to do.
We have commented that in Gnu / Linux we have the possibility of giving permissions to user groups. This option does not seem to be very useful in personal teams that only use one or two people at the most, but it is very useful and important in professional settings. Many network and system administrators use this Gnu / Linux feature to associate Linux groups with departments or functions of a companyThus, a user can be in a department or a certain function and this relate him to a group which will have access corresponding to his functions, such as making backup copies or publishing web pages or simply accessing a folder with financial documents of the company. The possibilities are many if we have a little creativity.
In all Gnu / Linux distributions we find this function. We can modify and customize it via terminal or graphically. Although we have to say that the latter usually varies depending on the distribution and the file manager that we use, although it is still just as easy to do in all of them.
How to do it through the terminal
Permission changes through a terminal is very easy, the most complicated thing we will find in this process is to know the different codes to assign the corresponding permissions.
When we list or search for information about a file, a code very similar to the following will appear in the terminal:
-rwxr-xr-xTo understand this code, we must first remove the first character, which tells us if it is a file (-), a directory (d) or a symbolic link (l). We have to divide the resulting code into groups of three characters, which will give us three parts.
The first part tells us what the owner of the file can do with the document. The second group of characters tells us what the user group can do with that file and the last group of characters tells us what the rest of the users who are neither the owner nor belong to the same user group can do. In the three groups of characters we will find the letters that tell us if it can be read (r), executed (x) or modified (w).
Now, let's imagine that we want to change the permissions of a document. If we want to do it through the terminal we have to use the chmod command followed by the permissions that we want to assign it and the file to which we want to modify the permissions.
If we want the file to be able to be read and written by a user, then we have to execute the following code:
chmod u+rw movilforum.odtIf what we want to do is that the file can be executed by a user, then we have to write:
chmod u+rx movilforum.odtAnd if what we want is that the file can be read, modified and executed by a user, then we have to execute the following code:
chmod u+rwxWe can do this in the same way in groups and in others. To do this, we have to change the first letter of the previous code to G if we want the changes to be applied to groups or O so that the changes are applied to others. When using the terminal, the reference to the group will be to the group to which we belong and to others it will be to whom we do not belong.
There is also a faster way to give permissions with the terminal. This method consists of using the same command but we will use numbers to enable the permissions. The number for reading is 4, the number for writing is 2 and the number to execute would be 1. We can also modify the user, group and others permission at the same time, making each number represent a group of characters. And the number that we use will be the sum of the numbers of those permits. Although it seems that this is very confusing when you see the code, it is very simple:
chmod 776 movilforum.odtThis means that we give full permissions to the user (it is the result of adding 4 + 2 +1), the second 7 will be the permissions relative to the groups and the 6 would be the corresponding to others (4 + 2 and 0 in execution, that is that is, it cannot be executed.)
Change file permissions graphically
The changes of permissions in files and folders in a graphical way is even easier since in all the file managers it is similar and it is not done through codes but through drop-down menus with all the options developed.
To do this we have to select the file or folder to which we want to modify its permissions.
We right-click on it and we go to "Properties", a screen will open in which a tab that says "permissions" will appear, we go to it and the current permissions that that file has will appear. All you have to do is select the option we want in each type of permission and that's it.
In the event that we want to change the permission of a system file or a file to which we do not have permission, we will have to do it as administrator, the user who has all system permissions. To open the files as an administrator, we just have to execute the sudo command followed by the name of the file manager.
These would be the ways we have to control permissions and rights on files and folders in Gnu / Linux. Its management and use is really very useful, being a security tool very effective that few users know what they have available for free. So what better opportunity than to take advantage of the time now to review the permissions of those files that we have so important in our operating system.