Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to give full permission for the user to use the directory. However, he should not have access to edit the file which I have created in the directory eg abc.
Dir name: XYZ ( full permission)
file name: ABC ( only read permision he should not be able to edit it)
and only root should have full permission to read and write.
Read the manuals for the commands chmod and chown:
man chmod
man chown
You can also consider different group permissions and ownerships. Root does always have full permissions by default.
In your case the folder permissions could be set with "chmod 777" to have it read and write for anyone (you did not tell who shall own it). For the file you could set chmod 644 so that only the owner of it the has write permission and all other can only read it.
I am using RHEl 5.
I have created a user and touched a file say abc. I want to give full permission for the user to use the directory. However, he should not have access to edit the file which I have created in the directory eg abc.
Dir name: XYZ ( full permission)
file name: ABC ( only read permision he should not be able to edit it)
and only root should have full permission to read and write.
What is the command to do so.
Read the man page on the chmod command (type in "man chmod" at the command prompt), and the chown command ("man chown"). Pay attention to the group that the user is in, and the group/owner of the file and the directory. Those hints and the man page should be what you need.
This sounds like a verbatim homework question, and this is covered in the LQ Rules. If you're stuck, post what you've tried and what results you've received, and we will be happy to HELP you.
Setting the file to 755 will add execute permissions, which are not needed in this case. So the correct number to use with chmod should be 644 instead of 755.
I see the need to inform a little bit more about making files executable, especially if root is the owner of a file..
If the file is executable by all (755) and it contains code, it can lead to quite nasty things since root has the power to do just about anything. Imagine the file containing the code "rm -rf ~.thunderbird", then if a user doubleclick on that file in a filemanager, it will execute the code that in this case will wipe out the whole .thunderbird directory with all saved emails for the user in question. So never make a file executable if it is not meant to be that, and especially if the root is the owner of it.
File permissions and ownerships can be really complicated. Normally an executable file is run as the user running it, with the permissions of that user, but you can also set it to run as the owner of the file, it is called setuid, and now things can get really dangerous if the root is the owner. If you do chown 4755 and the file contains the code "rm -rf *.*" then any user running it will wipe out everything on all your harddisks and all removables that are mounted writeable. So be careful and use permissions with extreme caution if you do this as root, especially on files owned by root.
If you want a directory world writeable, as you wrote, i recommend that you also set the sticky bit. If you apply the sticky bit on the directory, users can do anything they want with files they create, but they can't write to or delete files which they didn't create. Neat feature. You do this to a directory like this: chmod 1777
Here is a little good piece written about these little more advanced permission features:
Yea I know. I have given that 755 only to facilitate the OP's experimentation as he seeks also something about directory "xyz/" which should he fail to set it executable he might all the more get confused why he cannot list the directory file; this is quite confusing to a newbie but he should learn the difference between a directory (that needs +x) and a file that only need +rw. 666 or 744 would still be workable to a file though, but if mistakes that to a directory he might be confused why he cannot list.
TobiSGD and Steelneck: Thank you for that reminder and I hope the OP will seriously take note on your positive criticism as an indispensable aspect of system security management.
What are user's groups and directory/file's group? Also specify whether user is owner of the dir./file or not.
Meanwhile, one more thing is sticky bit, which will be very useful in your case. But first share output of:
ls -ld XYZ
And
ls -l ABC
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.