Quote:
i AM the only owner. and it says user-root and group - my name. im not a group im the user... can someone explain this please?
|
A file can be accessed by three types of users:
- the
owner of the file
- a member of the
group tot which the owner belongs
-
others = everyone else
These three are often abbreviated as u, g and o. Note that the first (u) is a bit confusing, since it stands for "owner", not "user". Similarly, o is not "owner" but "others".
If you look at the output of ls -l, you will see that every file is preceded by something like:
rwxr-xr-x
This can be split up into three parts of 3 characters each:
user rwx
group r-x
others r-x
These letters indicate the sort of permissions that people have:
r = read permissions
w = write permissions
x = execute permissions
Each of these can also be represented a a number:
r = 4
w = 2
x = 1
Thus, the permissions of a user can also be expressed by adding up the numbers:
r (=4) an w(=2) and x (=1) amounts to 7. r (=4) and x(=1) amounts to 5.
Thus, rwxr-xr-x can be written as 755. rwxrwxrwx is 777. Etc.
Now, in our example (rwxr-xr-x), the owner can read, write and execute. The group and others have only r and x, meaning that they can read and execute but not write (absence of a type of permission is indicated by a - in the relevant position). If everyone had all permissions, one would have rwxrwxrwx instead.
The meaning of "read", "write" and "execute" is different for files and directories.
Applied to a file:
read = permission to read the contents of a file
write = permission to
edit a file (does not include permission to delete or create a file!).
execute= permission to run a file
Applied to a directory:
read = permission to list the contents of a directory
write = permission to rename, delete or create files in the given directory
execute=permission to read files in the given directory and to list the contents of its subdirectories
Whether you are looking at a file or a directory is also indicated by the output of ls -l: a d in the first position means "directory", - means "file".
But who controls the permissions that apply to a file or a directory? The owner. If you are the owner, you can decide which permissions will be given to yourself, to people who are in your group and to any others. For example, if you are the owner and you have a file with rwxr-xr-x permissions but you want only yourself and your group to be able to do anything with the file, you can withdraw all permissions from "others" with the chmod command like this:
chmod 750 [file_name ] i.e. rwxr-x---
Note that you may also need to change the permissions that apply to the directory that the file is in since these also have their part to play.
This also shows why there are
three types of users (wouldn't it be enough to have just an owner and then everyone else?): there can be only one owner for a file or a directory so if we didn't have "group", it would be owner versus all the rest, which would be awfully inconvenient. Suppose that you are working on a file with a number of people but you don't want anyone else to have access. You would then withdraw all permissions from "others". But that would mean that only the owner now has permissions. Farewell team work. Fortunately, you can use the concept of a group: you just put the other team members in your group and you can then give them permissions that can be different from those that apply to the owner and those that apply to "others". Thus, if you want your team members to be able to read,write and execute, you add them to your group and then you set the permissions on the file to look like this: rwxrwx--- (command: chmod 770 filename). If they can only read and execute: rwxr-x--- (command: chmod 750 filename). Again, bear in mind that some permissions that apply to a file are determined by the permissions that are set for the directory. You always have to consider both.
In short, if there is a file you can't delete, you should check the permissions that apply to the directory it is in. If you see rwxr-xr-x root root, it means that its owned by root and that members of group root have read and execute permissions on the contents of that directory (as have "others": rwx r-x
r-x). In this case, there are two reasons that you can't delete files: first of all, you most likely don't belong to group "root" (that would be insecure) and secondly, even if you did, you would have r and x only, not the w that is required to create, delete and rename files. So the solution is to give yourself the permissions that root enjoys. Just open up a terminal and type su - and then the root password. You now are root and you can delete all that you want - providing that root has w permissions on the directory in question! But since root can do anything, root can also assign itself w permissions when required. Just bear in mind this may create insecure situations without careful planning. When you are done working as root, just type exit and you are returned to regular user status.
Some distributions do not use su - (Ubuntu comes to mind) but sudo. In that case you simply precede your command with the magic "sudo" word. Thus sudo rm file will remove file "file" that you wouldn't otherwise have permissions to delete. Sudo makes things more straightforward but not all distributions can use it out of the box.
Final caveat: if you find yourself reaching for su or sudo all the time, there is something wrong. Files and directories that require special permissions are simply not meant to be accessed by the user, at least not on a regular basis. The only time this it is required is when you need to edit system configuration files. All your other work should be done in your home directory, where you are free to do with files what you want.