<div style="color:red;background-color:black">
Diamond Light Source

<h1 style="color:red;background-color:antiquewhite"> Linux Introduction: Permissions</h1>  

©2000-24 Chris Seddon 
</div>

# Linux Permissions

In Linux, files have 3 sets of permissions:
* for the owner of the file (user)
* for the owner's group (group)
* for everyone else (other)  

You can use the 'ls' command to see these permissions.    
Let's create some files and look at their permissions.  But first, let's create a directory for our work:

In [None]:
cd
mkdir play
cd play

We can create an empty file using the 'touch' command.  This command was really meant to be used in a different context, but is handy here and saves having to use an editor to create files.

In [None]:
touch f1 f2 f3 f4

This creates 4 empty files:

In [None]:
pwd
ls -l

The ouput of `ls -l` is interpreted as follows:
* column 1 indicates the file type.  - indicates a regular file, d indicates a directory.  Other types exist.
* the next 9 characters for the file permissions.  These permissions are split into 3 groups of 3.  The first group is for `user`, then `group` and finally `other`.  In this case each file has been created with the same set of permissions: rw-rw-r--
** user = rw-  
** group = rw-  
** other = r--  
The 'r' and 'w' permission are obviously read and write permission.  
There is also 'x' permission for command files that can be executed.
* immediately after the permissions is the link count of the file (1).  Every file can have multiple names and this count shows the number of such names.
* next comes the owner of the file
* followed by the group to whom permissions apply
* the zero indicates the file size in bytes - recall we created empty files
* then a time stamp when the file was last edited
* finally we have the name of the file  

We can find out which permission apply to ourselves and our group.  
First, what user am I?

In [None]:
whoami
id -u

This shows your user name and the id associated with this name.  

You can check which groups you belong to (and their ids):

In [None]:
groups
id -G

You can moved between groups.  To find the current group you are in:

In [None]:
id -g -n
id -g

You might be wondering why new files are created with the above set of permissions.  

This is controlled by the `umask`.  The idea is to create new files with a sensible set of permissions, for example, so that you and members of your group can read and write to the files, but everyone else is restricted.
We can see the value of our `umask` setting with:

In [None]:
umask
ls -l

The umask is displayed as an octal number.  The permissions can also be expressed in octal using the following scheme:  
    r = 4  
    w = 2  
    x = 1  
The `umask` is the upside down mask - it tells you what permission you <b>don't</b> get!  

<b>The `umask` is only used when a file is created.  It is not used subsequently.</b>

The files above all have permissions: rw-rw-r--  
* the file owner has 'rw' permission; this is represented by octal 6 (r+w=4+2)  
* the groups also have 'rw' permission; octal 6 (r+w=4+2)  
* and others have only 'r' permission: octal 4 (r=4)  

then the total permission will be octal 664.  

When a file is created, the sum of the `umask` and the permissions always comes to 666:

    umask = 002
    permissions = 664
    TOTAL = 666

Let's set the `umask` and create some files to check this out:

In [None]:
umask 044
touch g1 g2 g3 g4
ls -l g?

The new files have permissions: rw- -w- -w-  
In octal this amounts to a permission of 622.  
Note that the sum of the umask (044) and the permissions (622) on g1, g2, g3 and g4 comes to 666:  

>   umask       = 044  
    permissions = 622  
    TOTAL       = 666  

Recall, iI you change the `umask` it will only affect new files:

In [None]:
umask 024
touch h1 h2 h3 h4
ls -l

Note that the sum of the `umask` and the permissions on h1, h2, h3 and h4 still comes to 666:  
>    umask       = 024  
    permissions = 642  
    TOTAL         666  
    
The other files are unchanged.

That begs the question of how can you change the permissions of existing files. Use the `chmod` command:

In [None]:
chmod 666 g1 g2 g3 g4
ls -l g?

Here we have changed the permissions on h1, h2, h3 and h4 to octal 666 or rw-rw-rw-  

We can also make the files executable by adding the *x* permission:

In [None]:
chmod 777 g1 g2 g3 g4
ls -l g?

*chmod* also allows us to use symbolic permissions.  For example:

In [None]:
chmod +x f1 f2 f3 f4
ls -l f?

The <em>+x</em> switches on the <em>x</em> permission.  We can also use <em>r</em> for read and <em>w</em> for write.  
Let's switch on the write permissions for some files

In [None]:
chmod +w f1 f2 f3 f4
ls -l f?

The *umask* and *chmod* commands also apply to directories, but they work slightly differently.  This is because the <em>rwx</em> permissions mean different thing when applied to directories.  For directories:    
>  r = permission to read directory contents (ls will work)  
   w = premission to modify directory contents (mv, rm will work)  
   x = permission to access directory (cd will work)  

When using *umask* with directories the permissions + umask = 777.  
Let's create some directories to check this out:

In [None]:
umask 044
mkdir d1 d2
ls -ld d1 d2

Note that d1 and d2 have been created with permissions 733; we need to use the `-ld` option on `ls` to see permissions on directories.
> umask = 044  
  permissions = 733  
    TOTAL = 777  
    
Again, change the `umask`:

In [None]:
umask 023
mkdir d3 d4
ls -ld d3 d4

Note that d3 and d4 have been created with permissions 751.  
> umask = 023  
  permissions = 751  
    TOTAL = 777  
    
We can use *chmod* to change these permissions:

In [None]:
chmod -r d3 d4
ls -ld d3 d4

That completes this tutorial; all that is left is to remove the files created in this tutorial: 

In [None]:
rm -rf play