next up previous
Next: Exercises to Learn the Up: Using the Physics Network Previous: Filename Substitution

Security: users, groups, & permissions

Each user has a `username'--your account name, which you used to login. Your username also has a unique user number which you never see. It is by this number that the system keeps track of you. Every file present is owned by someone (the `user'). Typically, whoever initially creates the file is its user (owner).

Each user also belongs to one or more `groups'. The groups are typically names we can read, but once again, the computer keeps track of the groups by assigning a special number to each group name. Each file, in addition to having an owner, also belongs to a group. Typically, the file belongs to the default group of the person creating the file--all physics users are by default in group fizusers.

Files have three kinds of `permissions' (access privileges): Read, Write, and Execute. Naturally binary executables (`programs') should be executable. But even directories must have execute permissions for the owner so they can be listed (a form of execution). You can decide whom you will allow to do each of these things. In particular, separate permissions can be defined for the user of the file (indicated by `u'), the members of the group (indicated by `g') to which the file belongs, and all other (indicated by `o') users.

To change the permissions on a file, use the chmod command. To change the group to which a file belongs, use the chgrp command.

You cannot chmod or chgrp a file if you are not the owner (user) of that file. Similarly, you cannot chgrp a file to a new group, unless you belong to that group. So you don't know which group you belong to? Use the apropos command to discover what command to use to find out.

How can you tell what access permissions have been assigned to a file? Try the command ls -l. You will get one line of output for each file. It might look something like this:

-rwxr-xr-x 1 truskell fizusers 1217 Feb 21 18:11 .emacs

The first character indicates whether or not the file is a directory. The next three characters refer to the read, write and execute permissions of the file for the user. The next three refer to members of the file's group, and the last three to all other users. (The number 1 indicates how many references (by other files) are made to the listed file. The next entry, truskell is the user of the file, followed by the group to whom the file belongs. The number 1217 is the size of the file (usually in bytes) As you have probably guessed, Feb 21 18:11 is the time the file was last changed And finally, we have the actual name of the file .emacs (So-called ``dot files'' such as .emacs are generally used to initialize an appllication with a particular user's preferences.)

Your favorite GUI file manager can also provide most of this information, probably in an easier-to-read format, as well as allow you to change file permissions.

next up previous
Next: Exercises to Learn the Up: Using the Physics Network Previous: Filename Substitution
David Wood 2007-06-25