Working with files in Linux – Permissions

Over the next few posts I’ll be covering three basic elements of files in Linux:

  • Permissions
  • ACL’s (Access Control Lists)
  • File Attributes

The ls command

Every file in Linux has three primary permissions settings (read, write, execute) that apply to three elements (owner, group, others).

File permissions can be viewed on the command line using the “ls” command.

[luke@testserver stuff]$ ls -l
total 0
-rwxrw-r-x 1 luke admins 0 Jun 21 19:44 file1

Looking at the output from ls -l, from left to right we can break the output into several groups as shown below. Each group separated by parenthesis.

[ (-) (rwxrw-r-x) (1)  (luke admins)  (0) (Jun 21 19:44)  (file1) ]

Let’s look at each block separately.

(-) The leading dash tells us that this is a normal file. You may also see “d” (directory), “l” (link), or “b” (block device) and a few others. but -,d, and l will cover 90+ % of the files you will come into contact with.

Continuing down the line we have (rwxrw-r-x) this should be viewed as three sets of permissions (r) read, (w) write, and (x) execute. Each of the 3 permissions are applied to the owner, group, and others (others is everyone else on the system).

In this example, the permissions read as follows

Owner: rwx (read, write, execute)

Group: rw- (read, and write). The – indicates that the group does not have execute permissions

Other: r-x (read, and execute) In this case others can read and execute but not write to the file, as indicated by the – in the “w” place.

(1) Continuing to the right we see the number 1. This number represents the link count for a file. This file has 1 link which is to itself, if we created a link (shortcut) to this file from another location then the link count would be 2 and would increase by one for each additional link.

The next two entries (luke admins) represent the file owner (luke) and the group that has permission to the file (admins).

(0) The number after the group listing is the file size in bytes. In this case, it’s 0. To see the file size in human readable form use ls -lh .

(Jun 21 19:44) This section shows the date and time that the file was last modified.

(file1) Last we see the file name.

Changing file ownership

Files in Unix-like operating systems belong to a single user (the owner) and a group. Only the root user can change the ownership of a file or directory.

To change ownership of a file use the  chown command like this:

chown <user>:<group> file

Here are a few examples:

Change user and group of a file:

sudo chown superman:justiceleague goodguy.file

Change only the user: 

sudo chown superman goodguy.file

Change only the group:

sudo chown :justiceleague goodguy.file

Changing Permissions

File permissions are changed with the chmodcommand. Permissions can be modified using two different formats, numerical and symbolic.

File permissions in Linux are coded symbolically (as letters)

  • r – read
  • w – write
  • x – execute

And Numerically:

  • 4 – read
  • 2 – write
  • 1 – execute

Each applies to the user(owner), group, and other.

For example, if a file has the following permissions

ls -lh myawesomefile.txt
-rw-r--r-- 1 luke users 9.3M Jan 21 21:43 myawesomefile.txt
  •  User – read, write
  • Group – read
  • Others -read

If we wanted to change this so that users can execute this file we can make this change in one of two ways.

Symbolically

chmod u+x myawesomefile.txt

In this example u = user and x = execute. You can remove the execute permission by changed the + to a -.

chmod u-x myawesomefile.txt

Changing permissions symbolically uses (ugoa) user, group, other, all

Give group write permission on myawesomefile.txt

chmod g+x myawesomefile.txt

Give all users execute permission.

chmod a+x myawesomefile.txt

Numerically 

Changing permissions numerically is intimidating for new Linux users but it shouldn’t be. If you can add up to seven then you should be fine.

Let’s make a new file called “USMC.OORAH” and then display the permissions.

touch USMC.OORAH; ls -lh USMC.OORAH
-rw-r--r-- 1 luke users 0 Jan 25 19:50 USMC.OORAH

So permissions are rw-r–r– (User read/write, Group read only, Others read only)

These permissions can be expressed numerically as 644 which is admittedly much higher than seven. However, this number is not six hundred forty-four. It is six, four, four.

Numerically file permissions are always Read  + Write + Execute = numerical permission

  • User – 6 (read/write because read (4) + write (2) + execute (0) = 6)
  • Group – 4 (read only because read (4) + write (0) + execute (0) = 4)
  • Others – 4 (read only because read (4) + write (0) + execute (0) = 4)
  • Remember read = 4, write =2, and execute = 1 and each applies to users groups and others user6|group4|other4 or just 644

Lets change permissions on our file to allow the group to write to the file, while keeping everything else the same. We need to add 2 only to the group portion of our permissions.

chmod 664 USMC.OORAH
ls -lh USMC.OORAH
-rw-rw-r-- 1 luke users    0 Jan 25 19:50 USMC.OORAH

What if we wanted to allow others to execute this file? Currently, others can only read which is represented by the number 4 execute is represented by the number 1. 4+1=5 so we will want to change permissions to 665.

chmod 665 USMC.OORAH
ls -lh USMC.OORAH
-rw-rw-r-x 1 luke users 0 Jan 25 19:50 USMC.OORAH

Full permission, read write and execute, is represented by the number 7 because 4+2+1 is 7. So to give the user read write and execute on our file:

chmod 765 USMC.OORAH
ls -lh USMC.OORAH
-rwxrw-r-x 1 luke users 0 Jan 25 19:50 USMC.OORAH

Of course, you can take permissions away by subtracting. To change the file back to its original permissions of rw-r–r–

chmod 644 USMC.OORAH 
ls -lh USMC.OORAH
-rw-r--r-- 1 luke users 0 Jan 25 19:50 USMC.OORAH

My next post will take this one step further and add ACL’s or access control lists to the permissions scheme which allows our permissions be become much more fine-grained and can include multiple users and groups.

School District finds cost savings and flexibility with Linux

West Branch ComputingBeing a big proponent of Linux on the desktop I was excited to have the opportunity to talk with Aaron Prisk of the West Branch Area School District, who has recently helped migrate 80% of the school district’s infrastructure to Linux. When I first heard about the district’s move to Linux I wanted to find out as much as I could about his experiences during and after the migration. This is a great story about how Linux can be used by people of all ages and technical skill while still providing a low cost and secure platform for everyday operations. I’m glad to share this story and I hope it helps advance Linux as a viable option for anyone considering an alternative to proprietary Operating Systems.


When did the idea to migrate to Linux first come under consideration and what were the driving factors behind the transition? 

Aaron Prisk: “We were approached by our superintendent in early 2013 to create a long-term technology plan. At the time, we were a Windows and proprietary software dominated school with a small handful of Linux machines floating around. Districts around us were either going the Chromebook route or forgoing laptops and investing in Windows virtual labs. After meeting with our technology committee we opted to go the 1:1 (1 device per student) route. We needed an approach that was flexible, affordable, and could be managed by our two-man IT department. My colleague and I, being long time Linux users, saw a good middle ground between those two approaches with Ubuntu. We could replicate the simplicity and security of a Chromebook, but without the vendor lock-in and lack of applications.

At the same time, we had to come up with a plan to address our aging grant purchased laptops that make up the other 65% of our inventory. With Windows, long log in times and poor performance greatly hindered their use. Moving those machines to Linux greatly improved their performance, cut out log in times and allowed them to become valuable classroom tools again.”

The Linux ecosystem is huge. With so many distributions and support options, what made you choose Ubuntu as the default platform?

Aaron: “We tossed around a few popular distro’s during the testing phase (Ubuntu, Fedora, and OpenSUSE), but ended up going with Ubuntu. We found that Ubuntu tended to handle the laptop hardware the best. Ubuntu would also receive updates for multiple years under the LTS plan, it has a huge array of packages, lots of great PPAs and is also supported by the state testing diagnostics software we use in the district.”

I understand that you did a pilot program at first. How did you select the areas to use in the pilot and what lessons did you learn from the initial testing?

Aaron: “Our first pilot was a very small deployment of 10 machines in our elementary library. We wanted to see how young students would react to a different computing environment. The test showed us that young students adapted very well to the new environment and we could pursue larger deployments in our elementary.


laptopsThe first large-scale pilot was the 9th grade 1:1 rollout. Our tech committee selected 9th grade as it provided the largest sample size of students. We opted to give the kids full root access to their devices and encouraged them to experiment with software. Our approach was to create an open campus where students were given a toolbox and not a single tool.

 

We learned early on the value of training our faculty on how best to utilize the new technology in the classroom. We saw a need to educate our faculty on the new platform, and the many education resources they could now take advantage of. We also learned the great value of our student help desk program. Throughout the process, they did an excellent job helping us image, hand out, and repair the devices.”

What were some of the biggest challenges to this type of project? Did you have any software compatibility issues to overcome? 

Aaron: “One of our biggest challenges was educating our users on how to best utilize the new operating system, and our new computing approach. Getting over that “fear of the unknown”, and encouraging the users to experiment with Linux and its many applications.

We tried to push our staff in the years leading up to the migration to use cross-platform and web based applications, specifically in productivity and education based software to help mitigate the software compatibility issues. We had some push back when it came to moving away from Microsoft Office. While LibreOffice and Google Docs are great programs, students and faculty were more familiar with the Office product line. Over time, that resistance has lessened, I think due to students and teachers growing more familiar with LibreOffice and online suites.”

Since the migration have you come across any unforeseen issues, things you didn’t anticipate?

Aaron: “Thankfully we haven’t run into any major issues, only a few minor problems. Early on we ran into a few small issues with automatic package updates. We assumed enabling automatic security update installation would help keep our laptops updated, but often resulted in broken packages.”

You say that Windows still makes up about 18% of your infrastructure. Where are you still using it and do you have any plans to transition those areas off of Windows in the future?

Aaron: “The vast majority of our staff’s machines run Windows, mostly for familiarity and some for support of proprietary software they still rely on for day to day tasks. We also have three student labs that run Windows: 2 for Computing classes and 1 for a Drafting/CAD class.

We would certainly like to migrate more machines to Linux, but it hinges on support from proprietary software that doesn’t have open source equivalents quite yet.”

Tell me a little bit about your in-house spin on Xubuntu “CorvOS 1.0”.

Aaron: “In our first year of migration, we ran Edubuntu on the 600+ cart laptops. It served us well, but we ran into limitations and bugs with the Gnome Fallback Session and the Edubuntu project seemingly died after the 14.04 release. After researching other education-oriented distro’s and spins, I figured I could take the feedback I got from students and faculty and tweak Xubuntu into a well-functioning replacement.

Computer LabThe name corvOS is a play on “corvus” the scientific name for the crow and raven family of birds. My goal was to create an extremely easy to use, kiosk like distro that would be easy to use for students, and easy to manage for administrators. I made a handful of XFCE tweaks, installed a bunch of great educational tools and used some clever Bash scripts that keep the desktop experience consistent. It was during this time that I saw a need for a simple way to manage the devices and came up with the idea of Lagertha.

I found that spinning my own distro was not only a ton of fun but gave me the opportunity to build something that I know would best fit the district’s needs. I’d love to distribute corvOS, but I’m still unsure of the best way to do so. My goal would be to make it easy for a non-Linux savvy individual to install and use it in their district. At the very least, I may make a script that simply converts Xubuntu into a working corvOS box.”

Going open source has allowed us to save money, expand access, and provide a more secure computing environment.

What is Lagertha and how is it being used in the school district? How might someone get involved in contributing to the project?

Aaron: “Lagertha is a web based tool I made for simple management of our corvOS machines. We use it to manage the packages installed on our corvOS devices and make changes to them as we need. With Lagertha you can:Lagertha

  • Install Packages
  • Remove Packages
  • Update Packages
  • Change Desktop Wallpapers

 

Like corvOS, I wanted it to be exceptionally easy to use so a Linux newcomer could use it in their business/district.

I’m not a programmer by trade, so I would love if others wanted to get involved. I have plenty of features that I’d love to add, but don’t always have the time or skill to do.” (The project is located here: https://github.com/aaronprisk/lagertha)

Do you have any advice for other school districts or businesses that are considering a transition to Linux?

Aaron: “First, I would tell them that Linux isn’t as scary as it used to be. Linux still has a stigma that it’s difficult to use and is only suited for power users, but that’s not the case anymore. I work with a user base ranging from 5 years old to 65 years old and I see them both being able to use Linux machines with ease. Going open source has allowed us to save money, expand access, and provide a more secure computing environment.

For the technology admins in particular, since moving the majority of machines to Linux, our technical issues have gone WAY down and we’ve been able to breathe life back into our legacy devices.”

I want to say thank you to Aaron Prisk for taking the time to share this story with me and for being so willing to answer my questions. I’m glad to see that the West Branch School District has had such a successful implementation of Ubuntu, due in no small part to the patience, persistence, and skill of Aaron and his colleagues. For anyone capable and interested in helping out with Lagertha please check out Aaron’s github for the project: https://github.com/aaronprisk/lagertha.