Read and write privileges on *nix systems

[DarrylLicke]

Okay I am not a Sys Admin...I'm a programmer. But since I'm doing consulting work I have to wear a few hats....so....

HELP!!!

I've been tryng to set up Subversion to use are our versioning software but it's turned into a "learn system administration, apache, and Mac OS X (bsd underneath)" instead.

I'm pretty much stuck trying to figure out what read and write priveleges the www user has as I'm going to change the User/Group directives in Apache to www/www. I've been using the O'Reilly Frisch book on system administration and that got me to the /etc/group file but beyond that I'm stuck.

As it stands now all my files are have root/wheel user/group setttings?

any ideas?

 

[drag]

I donno what your asking.

Do you want to see what permissions are being used?

Use the 'ls -l' command to look at files or files in directories. Use ls -ld to look at directories.

Permissions are presented in a:
rwxrwxrwx username group
format.
3 sets of rwx, The first set is permissions for owners, the second is for group membership, and the third is for everybody else. If you see a letter they have that permission, if you see a - they don't.

To change permissions you use the chmod command. See the man file.

The only difficult part is remembering the numbering pattern.
4 = read, 2 = write, 1 = execute.

You add them together to get what you want. What read only then that's 4. What read and write? Then that's 6. What read and execute, then that's 5. What read write and execute then that equals 7.

Then it's 3 sets of number..

So if you want read, and execute for everybody, but what write permissions also for group and owner then you'd go:
chmod 775 filename

For directories 'execute' means that you can descend into that directory and use it.

Hope that helps.

 

[cleverhandle]

Originally posted by: DarrylLicke
I'm pretty much stuck trying to figure out what read and write priveleges the www user has as I'm going to change the User/Group directives in Apache to www/www.

This would be better phrased as "what files grant permissions to the www user or group." No privileges are assigned in /etc/passwd or /etc/group - those files basically just hold some identifying information about the account (name, password, group membership, etc.). It's the permissions set on the files that determine what a particular user or group can do. If you've been reading anything, you should have already found that each Unix file has three kinds of permissions (read, write, execute) for three different sets of users (owner, group, everyone). So if a file's permissions (as shown in an ls -l) are root, wheel, rwxrw-r--, that means root is the owner and has rwx permission (all of them - read, write, execute), anyone in the wheel group has rw- (read and write, but not execute) permissions, and everyone else has r-- (read only) permissions. That's not a realistic example, BTW, just illustrative. Directories look the same and have permissions set in the same way, but the meaning of r, w, and x are slightly different than for files.

If you're changing the apache user to run as www/www, then you'll want to make sure that any files that apache will be reading have appropriate permissions. So either the files should belong to the user or group www, or else "everyone" need read permission.

I would highly recommend exploring permissions by poking around in a shell before setting up Apache. As root, make a test directory and some test files somewhere, create a new regular user, and see what that user is allowed to do to those files. As root, play around with the permissions using chmod and chown so that you can see the effects the different bits have on the user's access. I think you'll find it's pretty simple if you stay concrete.

Lot's more reading and details can be in many, many places - the Frisch book is a good place to start. Here's a brief online summary.

 

[DarrylLicke]

Originally posted by: cleverhandle

Originally posted by: DarrylLicke
I'm pretty much stuck trying to figure out what read and write priveleges the www user has as I'm going to change the User/Group directives in Apache to www/www.

This would be better phrased as "what files grant permissions to the www user or group."

correct. That is what I'm asking.

Originally posted by: cleverhandle

Originally posted by: DarrylLicke
No privileges are assigned in /etc/passwd or /etc/group - those files basically just hold some identifying information about the account (name, password, group membership, etc.). It's the permissions set on the files that determine what a particular user or group can do. If you've been reading anything, you should have already found that each Unix file has three kinds of permissions (read, write, execute) for three different sets of users (owner, group, everyone). So if a file's permissions (as shown in an ls -l) are root, wheel, rwxrw-r--, that means root is the owner and has rwx permission (all of them - read, write, execute), anyone in the wheel group has rw- (read and write, but not execute) permissions, and everyone else has r-- (read only) permissions. That's not a realistic example, BTW, just illustrative. Directories look the same and have permissions set in the same way, but the meaning of r, w, and x are slightly different than for files.

That is also correct. I've been staring at ls -la screens all afternoon.

Originally posted by: cleverhandle

Originally posted by: DarrylLicke
If you're changing the apache user to run as www/www, then you'll want to make sure that any files that apache will be reading have appropriate permissions. So either the files should belong to the user or group www, or else "everyone" need read permission.

Thanks. That's exactly what I needed to hear.

Originally posted by: cleverhandle

Originally posted by: DarrylLicke
I would highly recommend exploring permissions by poking around in a shell before setting up Apache. As root, make a test directory and some test files somewhere, create a new regular user, and see what that user is allowed to do to those files. As root, play around with the permissions using chmod and chown so that you can see the effects the different bits have on the user's access. I think you'll find it's pretty simple if you stay concrete.

That's the beauty of this job...I can do that and they're cool with it. Although I've already installed Apache it's on a blow up box so I can try that user creation stuff tomorrow.

Originally posted by: cleverhandle

Originally posted by: DarrylLicke
Lot's more reading and details can be in many, many places - the Frisch book is a good place to start. Here's a brief online summary.

thanks I'll give that link and this frisch book a thorough look over.

 

[najames]

You can also use the groups command to see what groups are set up. The groups username will show what groups a user belongs to. We use it for security on Solaris, some users are in an admin group, all are in the users group. Groups permissions on the files and folders will determine which groups can do what.

I use ls -la a lot too, shows "all".

Unrelated, but df -h is handy to check disk space.