In the first half of this article we briefly discussed file permissions in Linux and then got acquainted with Nemo, the file manager in Linux Mint. You may wish to catch up by reading Part I if you have not already done so.
Use the List view to see permissions in Nemo
Like Windows Explorer, you can view the files in Nemo in different ways: as large icons, as a list with smaller icons, or as a list with detailed information about each file. Buttons to switch the various views are in the upper right side of Nemo as well as in the View menu.
Click the List button or menu item, as you prefer. You will see columns with information about each file and folder. If you go back to Preferences in the Edit menu, then click the List Columns tab, you can choose the information to display and change the order of the columns that are displayed. Check the boxes for Name, Size, Type, Date Modified, Owner, Group, and Permissions. Back in the file manager window, you can click any column heading to sort the files by that criterion; click again to sort it in reverse order. You can change the width of each column by clicking the spacer between two columns and dragging left or right.
Create sample files to experiment
In a newly installed Linux Mint, you may not have any files visible for us to experiment with. If you have already created some files, or can copy some from other media to your Documents folder, you can use them in our further exploration of permissions. Otherwise, let's create a few and then we can experiment with them in Nemo.
In the main Menu's Accessories menu, click Text Editor to launch the default simple editor in Mint, gedit. It is very similar to Notepad in Windows but with extra features. Type in whatever you like, gibberish or your favorite poem. Now click File and Save and click Documents, in the sidebar bar on the left, to save it in your Home folder's Documents subfolder. Name it something like sample-1.txt, and click Save.
Now click File and New and another tab will appear in gedit. Repeat the procedure above so that you have several files we can work with. When done, you can close gedit by clicking File and Quit or by clicking the close (X) button in the top right corner, just like Windows.
Working with permissions in Nemo
Now navigate to your Documents folder in Nemo. It remembers your preferences for each folder but if you didn't change anything in a folder, it uses the default preferences. So click the List View button and once again we will see columns of information about those files we just created in Documents.
Notice the Owner column shows you as the file owner, in the format [username]-[real name]. The Group column will also show your username because, if you recall, Linux automatically creates a group of the same name for every user account. Files that you create are assigned to you as the owner and your personal group by default. When someone else logs in to another user account, the files he or she creates will similarly be assigned to him or her as the owner and personal group.
Take a look at the Permissions column. You will see a string of letters and hyphens there, mostly showing “-rw-r—r--”. We'll come back to that later but for now just remember that we saw those letters in the table in Part 1 of this article as abbreviations for the Read, Write, and Execute permissions.
Mint and Nemo try to make Linux user friendly. Historically, Linux had a reputation for being cryptic and nearly impossible for the average person to understand and use. Nowadays, with a graphical desktop environment and other changes Linux is accessible to everyone. As part of that shift, Nemo takes some of the mystery out of permissions.
Right-click on one of the sample files we just created with gedit and choose Properties from the context menu. The Basic tab will show you general information, very similar to what you might expect with Windows. Now let's click the Permissions tab.
There you see yourself as the owner of the file. The next line refers to your permissions for the file as Access, using the “friendly” language described above. So, most likely “Read and write” is selected in the dropdown list, which is the friendly way of saying “rw” which we saw in the Permissions column in Nemo; in both friendly terms and technical abbreviations, you have both Read and Write permissions for the file.
As the owner, you can change your own access/permissions to Read only. That could be useful for a file you don't need to edit and you want to make sure you can never easily, and mistakenly, overwrite or delete it; if you ever changed your mind, you could just come back to Nemo and change it again to Read and write.
Note that you can't change ownership of the file to another user here. We can do that using the command line (the subject of my next article) but there is a way to do it in Nemo as well. I will show that to you next time.
Next we see your personal group as the assigned group for the file. Remember from Part I of this article that any time you create a new file, it automatically gets assigned to your personal group. You can select another group, like the smithproject group which we created previously and assign the file to it. Now, all the users whom we make members of the smithproject group will be able to use this file. If we give them Read and write access (permission), they will be able edit it or delete it as well as open/read the file. This lets you share the files with other users for collaboration or other purposes.
Finally, we have a third dropdown list of permissions labeled just Access. This is a catchall of “everyone else” or “other users” of the computer. So, if someone is not the owner nor a member of the smithproject group, he or she will have whichever level of permission we assign here. You can make the file completely private to yourself and the group by selecting None or you can let everyone Read or Read and write the file, as you prefer.
The very last checkbox is useful only if you know this particular file is executable as a program rather than a document, image, spreadsheet or other type of data. Normally, you will not mark files as executable. Click the Close button to save any changes you have made.
How permissions are displayed in file listings
Now if we go back that string of letters and hyphens in Nemo's Permissions column, it should make more sense.
The very first position indicates if the item is a folder, or directory, by the letter d; otherwise it is a regular file and has a hyphen to indicate the absence of the characteristic for that position (there are other possibilities but we won't cover them in this article). The next three positions are the owner's permissions, and indicate Read, Write, and Execute (or a hyphen to show the absence of those permissions in each spot). You probably see rw- for the sample files, meaning you, the owner, can read and write the file.
Next come three positions for the group (and if you changed the files in Nemo's Properties popup, you may see smithproject in the group column for one or more files). Depending on how you changed the group's access, it might say r-- or rw- in the group's permissions. Last come the three positions for “everyone else” or “other users” and may have just three hyphens if you have set the access to None; in that case, anyone who is not the owner or a group member will not be able to view, open, delete, or do anything else at all with the file. Aunt Mildred and Cousin Ernie will be stymied trying to peek into your secrets.
So, for every file and folder, we have one character to indicate if it is a file or folder, followed by three groups of three characters each, which indicate the permissions for owner-group-others. Let's look at an example and get the format fixed in our minds:
-rwxrw-r--
|
File or folder indicator
|
Owner permissions
|
Group permissions
|
Others permissions
|
-
|
rwx
|
rw-
|
r--
|
We have a single character in position 1, then a set of 3 characters for the owner, another set of 3 characters for the group, and finally a third set of 3 characters for other users. In all, there are 10 characters, 9 of which, in 3 sets of 3, represent the actual permissions.
A simple 3-digit shorthand for file permissions
This is Linux, the operating system that proudly proclaims its versatility and multi-hued ways of doing everything. So do you think these are the only means for describing file and folder permissions?
Of course not! Besides Nemo's “friendly” wording and the classic 9-position string of letters and hyphens (not including the d for directory position), there's another style commonly used in Linux: a simple 3 digit code. Let's be honest, most of us have an easier time reading and remembering 3 digits instead of 9, right? So you will often see this method used when reading articles about Linux and you will even be able to use when typing those infamous and mysterious commands if you use the command line (and we will use it, just wait a bit!).
Recall the table in Part I that showed a numeric value for Read, Write and Execute (4, 2, and 1, respectively). Without getting into a technical explanation about binary, octal and hexadecimal numbers in computing, let's just say we can use those numbers as a shorthand for the longer permissions code. It's pretty ingenious when we discover how it works.
You see, for any single digit in the “tri-code”, there's only one possible set of permissions that match it. Try it with any number. Let's start with 5.
Remember, our possible permissions are Read (4), Write (2), Execute (1) or otherwise we put 0 or a blank in the slot to indicate a permission not granted. We sum up the numbers for the permissions to arrive at the single-digit representation of the combined permissions. So, here is how we calculate 5, our chosen example number above.
We can figure it out just using the process of elimination. First, there is no value of 5 in the permissions table, so it can't be 5 + 0 + 0.
There's no 3 either, so it can't be 3 + 2 + 0.
We can't double any numbers either, because it would make no sense to give someone the Write permission plus the Write permission again, as in 2 + 2 + 1.
So we only have one set of possible values that add up to 5: Read + (no Write) + Execute = 4 + 0 + 1 = 5.
Here is a table of the possible combinations of permissions, ranging from the maximum of 7 (all permissions granted) to 0 (no permissions granted).
Read
|
Write
|
Execute
|
Total
|
Equivalent to
|
4
|
2
|
1
|
7
|
rwx
|
4
|
2
|
-
|
6
|
rw-
|
4
|
-
|
1
|
5
|
r-x
|
4
|
-
|
-
|
4
|
r--
|
-
|
2
|
1
|
3
|
-wx
|
-
|
2
|
-
|
2
|
-w-
|
-
|
-
|
1
|
1
|
--x
|
-
|
-
|
-
|
0
|
---
|
Now that you see how we can reduce any rwx code to a single number, let's see how to use those single numbers to indicate the permissions for Owners, Groups, and Other users. If we replace each 3-character code with the single digit type, instead of rw-r-xr-- we get 6 and 5 and 4. For this, we don't actually sum the numbers, we just display them in sequence as a 3-digit code: 654.
Here are a few sample sets of permissions to show how it works.
Long code
|
Owner
|
Group
|
Others
|
3-character Code
|
rwxrw----
|
Read + Write + Execute = 4 + 2 + 1 = 7
|
Read + Write = 4 + 2 + 0 = 6
|
(none) = 0 + 0 + 0 = 0
|
760
|
r-x-w---x
|
Read + Execute = 4 + 0 + 1 = 5
|
Write = 0 + 2 + 0 = 2
|
Execute = 0 + 0 + 1 = 1
|
521
|
rw-r-xr--
|
Read + Write = 4 + 2 + 0 = 6
|
Read + Execute = 4 + 0 + 1 = 5
|
Read = 4 + 0 + 0 = 4
|
654
|
You can use this style of permissions code in commands in Linux as well as in many programs that deal with permissions. For example, Filezilla, a popular program used by many people to upload files to the server of their websites, sets the files' permissions on the website using this type of code instead of the long 9-character style. In many articles and tutorials about Linux, you will find it very common to read something like “In the [Wordpress, Drupal, etc] directory of your server, set the permissions to 755 for folders and 644 for files.” Now you understand what that means.
Put into practice what you have learned
Now that you know about file and folder permissions for owners, groups, and other users, you may want to try setting up some folders in your Home folder to be either private or shared with others. Use Nemo to create a new folder and name it None of your Business, then set its permissions so that “others” (not you or your personal group) have the Access of None. Create another folder and name it Stuff to share and assign it to a group that you create; give the group Read and Write access and save files there when you want group members to be able to use them also.
Log in using the guest account and password and test the results of your experiment. See what you can access (entering into a folder and seeing its file list, opening files, etc.) as the non-owner, non-group user. You can go back to your own account and adjust the permissions until you are happy with the results.
Even better, you can set up these private and shared areas in your data partition if you partitioned your hard drive the way we discussed in the article on installing Linux Mint. You can have all of your data files, and the files of other users on your computer, in one centralized area and the various folders and files in it can be organized with permissions to provide access by users and groups as appropriate. A central data partition or top level folder makes it easy to back up everything important with just one operation instead of depending on each user to regularly back up his or her files.
File and folder permissions can be somewhat daunting and confusing. Don't let it discourage you. Not only will you get the hang of it, you don't need to use it all that much. There are many, many thousands of files on a Linux system but Linux itself will take care of the permissions for nearly all of them. It's really only your personal files and folders that you may want to configure for more or less privacy and more or less sharing with other people.
Permissions are just one part of securing your computer. I refer to permissions as “compartmental security” because they let you organize your files in a way that prevents accidental mixups and casual snooping. For true rock-solid privacy and security, we will learn about encrypting files, folders and even partitions and whole disks in a future article.
Now you're ready for your relatives to visit
So what do you do when Cousin Ernie or Aunt Mildred insists on using your computer? Give them a key to your computer—you just don't have to give them the master key that lets them access every file and folder.
You don't need to log out or reboot your PC. Just click the main Menu and then the Logout button. Instead of logging out, click the Switch User button and a new login screen will appear. Your relative can log in with the guest account you created and snoop around...but he or she won't find much because you've protected your personal files, folders, and program settings (*cough* browser history *cough*) by properly setting permissions.
When he or she finishes, go to Logout again and this time choose Log Out; you will be prompted to enter your own password to resume your computer session just as it was when you temporarily switched to the guest user account.
Create user accounts for the members of your household or office, as well as the generic guest account. Everyone will be happier with his or her own private space and work environment and, with a few permission changes, you can easily share files and folders when you want to.
In the next article, you will learn about the mysterious power of sudo—that's right, we will take a whirl with typing in a few of the Linux commands that intimidate many people. Don't worry, it will be fun!
This is my fourth article in a series about Linux. In previous articles, we took a quick tour of Linux Mint to get an overview, learned how to test drive it on our computers free of commitment or cost, and then went step by step through the process of installing Linux Mint. If you missed those articles, you can catch up by reading our group blog of Linux users, Tuxville. Visit the blog regularly to keep abreast of future articles in this series.