Unix rights are in general set up with the chomd. You can display them with
ls -la
. Thereby the format of the entries is the following order:
Important: If a directory doesn't have thee x its also not readable, because to do so there must be an execution of a command (ls, cp, …) on the directory.
ls -la /home/myuser/test total 10 drwxr-xr-x 3 myuser student 512 2005-02-18 14:29 . drwxr-xr-x 124 myuser student 6656 2005-02-18 14:28 .. drwxr-xr-x 2 myuser student 512 2005-02-18 14:29 somedir -rw-rw-r-- 1 myuser student 0 2005-02-18 14:29 somefile lrwxrwxrwx 1 myuser student 8 2005-02-18 14:29 somelink -> somefile
Here all objects belong to the user myuser and the group student whereby the file somefile and so also the symlink somelink are writeable by every member of the group. Everybody is allowed to read everything, but only if all directories in the directory hierarchy to the current are read- and executable for the user. If you want to restrict these rights for a certain group of users, ACLs come along.
The set up and changing of the rights has the form Who, Withdraw/Give (+/-), Which:
chmod go-r /home/myuser/test/somefile chmod g+w /home/myuser/test/somedir
These commands withdraw the rights for reading on the file somefile for the group and the rest in the first step and in the second step the writing rights for the group on somedir. Rights can be set by the specification of values:
chmod 644 /home/myuser/test/somefile chmod 755 /home/myuser/test/somedir
The commands above set the rights for somefile for the reading/writing of the owner and the reading for everybody else. The values are specified by octal numbers. The order is: owner, group, rest where the values for reading (4), writing (2) and execute (1) add up.
Other then in Windows-system the file is executable precisely when the user has the unix-rights to do so, unattached by the file extension.
Aside from the unix-rights in practice of the pool computers what also matters are the ACLs.
Concerning directories the right to execute means that you are allowed to change directories. In Symlinks (to be created with ln -s) all rights are “set” because all if its rights are deducted from the linked objects.
ACLs
Access Control Lists (ACLs) allow a more fine-granted right assignment then the classical unix-rights. It's e.g. possible to give or withdraw individual users rights for files and directories.
ACLs can be found e.g. as part of Microsofts filesystem NTFS but also in Sparc/Solaris in the form of UFS. The necessary commands there are getfacl and setfacl
For a generell tutorial in ACLs (as well a short tutorial for an introduction in CVS-repositiories like described below) take a look e.g. in the EiSE ACL tutorial. To allow it certain other users the access on the home directory (which is necessary for CSV) you have to do the following steps for every user (“someuser” is the particular user:) and check the outcome at the end using getfacl:
setfacl -m u:someuser:rx ~ setfacl -m u:someuser:rwx ~/myproject getfacl ~
Note: The wave or tilde ~ is a placeholder for your own home directory.
The first command will allow the user “someuser” to enter the home directory the second gives the user writing permission on “myproject”.
If you want that new files and directories also have the rights of their parent directory you have to use the setfacl command again with some little modification:
With
setfacl -d u:someuser project
the rights which were granted via ACL for some user on project will be deleted.
Files or directories with ACL-entries will be marked with ls -al marked with +:
-rw-rw-r--+ 1 myself mygroup [...] project -rw-r----- 1 myself mygroup [...] some_private_stuff
If you want to set up the rights for newly created files in a directory (default permissions) you can do it that way (exclusive access for the owner):
setfacl -d -m u:someuser:rwx ~/myproject
For more questions use
man setfacl
.