Dear Lifehacker,
I've followed your guide to building a home server with FreeNAS, but I'm not sure what to do with the permissions on my files. Can I just set them all to 777, or is that insecure? This stuff is like Chinese to me, help!
Sincerely,
Perplexed by Permissions
Dear Perplexed,
You are not alone. In fact, I was pretty confused by file permissions for a long time, but it's actually very simple! Here's why you should care, and how to understand the permissions that keep your files safe.
Note: This is a very large topic, and there's no way we could cover everything here. For now, we're going to focus on UNIX permissions?that is, permissions on Mac, Linux, and FreeBSD systems (like FreeNAS), and start with just the basics. If you're a Windows user, check out our guide to Homegroups for an easier way to share files between computers.
Why File Permissions Matter
You may think a good Wi-Fi password is all you need to keep your data from getting tampered with, but as we've shown you before, it's very easy to hack into a Wi-Fi network. So, even though it's unlikely to happen, you should make sure your files aren't out in the open for anyone to steal?especially if you have more sensitive information on your server (like backups of your computer, which can contain any number of important things).
Furthermore, if you're sharing files within a household, it's important to make sure certain family members can't tamper with files that aren't theirs. You don't want to wake up one day only to find out that your child accidentally deleted everything on your server because it was wide open for him or her to access, or that your not-so-tech-savvy spouse moved around all your movies so your home theater PC can't find your library. A little tweaking can go a long way, and make sure your files are safe from any and all horrible situations.
The Players: Owners, Groups, and the Public
For all UNIX systems (Mac OS X, Linux, and FreeBSD?which is what FreeNAS uses), permissions work in generally the same way. Each file and folder has an owner and a group assigned to it, which decides who is allowed to access that file. The owner is the only user who can change permissions, and traditionally they have full access to the files (that is, they can read and write). Another group of users may have separate permissions (perhaps they can only read the files), and everyone else may have different permissions (maybe they can't see the files at all).
This allows you to easily dole out permissions to the household. Say you, the owner of the files, want full access, but you don't want the rest of the family to be able to write or delete those files. You, the owner, can have full permissions: you can read it, write to it, and execute it (if it's a program or script). If you want the rest of your family to only read the files, you can assign the group "Family" to those files and give it read-only permissions.
First Things First: Create Users and Groups
Before you start, you'll want to make sure you actually have users and groups on your system to which you can give these permissions. Usually, this is best done through the Users and Groups setting of your operating system?Linux, OS X, or FreeNAS. Add users for each person in your household, and create any groups you want?like a "family" group?and add the necessary users to that group. For example, if your name is Donald, you'd create a user called donald
, as well as a user for your girlfriend daisy
and your live-in nephews huey
, dewey
, and louie
. All of those users would be a part of the group family
.
How to Change the Owner of a File
The easiest way change permissions is through the command line (as GUI options can often be limited or confusing). Let's take a simple example. I have a folder of movies on my hard drive, located at /mnt/Media
. To see who owns those files and what group is assigned to it, I can just run the following two commands:
cd /mnt/Media
ls -l
The first command moves me to that folder, and the second command lists the files in that folder and their details. In my case, it brings up something like this:
heimdall:/mnt/Media# ls -l
total 40
drwxrwxr-x 7 root wheel 512 Aug 9 20:07 Games
drwxrwxr-x 126 root wheel 17920 Nov 10 23:25 Movies
drwxrwxr-x 2 root wheel 2560 Aug 10 23:15 Music Videos
drwxrwxr-x 17 root wheel 1024 Nov 26 20:45 TV Shows
This shows that the owner of each folder is root
, and the group assigned to each is wheel
(a group reserved for administrators). Let's say I want to be the owner of the file, and I want to give a group (my family) access to those files. To do so, I'd then run chown
, which stands for "Change Owner:"
chown -R donald Movies
This changes the owner of the "Movies" folder to the user donald
. The -R
flag makes it recursive, which means it'll also change the owner for every folder and file within "Movies" (so I also own all my movies, not just the folder they're in). To make sure it worked properly, you can always run ls -l
again to see:
heimdall:/mnt/Media# ls -l
total 40
drwxrwxr-x 7 root wheel 512 Aug 9 20:07 Games
drwxrwxr-x 126 donald wheel 17920 Nov 10 23:25 Movies
drwxrwxr-x 2 root wheel 2560 Aug 10 23:15 Music Videos
drwxrwxr-x 17 root wheel 1024 Nov 26 20:45 TV Shows
Repeat this process for any other folders you want to own.
How to Change the Group Associated with a File
Changing the group is similar to changing the owner. Let's say I wanted to assign my family
group to all of my movies (so my family could watch these movies on their own computers). To do so, I'd run the following command:
chgrp -R family Movies
This command changes the group of the Movies folder and its contents to family
. Again, repeat this process for all other folders you want them to access.
The Permissions: Read, Write, and Execute
The players are only the first half of the equation. The next thing you need to worry about are the actual permissions. For a given file or folder, you have three things to worry about:
- What the owner of the file can do with it
- What its group can do with it
- What the public can do with it
Let's go back to our example of the movies folder. If we go back and ls -l
to see those files, we're given this output:
heimdall:/mnt/Media# ls -l
total 40
drwxrwxr-x 7 donald family 512 Aug 9 20:07 Games
drwxrwxr-x 126 donald family 17920 Nov 10 23:25 Movies
drwxrwxr-x 2 donald family 2560 Aug 10 23:15 Music Videos
drwxrwxr-x 17 donald family 1024 Nov 26 20:45 TV Shows
See that drwxrwxr-x
gibberish on the right? That's actually the list of permissions for each folder. d
means the file is a directory. After that, the first three letters (rwx
) are what the owner can do with that file. The second three letters show what the group can do, and the last three letters show what the public can do. r
gives read permissions, w
gives write permissions, and x
gives execute permissions (which only really applies to programs and scripts). A dash (-
) indicates that a certain permission has not been given.
So, in the above case, these files can be read and written to by donald
and family
(rwxrwx
) , but only read by the public (r-x
). We probably want to change that, since we don't want the family to write to the files, and don't want the public to see anything at all. So, we can change those permissions by running:
chmod -R 740 Movies
This changes those permissions to drwxr-----
, meaning the owner can do anything (rwx
), the group family
can read files (r--
), and the public can do nothing (---
).
So how did we come up with the number 740
? Each digit represents one of the players: the owner, the group, and the public. The permissions create the digits like this:
r
=4,w
=2,x
=1, andrwx
=7
Since we wanted the owner to do everything, the first digit becomes a 7. The group can only read, which is 4, and the public can do nothing, which is 0. Thus, we give the file permission "740." Make sense? If we wanted the group to be able to write and execute, but not the public, we'd instead run:
chmod -R 770 Movies
It all depends on what you want to do. Repeat this process for the other files and folders you want to tweak, and you'll be well on your way to a safer, more secure set of shared files.
Sincerely,
Lifehacker
wiz khalifa taylor allderdice eddie royal iditarod nfl free agents 2012 encyclopedia brittanica nfl free agency jonbenet ramsey
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন