Americas

  • United States
sandra_henrystocker
Unix Dweeb

Sharing, compressing and password-protecting files on Linux

How-To
Jun 13, 20234 mins
Linux

Linux provides a number of ways to control who has access to your files and what kind of access they have.

Files

Keeping your files private from anyone but those with superuser (root) access is easy on Linux. File permissions provide everything you need. By default, you’ll have a username and primary group assigned to your account, and you can use the chmod (change mode) command to control what anyone else can view or change.

(If permissions like “750” and “rwxr-x—” don’t ring any bells for you, check out these posts for insights into how file permissions work on Linux: A deeper dive into Linux permissions and Unix: beyond group and everyone else)

Any time you request a long file listing with the ls -l command, you’ll see lines like this:

-rw-r-----. 1 myacct   admins 2088 Jun 26 recipe

The permissions should be fairly obvious, but this little diagram identifies how the permissions relate to various users:

-rw-r-----
^^  ^  ^
||  |  |
||  |  +-- everyone else has no access
||  +----- other members of the admins group can read
|+-------- you have read and write access
+--------- file type ("-" identifies a regular file)

Note that if you were to set permissions on a file to 044 (—r–r–), you would not be able to view the file even though you’re clearly a member of the group.

$ ls -l dumfile
----r--r--. 1 myacct amins 9 Jun 13 10:41 dumfile
$ cat dumfile
cat: dumfile: Permission denied

You could, of course, change the permissions back to something more reasonable.

If you see a + sign at the end of the permissions string (e.g., -rw-r—–+), that means that other users beyond those included in the owner, group and other groups also have access to the file. The getfacl command can be used to provide the details. In the example below, John Doe has read and write access in spite of the fact that he is not a member of the admins group.

$ getfacl recipe
# file: recipe
# owner: myacct
# group: admins
user::rw-
user:johndoe:rw-
group::r--
mask::rw-
other::---

Files can be easily shared with members of your primary group and even with anyone with an account on the system, though this will require that they have access to the file location as well as the files themselves. A file like the one listed below will be readable by anyone in the tech team (since they will have read access), but they will not be able to make any changes.

$ ls -l meeting_notes
-rwxr-----. 1 myacct techteam 2534 Jun 11 meeting_notes

Note that it’s probably best to store files to be shared with others in a directory other than your home directory.

Compressing files

Linux provides a number of commands for compressing files — a good thing to do when files are fairly large and don’t need to be viewed or modified very often. The shrinkage will depend on file content. Here’s an example:

$ ls -l dict.mp4
-rw-r--r--. 1 shs shs 11215553 Mar 14 15:07 dict.mp4
$ gzip dict.mp4
$ ls -l dict*
-rw-r--r--. 1 shs shs 8507802 Mar 14 15:07 dict.mp4.gz

The link below will take you to a post on compressing files.

How to compress files on Linux 5 ways

Password-protecting files

One very simple way to encrypt a file on Linux by adding a -x option to your vi or vim commands. This is a very easy way to keep the contents private without depending on file permissions – even from root. To create a passcode-protected file, use a command like this:

$ vim -x newfile

You will be asked twice to enter the encryption key. When you go to edit the file again using a command like “vim newfile”, you will asked to enter the same key again. This command provides a very easy way to hide the contents of a text file without having to rely on file permissions.

More on encrypting files with vim (including how to reverse the process) is available at this link:

Using vim to quickly encrypt and decrypt files

Wrap-up

Linux commands make it possible to share files with everyone on the system, so be very selective about who can view them or hide their contents from everyone but yourself.

sandra_henrystocker
Unix Dweeb

Sandra Henry-Stocker has been administering Unix systems for more than 30 years. She describes herself as "USL" (Unix as a second language) but remembers enough English to write books and buy groceries. She lives in the mountains in Virginia where, when not working with or writing about Unix, she's chasing the bears away from her bird feeders.

The opinions expressed in this blog are those of Sandra Henry-Stocker and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.