Introduction
File and folder security is an important element of any OS and Linux operating system is no exception!
So what does all this output mean ? Especially all those 'rwx' lines?!
[root@linuxguide work]# ls -l
total 0
-rw-r--r-- 1 root root 0 Jan 2 16:22 file1
-rw-r--r-- 1 root root 0 Jan 2 16:22 file2
-rw-r--r-- 1 root root 0 Jan 2 16:22 file3
-rw-r--r-- 1 root root 0 Jan 2 16:22 file4
-rw-r--r-- 1 root root 0 Jan 2 16:22 file5
-rw-r--r-- 1 root root 0 Jan 2 16:22 file6
-rw-r--r-- 1 root root 0 Jan 2 16:22 file7
-rw-r--r-- 1 root root 0 Jan 2 16:22 file8
-rw-r--r-- 1 root root 0 Jan 2 16:22 file9
These permits allow you to choose exactly who can access the files and folders that provides a comprehensive security system improved. Now consider a directory on your Linux server lab, to help us understand the information provided. While a simple 'ls' will give you the file and the list of directories in a given directory, add the '-l' reveals a number of new areas.
So what does all this output mean ? Especially all those 'rwx' lines?!
Let's start from scratch, the analysis of the information contained in the following command. From right to left, we have the file and the directory name. Then we will find the time and date of creation. The next column contains the file size in bytes - nothing special here. Next column shows the permissions. Each file in Linux is "owned" by a particular user, usually the user (owner) who created the file, but you can always give the property to another person. The owner could belong to a particular group, in this case, the file is also associated with the user group. The system identifies files by their inode number, which is the unique identification system for the file. Now, for the last column, the first left that contains the '-rw-r--r--' characters. These are the effective permissions set for the file or directory that are studied in particular.
[root@linuxguide work]# ls -l
total 0
-rw-r--r-- 1 root root 0 Jan 2 16:22 file1
-rw-r--r-- 1 root root 0 Jan 2 16:22 file2
-rw-r--r-- 1 root root 0 Jan 2 16:22 file3
-rw-r--r-- 1 root root 0 Jan 2 16:22 file4
-rw-r--r-- 1 root root 0 Jan 2 16:22 file5
-rw-r--r-- 1 root root 0 Jan 2 16:22 file6
-rw-r--r-- 1 root root 0 Jan 2 16:22 file7
-rw-r--r-- 1 root root 0 Jan 2 16:22 file8
-rw-r--r-- 1 root root 0 Jan 2 16:22 file9
To make things easier, we've split the permissions section into a further 4 columns as shown above. The first column indicates whether we are talking about a directory (d), file (-) or link (l).
Column 2 refers to the user rights. This is the owner of the file, directory or link and these three characters determine what the owner can do with it.
The 3 characters on column 2 are the permissions for the owner (user) of the file or directory. The next 3 are permissions for the group that the file is owned by and the final 3 characters define the access permissions for the others group, that is, everyone else not part of the group.
So, there are 3 possible attributes that make up file access permissions:
r - Read permission. Whether the file may be read. In the case of a directory, this would mean the ability to list the contents of the directory.
w - Write permission. Whether the file may be written to or modified. For a directory, this defines whether you can make any changes to the contents of the directory. If write permission is not set then you will not be able to delete, rename or create a file.
x - Execute permission. Whether the file may be executed. In the case of a directory, this attribute decides whether you have permission to enter, run a search through that directory or execute some program from that directory.
Here are some more examples focusing on the permissions:
-r--r--r-- :This means that owner, group and everyone else has only read permissions to the file (remember, if there's no 'd' or 'l', then we are talking about a file).
-rw-rw-rw- : This means that the owner, group and everyone else has read and write permissions.
-rwxrwxrwx : Here, the owner, group and everyone else has full permissions, so they can all read, write and execute the file (-).
Modifying Ownership & Permissions
So how do you change permissions or change the owner of a file?
The way this works is simple. We are aware of three different permissions, Read (r), Write (w) and Execute (x). Each of these permissions is assigned a number as follows:
r (read) - 4
w (write) - 2
x (execute) - 1
Changing the owner or group owner of a file is very simple, you just type 'chown user:group filename.ext', where 'user' and 'group' are those to whom you want to give ownership of the file. The 'group' parameter is optional, so if you type 'chown asifark file.txt', you will give ownership of file.txt to the user named asifark.
In the case of a directory, nothing much changes as the same command is used. However, because directories usually contain files that also need to be assigned to the new user or group, we use the '-R' flag, which stands for 'recursive' - in other words all subdirectories and their files: 'chown -R user:group dirname'.
To change permissions you use the 'chmod' command. The possible options here are 'u' for the user, 'g' for the group, 'o' for other, and 'a' for all three. If you don't specify one of these letters it will change to all by default. After this you specify the permissions to add or remove using '+' or '-' . Let's take a look at an example to make it easier to understand:
If we wanted to add read, write and execute to the user of a particular file, we would type the following 'chmod u+rwx file.txt'. If on the other hand you typed 'chmod g-rw file.txt' you will take away read and write permissions of that file for the group .
While it's not terribly difficult to modify the permissions of a file or directory, remembering all the flags can be hard. Thankfully there's another way, which is less complicated and much faster. By replacing the permissions with numbers, we are able to calculate the required permissions and simply enter the correct sum of various numbers instead of the actual rights.
The way this works is simple. We are aware of three different permissions, Read (r), Write (w) and Execute (x). Each of these permissions is assigned a number as follows:
r (read) - 4
w (write) - 2
x (execute) - 1
Now, to correctly assign a permission, all you need to do is add up the level you want, so if you want someone to have read and write, you get 4+2=6, if you want someone to have just execute, it's just 1.. zero means no permissions. You work out the number for each of the three sections (owner, group and everyone else).
If you want to give read write and execute to the owner and nothing to everyone else, you'd get the number 700. Starting from the left, the first digit (7) presents the permissions for the owner of the file, the second digit (0) is the permissions for the group, and the last (0) is the permissions for everyone else. You get the 7 by adding read, write and execute permissions according to the numbers assigned to each right as shown in the previous paragraphs: 4+2+1 = 7.
If on the other hand you decide not to give anyone any permission, you would use '000' (now nobody can access the file, not even you!). However, you can always change the permissions to give yourself read access, by entering 'chmod 400 file.txt'.
For more details on the 'chmod' command, please take a look at the man pages.
As we will see soon, the correct combination of user and group permissions will allow us to perform our work while keeping our data safe from the rest of the world.
The world of Linux permissions is pretty user friendly as long as you see from the right perspective. Practice and reviewing the theory will certainly help you remember the most important information so you can perform your work without much trouble.
If you happen to forget something, you can always re-visit us, we will welcome you any time of the day :)
No comments:
Post a Comment