Activity2 Managing File Ownership and Per Missions

Download as pdf or txt
Download as pdf or txt
You are on page 1of 6

Activity 2: Managing File Permissions and Ownerships

Objectives:
• Control file access permissions on files as well as directories
• Maintain security using access modes such as suid, sgid, and sticky bit
• Change the file creation mask
• Grant file access to group members

Concepts
• Linux is a multiuser operating system and therefore, each user belongs to a
primary group and may also belong to other groups as well.
◦ This will allow system admins to manage security for collections of people
with different requirements
• Linux keeps track of different users by their username.
◦ Advance features allow different users to have different privileges
• Ownership of files and access authority are closely related to user ids and
and groups

The su Command
• su will allow one user to run commands as other users
◦ Quick way of logging off and back on again
◦ su will prompt you for the password of the user you are switching to.

Who Am I?
• If you have become another user, your prompt may include your user id
(username), if not, then you can use the whoami command to check your current
effective id

What Groups Am I In?


• You can find out what groups you are in using the groups command
• You can find out both user and group information using the id command
◦ Add a user id parameter to either groups or id to see information for that
user id instead of the current user id

The Superuser: Root


• Every Linux system has a user called root
• The root user is all-powerful
◦ can access any files
• The root user account should only be used for system administration
Understanding File Ownerships

Every file on the Linux operating system, including directories is owned by a


specific user and group. File permissions, therefore are defined separately for
users, groups and others.

User/Owner
The username of the person who owns the file. By default, the user who
creates the file will become its owner.

Group
The group of users that owns the file.

All users who belong into the group that owns the file will have the same
access permissions to the file.
Example: You have a project that requires a bunch of different users to be
able to access certain files, while others can't. In that case, you will add
all the users into the same group, make sure the required files are owned by
the group and set the file's group permissions accordingly.

Other
A user who is not the owner of the file and does not belong in the same group
the file does.

If you set a permission for the “other” category, it will affect everyone
else by default.

Changing File Ownership – chown


• The chown command changes the ownership of files and directories
• Syntax:
chown EMac index.php
• Makes EMac the owner of the file index.php
• You can specify any number of files or directories.
• Only the root can change the ownership of the file.

Changing File Group Ownership with chgrp


• The chgrp command changes the group ownership of files or directories
• Syntax
chgrp faculty classlist.ods
• Makes faculty be the group owner of the file classlist.ods
• You can specify any number of files or directories
• The root may change the group ownership of any file to any group
• The owner of a file may change its group ownership
◦ But only to a group of which the owner is a member

Changing the Ownership of a Directory and Its Contents

• This is a common requirement that a system admin encounters


• Both chown and chgrp accept the -R option
• Syntax
chgrp -R faculty Documents
• Mnemonic: recursive
• Changes the group ownership of Documents to the group faculty
• Changing user ownership (root only)
chown -R root /usr/local/share/misc

Changing Ownership and Group Ownership Simultaneously


• The chown command can change the user/owner and group owner of a file
simultaneously
• Syntax:
chown EMac:developers public_html/home.html
• Changes the user to EMac and the group owner to developers
• You can use -R option

Basic Concepts: Permission on Files

The three types of access permissions on Linux: read, write, execute. These
permissions are defined separately for the file's owner, group, and all other
users.

Read
On a regular file, the read permission bit means the file can be opened and
read. On a directory, the read permission means you can list the contents of
the directory.

Write
On a regular file, this means you can modify the file (write new data).

In case of a directory, the write permission means you can add, remove, and
rename files in the directory.

Execute
This means that you can execute the file as a program or a shell script.

On the directory, the execute permission (also called the search bit) allows
you to access files in the directory and enter it with the cd command

Examining Permissions: ls -l

• The ls -l command allows you to examine at the permissions on the file


bsit@bsit-desktop ~/Public $ ls -l
total 4
drwxr-xr-x 2 bsit bsit 4096 2011-01-10 19:50 Files
-rw-r--r-- 1 bsit bsit 0 2011-01-10 19:50 grades.ods
-rw-r--r-- 1 bsit bsit 0 2011-01-10 19:50 home.php

• The first column shows the file type and permissions


◦ The first character can be any of the following:
d = directory
- = regular file
l = symbolic link
s = Unix domain socket
p = named pipe
c = character device file
b = block device file
◦ Three characters of rwx permissions for the owner (or a dash if the
permission is not available)
◦ Three characters of rwx permissions for the group owner
◦ Three characters of rwx permissions for everyone
• The second column shows the number of links
• The third column shows the owner of the file
• The fourth column shows the group the file belongs to
• The other columns shows the file size in bytes, date and time of last
modification and the filename respectively

Changing File and Directory Permissions: chmod

• The chmod command changes the permissions of a file or directory.


◦ A file's permission can be changed only by its owner or by root
• chmod takes an argument describing the new permissions
• Simple example:
chmod a+x new_file
adds (+) executable permission (x) for all users (a) on the file new_file

Specifying Permissions for chmod – symbolic mode

• Permissions can be set using letters in the following format:


[ugoa] [+=-] [rwxX]
• The first letter indicates who set permissions for
◦ u for the file's owner
◦ g for group owner
◦ o for other users
◦ a for all users
• = set permissions for files, + add permissions to those already set and –
removes permissions
• The final letters indicate which of the r,w,x permissions to set
◦ Or use the capital X to set the x permission, but only for directories and
already executable files

Specifying Permissions for chmod – numeric mode

• The other mode in which chmod can be used is the numeric mode.
◦ In the numeric mode, the file permissions aren't represented by
characters. Instead, they are represented by a three-digit octal number

4 = read
2 = write
1 = execute
0 = no permission
• To get the permission bits you want, you add up the numbers accordingly.
◦ the rwx permissions would be 4+2+1=7, rx would be 4+1=5, and rw would be
4+2=6
Special Directory Permission: Sticky

• The sticky bit is a permission bit that protects the files within a directory
◦ If a directory has the sticky bit set, a file can be deleted only by the
file owner, the directory owner or by root
◦ The sticky bit prevents a user from deleting other user's files from
public directories such as /tmp
• Expressed with a t (mnemonic: temporary) in a listing
• Enable 'sticky' with:
chmod +t /data/tmp

Special File Permission: setuid


• setuid means set user ID upon execution
• If setuid bit is turned on a file, user executing that executable file gets
the permissions of the individual or group that owns the file.
• You need to use the ls -l or find command to see setuid programs
• All setuid programs displays S or s in the permission bits of the ls command
• Enable setuid by:
chmod u+s /usr/local/bin/program

Special Directory Permission: setgid


• If the setgid bit on a directory entry is set, files in that directory will
have the group ownership as the directory, instead of the group of the user
that created the file.
◦ And directories created within it acquire both the group ownership and
setgid permission
• This attribute is helpful when several users need access to certain files. If
the users work in a directory with the setgid attribute set then any files
created in the directory by any of the users will have the permission of the
group.
◦ For example, the administrator can create a group called spcprj and add
the users Kathy and Mark to the group spcprj. The directory spcprjdir can
be created with the set GID bit set and Kathy and Mark although in
different primary groups can work in the directory and have full access to
all files in that directory, but still not be able to access files in each
other's primary group.
• The following command will set the GID bit on a directory:
chmod g+s spcprjdir
• Expressed with an s in the group position in a listing:
drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir

Special File Permission: setgid


• setgid permission may also be applied to executable files
• A process run from a setgid file acquires the group id of the file.
• Note: Linux does not directly allow scripts to be setgid – only compiled
programs
Default Permission: umask
• The umask command allows you to affect the default permissions on files and
directories you create
umask 002
• The argument is calculated by adding together the numeric values for the rxw
permissions you do not want on the new files and directories
◦ This example has just 2 – avoid world-writable , but turn everything else
on

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy