Activity2 Managing File Ownership and Per Missions
Activity2 Managing File Ownership and Per Missions
Activity2 Managing File Ownership and Per Missions
Objectives:
• Control file access permissions on files as well as directories
• Maintain security using access modes such as suid, sgid, and sticky bit
• Change the file creation mask
• Grant file access to group members
Concepts
• Linux is a multiuser operating system and therefore, each user belongs to a
primary group and may also belong to other groups as well.
◦ This will allow system admins to manage security for collections of people
with different requirements
• Linux keeps track of different users by their username.
◦ Advance features allow different users to have different privileges
• Ownership of files and access authority are closely related to user ids and
and groups
The su Command
• su will allow one user to run commands as other users
◦ Quick way of logging off and back on again
◦ su will prompt you for the password of the user you are switching to.
Who Am I?
• If you have become another user, your prompt may include your user id
(username), if not, then you can use the whoami command to check your current
effective id
User/Owner
The username of the person who owns the file. By default, the user who
creates the file will become its owner.
Group
The group of users that owns the file.
All users who belong into the group that owns the file will have the same
access permissions to the file.
Example: You have a project that requires a bunch of different users to be
able to access certain files, while others can't. In that case, you will add
all the users into the same group, make sure the required files are owned by
the group and set the file's group permissions accordingly.
Other
A user who is not the owner of the file and does not belong in the same group
the file does.
If you set a permission for the “other” category, it will affect everyone
else by default.
The three types of access permissions on Linux: read, write, execute. These
permissions are defined separately for the file's owner, group, and all other
users.
Read
On a regular file, the read permission bit means the file can be opened and
read. On a directory, the read permission means you can list the contents of
the directory.
Write
On a regular file, this means you can modify the file (write new data).
In case of a directory, the write permission means you can add, remove, and
rename files in the directory.
Execute
This means that you can execute the file as a program or a shell script.
On the directory, the execute permission (also called the search bit) allows
you to access files in the directory and enter it with the cd command
Examining Permissions: ls -l
• The other mode in which chmod can be used is the numeric mode.
◦ In the numeric mode, the file permissions aren't represented by
characters. Instead, they are represented by a three-digit octal number
◦
4 = read
2 = write
1 = execute
0 = no permission
• To get the permission bits you want, you add up the numbers accordingly.
◦ the rwx permissions would be 4+2+1=7, rx would be 4+1=5, and rw would be
4+2=6
Special Directory Permission: Sticky
• The sticky bit is a permission bit that protects the files within a directory
◦ If a directory has the sticky bit set, a file can be deleted only by the
file owner, the directory owner or by root
◦ The sticky bit prevents a user from deleting other user's files from
public directories such as /tmp
• Expressed with a t (mnemonic: temporary) in a listing
• Enable 'sticky' with:
chmod +t /data/tmp