104.5 Manage file permissions and ownership

Manage access permissions on regular and special files as well as directories.

Use Access Modes such as SUID, SGID and the Sticky Bit to maintain Security

Know How to change the file creation mask

Use the group filed to grant access to group members

Commands : chmod, umask, chown, chgrp

Permissions can be set at the user , group, and other levels

ls -l

shows files and permissions

Understanding File Permisssions

-rw-rw-r—

<leading Character>{owner permission}{group permission}{other’s permission}

<leading Character>{[read bit][write bit][execute bit]}{[read bit][write bit][execute bit]}{[read bit][write bit][execute bi]}

<leading Character> ‘-’ for files and ‘d’ for directories

Above is also interpreted as follows in Octal.

664

r = 4

w = 2

x = 7

‘chmod’ command modifies permission of files and folders

chmod u-w myfile

Takes write permission from user/owner of ‘myfile’

chmod o+w myfile

Add write permission to others

chmod +x myfile

Add executable permission for user, group and other

chmod -R g+r /usr/files

Add read permission to group for all files under /usr/files

chmod ugo+w  myfile

add write permission to all on myfile

Note: ls -lhart /usr/files/*

Shows all attributes under a directory

chmod -R 644 /mydir

modify permissions to all sub directories recursively

‘chown’ command modifies the owner, group or both for files and directories.

chown user1 myfile

Change owner to user1 for myfile

chown users:user1 myfile

Change owner of myfile to user1 and group to users

chown -R users:user1 /user/*

Change owner of myfile and group to users for all files under /user/

Use Access Modes such as SUID, SGID and the Sticky Bit to maintain Security

SUID and SGUID helps regular users to execute programs with  the permission of the root user

‘chattr’ and ‘lsattr’ are used to change and view file attributes.

chattr

chattr +i myfile

set immutable bit. When a file is in immutable mode it is not removable.

chattr +a myfile

set appendable bit. Remind here that ‘>’ create file, ‘>>’ append to file.

chattr -R +i /user/*

Modify(Recursively) all files under /user/ into immutable.

lsattr

lsattr myfile

Shows attribute bits of myfile

lsattr -a /users/*

Shows attributes of all files under /users/directory

Sticky bit protects files and directories so that only root and owner can rename or delete them.

Forces file to remain in memory instead loading from disk.  

Only the owner or root can rename or delete the file

chmod +t myotherfile

Set sticky bit

chmod u+s myotherfile

Set myotherfile to be executed by users with root privileges.

chmod g+s myoherfile

Set myotherfile to be execute by groups with root privileges

Know How to change the file creation mask

The umask command used to set default permissions for new files and directories.

Umask values can be set with three or four digits

Thee digits is typical

Four digits used when setting special permissions

Each bit set in umask command removes that bit in new files or directories.

So, umask tells which permission should NOT be given to new files and directories.

umask u=rw,g=r,o=r

When new files get created users can read and write, groups can read, others can read.

umask

Shows existing options in octal

umask -S

Shows existing options in characters.

umask ugo=r

New files only readable by all.

Use the group filed to grant access to group members

Managing files or directory access at group level is more efficient rather than managing at the user level.

‘chown’ changes user and group, ‘chgrp’ changes only the group.

chgrp users /files/myfile.txt

chgrp -R users /files/*

10 comments

  1. I blog quite often and I seriously appreciate your information. The article has truly peaked my interest.
    I am going to book mark your site and keep checking for
    new details about once a week. I subscribed to your RSS feed
    too.

  2. Like!! I blog frequently and I really thank you for your content. The article has truly peaked my interest.

  3. Excellent goods from you, man. I have understand your stuff previous to and you’re just extremely wonderful.
    I actually like what you have acquired here, certainly like what you’re stating and the way in which you say it.
    You make it enjoyable and you still care for to keep
    it wise. I can’t wait to read far more from you. This is actually a tremendous site.

  4. I’ve been exploring for a bit for any high quality articles or weblog posts on this kind of space .
    Exploring in Yahoo I finally stumbled upon this site.

    Reading this information So i’m happy to express that I’ve an incredibly good uncanny feeling I
    came upon just what I needed. I so much indubitably will make
    certain to do not forget this web site and provides it a glance on a constant basis.

  5. Thank you for sharing your info. I really appreciate your efforts and I
    will be waiting for your next write ups thank you once again.
    adreamoftrains web hosting

  6. What’s up friends, nice paragraph and good arguments commented at this place, I am truly enjoying by
    these.

  7. Hello there! I could have sworn I’ve visited your
    blog before but after going through some of the posts I realized it’s new to me.
    Regardless, I’m certainly pleased I discovered it and I’ll be book-marking it and
    checking back often!

Leave a comment

Your email address will not be published. Required fields are marked *