File security (Standard File Permission)
Write a script that asks for two numbers, and outputs the sum and product (as shown here).
#!/bin/bash echo -n "Enter a number : " read n1 echo -n "Enter another number : " read n2 let sum="$n1+$n2" let pro="$n1*$n2" echo -e "Sum\t: $n1 + $n2 = $sum" echo -e "Product\t: $n1 * $n2 = $pro"
Write a shell script to check to see if the file "/etc/shadow" exists. If it does exist, display "Shadow passwords are enabled." Next, check to see if you can write to the file. If you can,display "You have permissions to edit /etc/shadow." If you cannot, display "You do NOT have permissions to edit /etc/shadow."
#!/bin/bashFILE="/etc/shadow"if [ -e "$FILE" ]thenecho "Shadow passwords are enabled."fiif [ -w "$FILE" ]thenecho "You have permissions to edit ${FILE}."elseecho "You do NOT have permissions to edit ${FILE}."fi
Modify the previous script so that it accepts the file or directory name as an argument instead of prompting the user to enter it.
#!/bin/bashFILE=$1if [ -f "$FILE" ]thenecho "$FILE is a regular file."elif [ -d "$FILE" ]thenecho "$FILE is a directory."elseecho "$FILE is something other than a regular file or directory."fils -l $FILE
. Write a shell script that displays "man", "bear", "dog", "cat", and sheep to the screen with each appearing on a separate line. Try to do this in as few lines as possible.Hint: Loops can be used to perform repetitive tasks.
#!/bin/bashfor ANIMAL in man bear pig dog cat sheepdoecho "$ANIMAL"done
Modify the previous script to accept an unlimited number of files and directories as arguments.Hint: You'll want to use a special variable.
#!/bin/bashfor FILE in $@doif [ -f "$FILE" ]thenecho "$FILE is a regular file."elif [ -d "$FILE" ]thenecho "$FILE is a directory."elseecho "$FILE is something other than a regular file or directory."fils -l $FILEdone
Write a shell script that prompts the user for a name of a file or directory and reports if it is a regular file, a directory, or other type of file
#!/bin/bashread -p "Enter the path to a file or a directory: " FILEif [ -f "$FILE" ]thenecho "$FILE is a regular file."elif [ -d "$FILE" ]thenecho "$FILE is a directory."elseecho "$FILE is something other than a regular file or directory."fi
user owner and group owner -The users and groups of a system can be locally managed in /etc/passwd and /etc/group -every file has a user owner and a group owner
User student owns three files; file1 has student as user owner and has the group student as group owner data.odt is group owned by the group snooker file2 by the group tennis. The last file is called stuff.txt and is owned by the root user and the root group. student@desktopX:~/owners$ ls -lh total 636K -rw-r--r--. 1 student snooker 1.1K Apr 8 18:47 data.odt -rw-r--r--. 1 student student 626K Apr 8 18:46 file1 -rw-r--r--. 1 root tennis 185 Apr 8 18:46 file2 -rw-rw-r--. 1 root root 0 Apr 8 18:47 stuff.txt
mkdir -m
control the permissions of new directories mkdir by default is 775 -m allows you to modify new directory permissions
umask
determines the settings of a mask that controls how file permissions are set for newly created files
Changing file/directory permissions -The command used to change permissions from the command line is chmod, short for "change mode" (permissions are also called the mode of a file). The chmod command takes a permission instruction followed by a list of files or directories to change. The permission instruction can be issued either symbolically (the symbolic method) or numerically (the numeric method). Symbolic method keywords: chmod WhoWhatWhich file|directory Who is u, g, o, a (for user, group, other, all) What is +, -, = (for add, remove, set exactly) Which is r, w, x (for read, write, execute) The symbolic method of changing file permissions uses letters to represent the different groups of permissions: u for user, g for group, o for other, and a for all. With the symbolic method, it is not necessary to set a complete new group of permissions. Instead, it is possible to change one or more of the existing permissions. In order to accomplish this, use three symbols: + to add permissions to a set, - to remove permissions from a set, and = to replace the entire set for a group of permissions. The permissions themselves are represented by a single letter: r for read, w for write, and x for execute. When using chmod to change permissions with the symbolic method, using a capital X as the permission flag will add execute permission only if the file is a directory or already has execute set for user, group, or oth
ec2-user:~/environment $ chmod -c u+x file123 chmod: cannot access 'file123': No such file or directory ec2-user:~/environment $ sudo chmod -c u+x file123 chmod: cannot access 'file123': No such file or directory ec2-user:~/environment $ sudo chmod -c u+x fil123 mode of 'fil123' changed from 0664 (rw-rw-r--) to 0764 (rwxrw-r--) ec2-user:~/environment $ sudo chmod -c +x fil123 mode of 'fil123' changed from 0764 (rwxrw-r--) to 0775 (rwxrwxr-x) ec2-user:~/environment $ sudo chmod -c 000 fil123 mode of 'fil123' changed from 0775 (rwxrwxr-x) to 0000 (---------) ec2-user:~/environment $ sudo chmod -c +rwx fil123 mode of 'fil123' changed from 0000 (---------) to 0755 (rwxr-xr-x)
chgrp you can change the group owner of a file using the chgrp command as well.
ec2-user:~/environment $ sudo chgrp baby foofile ec2-user:~/environment $ ls -l foofile -rw-rw-r-- 1 shah baby 0 Apr 14 17:32 foofile
mprove the previous script to test that the numbers are between 1 and 100, exit with an error if necessary.
echo -n "Enter a number between 1 and 100 : " read n1 if [ $n1 -lt 1 -o $n1 -gt 100 ] then echo Wrong number... elseecho You are great in numbers fi
File Types- When you use ls -l, for each file you can see ten characters before the user and group owner The first character tells us the type of file. Regular files get a - directories get a d symbolic links are shown with an l pipes get a p character devices a c block devices a b sockets an s.
ex: [student@localhost ~]$ ls -ld /bin /usr/bin l rwxrwxrwx. 1 root root 7 May 13 14:11 /bin -> usr/bind r-xr-xr-x. 2 root root 45056 May 13 14:18 /usr/bin
cp -p
keep permissions and time stamps from source files
File Details as far file permission is concerned what command to use?
ls -l
r-Files Read the file see the content of the file Examples: cat, less, vi
r-Directories List the names of the files in the directory see contents of the directory Example: ls, echo *
Using chown to change both the user owner and the group owner.
root@desktopX:/home/student# ls -l FileForstudent -rw-r--r-- 1 student student 0 2008-08-06 14:11 FileForstudent root@desktopX:/home/student# chown root:project42 FileForstudent root@desktopX:/home/student# ls -l FileForstudent -rw-r--r-- 1 root project42 0 2008-08-06 14:11 FileForstudent
You don't even have to type the a.
student@desktopX:~/perms$ chmod +x permissions.txt student@desktopX:~/perms$ ls -l permissions.txt -rwx-wx-wx 1 student student 0 2007-02-07 22:34 permissions.txt
This makes 777 equal to rwxrwxrwx and by the same logic, 654 mean rw-r-xr-- . The chmod command will accept these numbers.
student@desktopX:~/perms$ chmod 777 permissions.txt student@desktopX:~/perms$ ls -l permissions.txt -rwxrwxrwx 1 student student 0 2007-02-07 22:34 permissions.txt student@desktopX:~/perms$ chmod 664 permissions.txt student@desktopX:~/perms$ ls -l permissions.txt -rw-rw-r-- 1 student student 0 2007-02-07 22:34 permissions.txt student@desktopX:~/perms$ chmod 750 permissions.txt student@desktopX:~/perms$ ls -l permissions.txt -rwxr-x--- 1 student student 0 2007-02-07 22:34 permissions.txt
This example gives all of them the write permission.
student@desktopX:~/perms$ chmod a+w permissions.txt student@desktopX:~/perms$ ls -l permissions.txt -rwx-w--w- 1 student student 0 2007-02-07 22:34 permissions.txt
This example removes the group owners read permission.
student@desktopX:~/perms$ chmod g-r permissions.txt student@desktopX:~/perms$ ls -l permissions.txt -rwx---r-- 1 student student 0 2007-02-07 22:34 permissions.txt
This example removes the others read permission.
student@desktopX:~/perms$ chmod o-r permissions.txt student@desktopX:~/perms$ ls -l permissions.txt -rwx------ 1 student student 0 2007-02-07 22:34 permissions.txt
You can also set explicit permissions.
student@desktopX:~/perms$ chmod u=rw permissions.txt student@desktopX:~/perms$ ls -l permissions.txt -rw--wx-wx 1 student student 0 2007-02-07 22:34 permissions.txt
Feel free to make any kind of combination.
student@desktopX:~/perms$ chmod u=rw,g=rw,o=r permissions.txt student@desktopX:~/perms$ ls -l permissions.txt -rw-rw-r-- 1 student student 0 2007-02-07 22:34 permissions.txt
Even fishy combinations are accepted by chmod.
student@desktopX:~/perms$ chmod u=rwx,ug+rw,o=r permissions.txt student@desktopX:~/perms$ ls -l permissions.txt -rwxrw-r-- 1 student student 0 2007-02-07 22:34 permissions.txt
The first example gives the user owner execute permissions.
student@desktopX:~/perms$ ls -l permissions.txt -rw-r--r-- 1 student student 0 2007-02-07 22:34 permissions.txt student@desktopX:~/perms$ chmod u+x permissions.txt student@desktopX:~/perms$ ls -l permissions.txt -rwxr--r-- 1 student student 0 2007-02-07 22:34 permissions.txt
listing user accounts -You can use the following command to list all local user accounts column (columnite lists) command puts your output in nice format.
student@desktopX~$ cut -d: -f1 /etc/passwd | column root ntp sam bert naomi daemon mysql tom rino matthias2 bin student wouter antonio bram sys maarten robrecht simon fabrice
-Only root can change the ownership of a file -Group ownership, however, can be set by root or the file's owner. -root can grant ownership to any group, while non-rootusers can grant ownership only to groups they belong to.
sudo chown shah foofile ec2-user:~/environment $ ls -l foofile -rw-rw-r-- 1 shah ec2-user 0 Apr 14 17:32 foofile
w- write Write/edit the file modify the content Examples: vi, cat, echo
w- directory Create and delete files in the directory write files in a directory Examples: vi, touch, rm
x- execute Execute/run the file as a program run the file using command "./<fileName>"
x- execute Change to the directory use "cd <dirName>" command to enter into the directory
student@devx-ziyo003:~/test$ ls -l proc42.bash -rwxr-xr-- 1 student proj 984 Feb 6 12:01 proc42.bash
- this is a regular file rwx permissions for the user owner r-x permissions for the group owner r-- permissions for others
file permissions Are assigned to user owner, group and other with read, write and execute permissions
Are assigned to user owner, group and other with read, write and execute permissions It is way the system protects against malicious tampering Specify who is allowed to read the file, write to the file, or (if it is an application instead of a text file) who can execute the file
chown
Change Mode, for changing the access permissions of files and directories Only root user, sudoers, and owner of the file/directory can use
chgrp
Change the group owner of a file
file ownership
Just as every user has an ID and is a member of one primary group, every file on a Linux system has one user owner and one group owner associated with it.
-c
See old and new permissions Example: chmod -c 777 /home/testdir/file mode of '/home/testdir/file' changed from 0664 (rw-rw-r--) to 0777 (rwxrwxrwx)
Determine alice's privileges to access and/or modify andyfile3.
[alice@serverX ateam-text]$ echo "text" >> andyfile3 [alice@serverX ateam-text]$ cat andyfile3 text
Navigate to the /home/ateam-text folder.
[alice@serverX ~]$ cd /home/ateam-text
Change the group ownership of the new file to ateam and record the new ownership and permissions.
[andy@serverX ateam-text]$ chown :ateam andyfile3 [andy@serverX ateam-text]$ ls -l andyfile3 -rw-rw-r--. 1 andy ateam 0 Jan 23 12:59 andyfile3
Exit the shell and switch to the user alice with a password of password.
[andy@serverX ateam-text]$ exit [student@serverX ~]$ su - alice Password: password
Record the default user and group ownership of the new file and its permissions.
[andy@serverX ateam-text]$ ls -l andyfile3 -rw-rw-r--. 1 andy andy 0 Jan 23 12:59 andyfile3
Create an empty file called andyfile3.
[andy@serverX ateam-text]$ touch andyfile3
Navigate to the /home/ateam-text folder (remember to open a terminal window first).
[andy@serverX ~]$ cd /home/ateam-text
chown -change owner ship with : in front of group name The chown command can also be used to change group ownership of a file by preceding the group name with a colon (:). For example, the following command will change the group foodir to admins:
[root@desktopX ~]# chown :admins foodir
chown - -ex: granting ownership of file -File ownership can be changed with the chown command (change owner). For example, to grant ownership of the file foofile to student, the following command could be used:
[root@desktopX ~]# chown student foofile
The chown command can also be used to change both owner and group at the same time by using the syntax owner:group. For example, to change the ownership of foodir to visitor and the group to guests, use:
[root@desktopX ~]# chown visitor:guests foodir
chown -r -granting the directory & its files ownership can be used with the -R option to recursively change the ownership of an entire directory tree. The following command would grant ownership of foodir and all files and subdirectories within it to student:
[root@desktopX ~]# chown -R student foodir
Ensure the permissions of ateam-text forbids others from accessing its files.
[root@serverX ~]# chmod 770 /home/ateam-text [root@serverX ~]$ ls -ld /home/ateam-text drwxrwx---. 2 root ateam 6 Jan 23 12:50 /home/ateam-text
Ensure the permissions of ateam-text allows group members to create and delete files.
[root@serverX ~]# chmod g+w /home/ateam-text
Change the group ownership of the ateam-text directory to ateam.
[root@serverX ~]# chown :ateam /home/ateam-text
Exit the root shell and switch to the user andy with a password of password.
[root@serverX ~]# exit [student@serverX ~]$ su - andy Password: password
Create a shared group, ateam, with two new users, andy and alice. The password for these accounts is password
[root@serverX ~]# groupadd ateam[root@serverX ~]# useradd -G ateam -p $(openssl passwd password) andy[root@serverX ~]# useradd -G ateam -p $(openssl passwd password) alice
Create a directory in /home called ateam-text.
[root@serverX ~]# mkdir /home/ateam-text
Become the root user at the shell prompt.
[student@serverX ~]$ sudo -i
