chapter 17
permission file type
-rw-r--r--. 1 root root 4135 May 27 21:08 /etc/passwd The first character of each line indicates the type of file. Possible values for file types: - regular file c character file d directory p pipe file l symbolic link s socket file b block file
group owner
-rw-r--r--. 1 root root 4135 May 27 21:08 /etc/passwd 5-7 indicate permissions for the group that owns the file.
other permissions
-rw-r--r--. 1 root root 4135 May 27 21:08 /etc/passwd 8-10 other or what is sometimes refer to as the world permissions
user owner
-rw-r--r--. 1 root root 4135 May 27 21:08 /etc/passwd Characters 2-4 indicate the permissions for the user that owns the file.
permission groups
-rw-r--r--. 1 root root 4135 May 27 21:08 /etc/passwd next 9 charter are permissions of the file he level of access a user will have on the file
how to unmask work
Assume that the umask is set to 027: File default 667 Umask -027 Result 640 The 027 umask means that, by default new files would receive 640 or rw-r----- permissions
numeric methods
Based on the octal numbering system where each permission type is assigned a numeric value. r read w write x execute Numeric values: 4 = Read, 2 = Write, 1 = Execute 7 = rwx 3 = -wx 6 = rw- 2 = -w- 5 = r-x 1 = --x 4 = r-- 0 = ---
permission type
Each group is attributed three types of permissions: read, write, and execute:
user owner, group owner, other
Each group is attributed three types of permissions: read, write, and execute:
Write
File - Can be written to by the process. The w permission requires r permission to work. Directory - Files can be added to or removed from the directory. The w permission requires the xpermission to work.
execute:
File - a file can be executed or run as a process. Directory - User can use the cd command to get into directory and use pathname to access files in directory.
read:
File - allows process to read contents of the file, which means contents can be viewed and copied. Directory - Names of directory are listed, but no other details are available.
Maximum default values for files and directories:
File = rw-rw-rw- Directory = rwxrwxrwx
changing group ownership chgrp command
To change the group owner of existing file
UIDs and GIDs
are associated with username and group name.
id command
can be used to view user UID, GID, username, and group name(s).
Symbolic Method
chmod (change mode) command is used to change permissions on a directory.
ls command
file ownership cane confirmed using the long list -1 option sysadmin@localhost:~$ ls -l /tmp/filetest1
File Ownership
is critical for security by default : user will own the files they create ownership can be changed by admin every file also has a group owner by default : primary group of user who create file will be group of any new files
unmask value
is subtracted from the maximum allowable default permissions.
unmask command
is used to determine default permissions that are set when a file or directory is created.
touch command ( when a user creates a file )
it will belong to the current user and there primary group sysadmin@localhost:~$ touch /tmp/filetest1
bob have access on the file abc.txt
none befor anything with the file, user must first "get into " the /data directory permission for bob / data for "other " (r--) then bob will be able to get in the directory meaning that permissions of the file itself would apply
Lastly, use the following characters to specify the permission type to change:
r read w write x execute
to give user owner red permission on the file abc.txt
root@localhost:~# chmod u+r abc.txt
abc.txt to be rwxr-xr--
root@localhost:~]# chmod 754 abc.txt
changing permissions two techniques
symbolic and numeric
chgrp command
the root user can use the command to change group owner of any file a regular user can change group owner of the file to a group they are a member of
changing group newgrp command
to create a file under a different group : the command will change the current primary group
groups command
to view user group information to verify use the id command so, id newgrrp research id
Characters indicate which permission group (user, group, others) to apply the changes to:
u - user owner g - group owner o - other a - all(all three )
display permissions and file type of a file
use ls -l command
Next, choose an indicator to indicate how to modify permissions:
+ add - remove = equal