230 likes | 429 Views
File security and Permissions. A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when created can be accessed in three ways: Reading Writing Executing. Permissions of a file are grouped into three different types: Owner
E N D
File security and Permissions • A file is owned by the user who created it • That user can then specify who can read, write and execute that file • A file when created can be accessed in three ways: • Reading • Writing • Executing
Permissions of a file are grouped into three different types: • Owner • Group • Other
When you create a file the system stores all the information including: • Location of the file • File type • File size • Who owns it and can access it • Time last modified
Look at a typical file listing, using ls –l • $ls –l • Total 4243 • -rwxr-xr-x 1 root root 3756 Oct 14 04:44 dmesg • Total 4243 – this field tell us how much space the files have taken up in the directory • -rwxr-xr-x - this is the permission bit on the file
File permission bit • Type of file, (the first letter) • d : this is a directory • - : this is normal file • l : this is a symbolic link ( a pointer to another file) • First three bits – user or owner • rwx user can read, write and execute • Second three bits – group • r-x group can read and execute but not write • Last three bits – other or rest of world • r-x others can read and execute but not write
1 – number of hard links the file has • Root – this is who owns the actual file • Root – this is default group that root belongs to • 3578 – this is file size in bytes, not kilobytes • Oct 14 - this is the data of the last time the file was modified • Dmesg – this is the actual file name
permission • Create a file using touch command • $touch myfile • Then do ls –l • Tell the permission of the file • Tell the permission of the following files • -rwxrwxr-x • -rwx- -x- -x • -r-xr-x--x
Changing permission bits • You can change the permission bits of files you own to whatever you feel comfortable with • You can change the permission using command chmod • This command can used in a short way using absolute mode or a long way using the symbolic mode
Symbolic mode • The general format of the chmod command is • $chmod [who] operator [permission] filename • Who means : • u the user permission • g the group permission • o the other permission • a means all (user, group and other) • Operator means: • + add a permission • - take away a permission • = set permission
Permission means: • R read permission • W write permission • X execute permission • Examples • $chmod a-x myfile take away all execute permission • $chmod og-w myfile take away write from group and other • $chmod g+w myfile add write to group • $chmod u+x myfile add excute to owner • $chmod go+x myfile add execute to group and other
Absolute mode • The general format for the absolute mode is • $chmod [mode] file • Where mode is an octal number • 0400 owner can read • 0200 owner can write • 0100 owner can execute • 0040 group can read • 0020 group can write • 0010 group can execute • 0004 other can read • 0002 other can write • 0001 other can execute
Absolute mode • To specify the permissions, all we have to do is look at the table to get the required permissions for the user, group and other. Now add the octal numbers up for each corresponding permission set • Maximum mode you can give is 7 • -rw-r—r-- the permission would be 644 • 0400+0200 = 0600 • 0040 = 0040 • 0004 = 0004 • = 0644
Working out the symbolic modes My file has the following permission 644 R w - r - - r - - 4 2 4 4
More chmod exmaples • $chmod 666 rw-rw-rw- • $chmod 644 rw-r—r— • $chmod 744 rwxr—r— • $chmod 664 rw-rw-r— • $chmod 700 rwx------ • $chmod 555 • $chmod 755
Directory permission • Read bit means to be able to list the contents of the files • Write bit means you can create files in this directory • The execute bit means to have the privilege to search or access that directory