File & Directory Permissions

Permissions
also called mode

Symbolic permission

Symbol Type
- regular file
d directory
l symbolic link (
r read
w write
x execute

Permissions Read, Write and Execute

Read (r)
file- allows a file to be read
directory- allows file names in directory to be read
Write (w)
file- allows a file to be modified
directory- allows entries to be modified within the directory
Execute (x)
file- allows the execution of a file
directory- allows access to contents and metadata for entries

first slot is always for r, second is for w and third is x
Value for r = 4
value for w -2
value for x- 1

binary to base ten
for example:
011- -wx [021] 3
100 r - - [400] 4
111- rwx [421] 7
001- - - x [001] 1

not allowed to set default permissions to executable permissions



Levels of Ownership
u g o a ( user, group, other, all)
CAN ONLY HAVE 3 SLOTS PER LEVEL OF OWNERSHIP
rwx rwx rwx rwx r-x r--
• User (u)- refers to the user who is in charge of the file. Normally the user who created the file
• Every user is in at least one group
• Users can belong to many groups
• Group(g)- refers to the group associated with a specific file
• groups are used to organize users
• The Groups command displays a user's groups
• Can also use the command 'id -Gn'
• Other (o)- refers to any other user not identified with eithe/Dr the group or user a for a file
• All (a)- refers to all or everybody
symbolic: rwx r-x r--CAN ONLY HAVE 3 SLOTS PER

this screen shows an example of the permission and also highlights that if you see a name similar to the user name ('ger') then the second slot is the primary group. Doesn't always have to be the same name as user

MAKE SURE YOU ALWAYS VERIFY YOUR WORK !!
Chmod

Chmod-to modify permission (permission only)
can add, subtract or set permission
revoke /subtract -
add / grant +
set =

Using Chmod

• for example revoking/ your subtracting with the actual letter (r, w, x ) :chmod g-r filename
• adding: chmod: chmod g+x filename
• setting: chmod
• using all: chmod a=-rw filename
• using the decimal number: chmod 644 filename or chmod 777 filename
• another example setting each (u, g, o): chmod u=rw, g-x, o-x filename

! Always verify !
there are several ways to get the same results!!

Changing Ownership

chown (change owner)- changes file owner and group
note: owner is unchanged if missing and group is unchanged if missing.
group and user must exist before you can change it
for example:
$chown user:group file or directory
$chown username file
$chown :contractors directory2
chgrp -changes file group only
for example: chgrp group file or directory
changing both user and group at the same time: chown ger:finance filename

umask-
• is a command that determines the settings of a mask that controls how file permissions are set for newly created files.
• It may also affect how the file permissions are changed explicitly
• shell setting that revolts the default settings for permissions
• setting umask for a specific user
• standard user can change their own umask
• root can change other users umask
• umask (desired umask #)
• vi /hom/ger/
• for older files would possibly have to go back to and edit the original file
Default permissions for files that you subtract from are 666 to get what the permission , maximum file permission
Default permissions for directory are 777
700- 7 is all of them 0 deny
when you reset the machine it goes back to default setting
for example:
umask 027
umask numeric permission
coming from shell configuration file
etc/profile (umask system global
bash_profile

Special Permission

setuid-
• SUID- run as owner
• set user ID on execution
• special type of file permission
• security tool that permits users to run certain programs with escalated privileges
• when an executable file's 'setuid' permission is set, users may execute that program with a level of access that matches the user who owns the file

setgid
• set group ID
• SGID- run as group owner and in directory inherent directory group owner
• has an effect on both files and directories
sticky bit
• sticky bit- within directory, can delete only if you are the owner
• all the files inside directory will be modifiable only by their owners

Managing Special Permissions

SUID
• chmod 4770 myfile
• chmod u+s myfile
SGID
• chmod 2770 mydir
• chmod g+s mydir

Access Control Lists (ACLs)

provides an additional, more flexible permission mechanism for file access to users or grups
• #getfacl filename ( to show permissions, use:
• #setfacl -m u:yellowtail:rwx abu ( set all permissions for user "yellowtail" to file named "abc"
• #setfacl -R -m g:somegroup:rx /data/groups
• #setfacl -m d:g:somegroup:rx /data/groups
set, read, and execute permission recursively for the group to the directory '/data/groups'

if you see a little plus behind the permission an acl is effective
Manipulating Files

'cat' -
• Unix standard
• utility that reads files sequentially, writing them to standard output
• derived from its function to "concatenate " files
'Less
a terminal pager program used to view the contents of a text file on screen at a time but has the extended capability of allowing both forward and backward navigation through the file compared to 'more'
makin this more powerful
'More'
a command to view the contents of a text file one screen at a time
i.e.: # more filename
head
prints the first 10 lines of each file to standard output
i.e: #head filename
#head /etc/passwd
tail
prints the last 10 lines of each file to standard output
#tail filename
#tail /etc/passwd
#tail -n5

Redirection

STD1N Standard Input
STDERR Standard Error
STDOUT Standard Output
Piping- command in Linux that lets you use two or more commands
> output redirection
>> output redirection (add)

< redirection standard input
| pipe

To apply changes without restarting your machine

$ exec bash
$ umask



uppercase s
if executable is present- lowercase s