Linux file system permissions
Access to files by users are controlled by file permission. The Linux file permissions system is simple but flexible, which makes it easy to understand and apply, yet able to handle most normal permission cases easily.
There are also just three categories of permissions which apply: read, write and execute. These permissions affect access to files and directories as follow:
r(read) - Content of the file can be read and content of the directory (file names) can be listed.
w(write) - Content of the file can be changed and any file in the directory may be created or deleted.
x(exec) - File can be executed as commands and Content of the directory can be accessed (dependent on the permissions of he files in the directory).
Changing file/directory permissions
The command used to change permissions from the command line is chmod, short for "change mode" (permissions are also called the mode of a file). The chmod command takes a permission instruction followed by a list of files or directories to change. The permission instruction can be issued either symbolically (the symbolic method) or (the numeric method).
Symbolic method keywords:
chmod WhoWhatWhich file|directory
Who is u,g,o,a (for user,group,other,all)
What is +,-,= (for add, remove, set exactly)
Which is r,w,x (for read, write, executable)
Numeric method:
chmod ### file | directory
Each digit represents an access level: user, group, other.
# is sum of r=4 ,w=2, and x=1.
Using the numeric method, permissions are represented by a three-digit (or four, when setting advance permissions) octal number. A single octal digit can represent the numbers 0-7, exactly the number of possibilities for a three-bit number.
Examples
Remove read and write permission for group and other on file1:
[student@desktop ~]$ chmod go-rw file1
Add execute permission for everyone on file2
[student@desktop ~]$ chmod a+x file2
Set read,write,and execute permission for user,read, and execute for group, and no permission for other on sampledir.
[student@desktop ~]$ chmod 750 sampledir
Changing file/directory user or group ownership
File ownership can be changed with the chown command. For example, to grant ownership of the file foofile to student, the following command could be used:
[root@desktop ~]$ chown student foofile
chown can be used with the -R option to recursively change the ownership of an entire directory tree. The following command would grant ownership of foodir and all files and subdirectories within it to student:
[root@desktop ~]$ chown -R student foodir
The chown command can also be used to change group ownership of a file by preceding the group name with a colon (:). For example, the following command will change the group foodir to admins:
[root@desktop ~]$ chown :admins foodir
The chown command can also be used to change both owner and group at the same time by using the syntax owner:group. For example, to change the ownership of foodir to visitor and the group to guests, use:
[root@desktop ~]$ chown visitor:guests foodir
Only root can change the ownership of a file. Group ownership, however, can be set by root or files owner. root can grant ownership to any group, while non-root users can grant ownership only to groups they belong to.
Special permisions
The setuid (or setgid) permission on an executable file means that the command will run as the user (or group) of the file, not as the user that ran the command. One example is the passwd command:
[student@desktop ~]$ ls -l /usr/bin/passwd
-rwsr-xr-x. 1 root root 35504 jul 16 2010 /usr/bin/passwd
The sticky bit for a directory sets a special restriction on deletion of files: Only the owner of the file (and root) can delete files within the directory. An example is /tmp:
[student@desktop ~]$ ls -ld /tmp
Effect of special permissions on files and directories
u+s (suid) - File executes as the user that owns the file, not user that ran the file. No effect on directories.
g+s (sgid) - File execute as the group that owns the file. and Files newly created in the directory have their group owner set to match the group owner of the directory.
o+t (sticky) - No effect on files. and Users with write on the directory can only remove files that they own; they cannot remove or force saves to files owned by others users.
Setting special permission
symbolically; setuid = u+s; setgid = g+s; sticky = o+t
Numerically (Fourth preceding digit): setuid = 4; setgid=3;
sticky = 1
Examples;
Add the setgid bit on directory
[root@desktop ~]$ chmod g+s directory
set the setgid bit, and read/write/execute for user and group on directory:
[root@desktop ~]$ chmod 2770 directory
Access to files by users are controlled by file permission. The Linux file permissions system is simple but flexible, which makes it easy to understand and apply, yet able to handle most normal permission cases easily.
There are also just three categories of permissions which apply: read, write and execute. These permissions affect access to files and directories as follow:
r(read) - Content of the file can be read and content of the directory (file names) can be listed.
w(write) - Content of the file can be changed and any file in the directory may be created or deleted.
x(exec) - File can be executed as commands and Content of the directory can be accessed (dependent on the permissions of he files in the directory).
Changing file/directory permissions
The command used to change permissions from the command line is chmod, short for "change mode" (permissions are also called the mode of a file). The chmod command takes a permission instruction followed by a list of files or directories to change. The permission instruction can be issued either symbolically (the symbolic method) or (the numeric method).
Symbolic method keywords:
chmod WhoWhatWhich file|directory
Who is u,g,o,a (for user,group,other,all)
What is +,-,= (for add, remove, set exactly)
Which is r,w,x (for read, write, executable)
Numeric method:
chmod ### file | directory
Each digit represents an access level: user, group, other.
# is sum of r=4 ,w=2, and x=1.
Using the numeric method, permissions are represented by a three-digit (or four, when setting advance permissions) octal number. A single octal digit can represent the numbers 0-7, exactly the number of possibilities for a three-bit number.
Examples
Remove read and write permission for group and other on file1:
[student@desktop ~]$ chmod go-rw file1
Add execute permission for everyone on file2
[student@desktop ~]$ chmod a+x file2
Set read,write,and execute permission for user,read, and execute for group, and no permission for other on sampledir.
[student@desktop ~]$ chmod 750 sampledir
Changing file/directory user or group ownership
File ownership can be changed with the chown command. For example, to grant ownership of the file foofile to student, the following command could be used:
[root@desktop ~]$ chown student foofile
chown can be used with the -R option to recursively change the ownership of an entire directory tree. The following command would grant ownership of foodir and all files and subdirectories within it to student:
[root@desktop ~]$ chown -R student foodir
The chown command can also be used to change group ownership of a file by preceding the group name with a colon (:). For example, the following command will change the group foodir to admins:
[root@desktop ~]$ chown :admins foodir
The chown command can also be used to change both owner and group at the same time by using the syntax owner:group. For example, to change the ownership of foodir to visitor and the group to guests, use:
[root@desktop ~]$ chown visitor:guests foodir
Only root can change the ownership of a file. Group ownership, however, can be set by root or files owner. root can grant ownership to any group, while non-root users can grant ownership only to groups they belong to.
Special permisions
The setuid (or setgid) permission on an executable file means that the command will run as the user (or group) of the file, not as the user that ran the command. One example is the passwd command:
[student@desktop ~]$ ls -l /usr/bin/passwd
-rwsr-xr-x. 1 root root 35504 jul 16 2010 /usr/bin/passwd
The sticky bit for a directory sets a special restriction on deletion of files: Only the owner of the file (and root) can delete files within the directory. An example is /tmp:
[student@desktop ~]$ ls -ld /tmp
Effect of special permissions on files and directories
u+s (suid) - File executes as the user that owns the file, not user that ran the file. No effect on directories.
g+s (sgid) - File execute as the group that owns the file. and Files newly created in the directory have their group owner set to match the group owner of the directory.
o+t (sticky) - No effect on files. and Users with write on the directory can only remove files that they own; they cannot remove or force saves to files owned by others users.
Setting special permission
symbolically; setuid = u+s; setgid = g+s; sticky = o+t
Numerically (Fourth preceding digit): setuid = 4; setgid=3;
sticky = 1
Examples;
Add the setgid bit on directory
[root@desktop ~]$ chmod g+s directory
set the setgid bit, and read/write/execute for user and group on directory:
[root@desktop ~]$ chmod 2770 directory
Great Article
ReplyDeleteFinal Year Projects for CSE in R
FInal Year Project Centers in Chennai
JavaScript Training in Chennai
JavaScript Training in Chennai