Linux is a multiuser operating system however this raises security issues, in this article we cover users, permissions, and changing permissions.
Table of contents.
- Classes of users.
- Changing file permissions.
- Changing file permissions(numeric).
- Changing file and group ownership.
- Special permissions.
Just like the UNIX operating system, linux is a multi-user operating system, that is, it can be accessed and used by multiple users concurrently and hence the the wide use in mainframes and servers.
However, this access brings about security concerns in that a malicious user can change, corrupt or delete crucial files holding important data.
To handle this concern unix introduced file permissions which specify how much power each user has over any given file or directory.
Classes of users.
Owners: This is the owner of the file, might or might not be the creator of it.
Group: This is the group to which the owner belongs to.
Others: This is everyone else who has access to the system.
Read: This involves reading, opening, viewing or copying a file.
Write: This will involve writing, changing, deleting or saving a file.
Execute: This involves execution or invoking of a file.
To view file permissions we execute the following command.
We can also write,
The output is as follows.
-rwxr-xr-x 3 user group1 935 May 28 2021 zrsv.exe drwxr-xr-x 2 user group2 74 Jan 16 12:42 dir0 -rwxr-xr-x 5 user group3 1.6K Jul 21 2018 file7.sh drwxr-xr-x 1 user group1 55 Nov 3 12:42 directory1 -rw-r--r-- 1 user group1 13K Jun 5 2021 fileXYZ.docx
Directories are indicated by d and other regular files are represented by -.
r, w, x represent read, write and execute permissions respectively.
The first left column(drwxr-xr-x) is grouped into three parts, these represent the different levels of ownership(classes of users) namely the owners, groups and others respectively.
Changing file permissions.
In linux chmod command is used for changing file permissions.
The syntax is as follows;
chmod [options] permission filename/directory
Only the owner of a file is allowed to change its permissions.
Therefore to change the permissions, we can use the u to change permissions for the owner, g to change permissions for the group, o for others and a for changing all classes of users.
These characters are accompanied by either + or - used for either adding or subtracting the read, write or execute permissions.
Given a file with the following permissions,
-rw-r--r-- 1 user group1 13K Jun 5 2021 fileXYZ.docx
We can add execute permissions for all classes of user by writing the following,
sudo chmod a+x fileXYZ.docx
Conversely we can remove all execute permissions by writing,
sudo chmod a-x fileXYZ.docx
To add the execute permission for others we write,
sudo chmod o+x fileXYZ.docx
We can also specify multiple classes as follows,
sudo chmod uo+x fileXYZ.docx
The command will add execute permissions for both owners(users) and others.
We can also use the = sign to explicitly assign permissions to user groups as follows.
sudo chmod uo=x directory1
The above command adds execute permissions to directory1 directory.
Changing file permissions(numeric).
We can also use number representations to change file permissions.
The syntax is as follows;
chmod [options] numericPermission filename
For the numericPermission part we can either use a 3 or 4-digit numerical value. When using 3-digit values, they represent the file owner, file group and other users respectively.
The permissions have the following values;
read (r): = 4.
write (w): = 2.
execute (x): = 1.
Permissions numeric value for a user class are represented by the sum of values of the permissions of the group.
Assuming we want to give a file the following permissions,
-rwx-rx--r-- 1 user group1 13K Jun 5 2021 fileXYZ.docx
We can write,
sudo chmod 754 fileXYZ.docx
Owner: rwx = 4 + 2 + 1 = 7.
Group: rx = 4 + 0 + 1 = 5.
Others: r = 4 + 0 + 0 = 4
To check file a file permissions in a numeric form we write,
stat -c "%a% filename
These possible numeric values can be summarized as follows,
7: read, write and execute permissions
6: read and write permissions
5: read and execute permissions
4: read permissions.
Changing file and group ownership.
We can also change a file ownership, this action however can only be performed by a sudoer - sudo user.
We use the chown for changing file ownership and chgrp for changing group ownership.
Given a file as follows,
-rwx-rx--r-- 1 user1 group1 13K Jun 5 2021 fileXYZ.docx
We can change the user who owns it by writing.
sudo chown user2 fileXYZ.docx
We can also change the group it belongs to by writing.
sudo chgrp group2 fileXYZ.docx
Note that both users and groups we intend to give ownership to must exist.
- - as can be seen from the output from ls -l command, they specify nothing.
d - specify a directory, refer from the permissions section.
l - specifies the file or directory as a symbolic link.
s - Specifies setuid/setgid permissions.
t - Specify sticky bit permissions.
These permissions are used to inform the system to run executables as the owner with the owners permission.
sudo chmod +t directory1
The above command sets the setuid/setgid bit on file1.sh
Sticky bit permissions.
When assigned to the permissions on a directory, it is set so that only the file owner can rename a file. This is very useful especially in a shared environment.
sudo chmod +t directory1
The above command sets the sticky bit on directory1.
Implementing file permissions finds its applications in many areas such as securing configuration files from being changed, preventing execution of executables by certain users and much more.
Think of file permissions as keys, once you give a key for access to the whole house, then you cannot prevent the guest from accessing rooms you don't want accessed, in technical terms, once you assign permissions for the whole directory, you may also need to secure files or subdirectories which need not be accessed.
- You can execute the 'command --help' in a linux system.