File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission

File Permission and Access


Module 6 File Permission and Access

♦ IntroductionLinux is a multi-user system where users can assign different access permission to their files. Access permissions can be set per file for owner, group and others on the basis of read (r), write (w) and execute permissions (x).

♦ Topics► File Permissions and Access► Types of Access► Who has to Access to a File?► Access Control Lists

Contd…


File Permissions and Access

♦ Every file is owned by a particular user.

♦ File permissions specifies who has the access to file and what type of access the user has.

♦ On a Linux system, there is typically more than one user that provides a mechanism known as file permissions (rwx), which protect user files from accessing by other users.

♦ Types of permissions► r – read ► w –write ► x –execute

Contd…


File Permissions and Access

♦ read permissionThe read permission lets a user read the contents of the file. For directories, read permission lets the user list the contents of the directory (using ls).

♦ write permisisonThe write permission lets the user write and modify the file. For directories, write permission lets the user create new files or delete files within the directory.

♦ execute permissionThe execute permission lets the user run the file as a program or shell script (if the file is a program or shell script). For directories, execute permission lets the user open the directory.


Types of Access

♦ In Linux, every file or folder has access permissions. There are three types of permissions.► read access ► write access ► execute access

♦ Permissions are defined for three types of users:► owner of the file ► group that the owner belongs to ► other users

Contd…


Types of Access

♦ Default file permissionsBy default, the Linux system assigns certain permissions to a newly created file. The maximum permissions that we can set for an ordinary file is 666 and for directories and an executable files is 777.

► The default file permission for an ordinary user is 664 and for root it is 644.

♦ Displaying the umask► The default umask file permissions for ordinary users are 002 and for root

it is 022.where,

• 002 imply masking write permission for others and • 022 implies masking write permission for the group and others.

Contd…


♦ Displaying the umask

► To display the default mask use the umask command.Example

# umask

♦ Displaying the default umask value

Types of Access

Contd…


♦ Changing the umask

► To change the default umask use the commandSyntax

# umask <umask value>

Example: umask 004

Types of Access


Access permission user(owner) group

Who has to Access a File?

♦ The owner and the root have the main access rights over a file. ♦ Example

► First column gives the access permissions to the user, group and others. ► Second column shows the user or owner of the file. ► Third column shows the group to which the file belongs.

Contd…


♦ Changing permissions

► chmod command► chmod changes the access permissions according to the options for

directories and files.

Syntax

# chmod o+w <filename>


Contd…



♦ The chmod command can be used with alphanumeric or numeric options.► Example of symbolic method► chmod u+rw,g-rwx,o-rwx file1

• The above example, adds the read and write permission to the user (owner) removes the read, write and execute permission from the group to which the file belongs and removes the read, write and execute permissions for others.

► Example of numeric method ► # chmod 600 file1

• 6 indicates user (owner), 0 indicates group and the last number 0 indicates others.

Contd…



♦ Changing ownership

► chown command• chown changes the owner and group of the file and directory.

► Syntax• # chown <username> <filename>

► Example• # chown user1 file1.txt

Contd…


♦ Special File Permissions

► There are three types of special file permissions

• set user identity (SUID)

• set group identity (SGID)

• sticky bit


Contd…



Contd…

♦ SUID or setuid

► It is represented by the character ‘s’ in the user permission field. ► When this mode is set on an executable file, the other users can login and

run the executable file.

► The root’s id is set to the process.Syntax

#chmod u+s <program name>where,

u – user

s - suid


Contd…

♦ SGID or setgid

► It is also represented by the character ‘s’ in the group permission field.

► The sgid permission for the user’s own directory is set by the user.

► When any other user creates a new file, the file gets the group membership to which the directory belongs to and not to the primary group of the user.

Syntax

chmod g+s <directory name>where,

g – group

s – suid

♦ Example: $ chmod g+s test




♦ Sticky bit► If the sticky bit is set on directory, even others can read and write the data

to the file, but can not delete the file except the owner.

Syntax

#chmod o+t <directory name>• where,• o – others• t - sticky bit

♦ Example: # chmod o+t /tmp

Contd…


Access Control Lists (ACLs)

♦ ACL is an object associated with a file and contains entries specifying the access that individual users or groups of users have to the file.

♦ It provides a simple way of granting or denying access for a specified user or groups of users on single file at the same time.

♦ Using the chmod command the user can set permissions to owner, group or others.

♦ Using ACL, the owner can set the different permissions on a single file for different users.

Contd…


Contd…

♦ Setting ACL using Setfacl

► setfacl - set file access control lists► Syntax

setfacl – <option> u:<username>:<permissions> <filename>




Contd…

♦ Getting ACL using getfacl► The getfacl displays the file name, owner, the group, and the Access

Control List (ACL).

► Syntax# getfacl <filename>


Contd…


♦ Copying ACL► The acl’s can be copied to any files, for which the files get the same acl

permissions from its source file. ► Syntax

getfacl <acl filename> | setfacl --set-file= - <filename>where,

--set-file options set the acl of a file or a directory


Lab Exercise

♦ Change the permission of the following file using chmod command. -rwx-rw-r-- file2.txt

♦ From the following example change the permissions to

► User – read, write, execute► Group – read and execute ► Others - only execute

Documents

File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission