Scribd
Upload
6 views

Permissions Topic

The document outlines the concepts of users, groups, and permissions in a Linux environment, detailing how users are identified by unique User IDs (UIDs) and how groups are identified by Group IDs (GIDs). It explains file ownership, permission types, and the methods to change file ownership and permissions using commands like chown and chmod. Additionally, it describes the precedence of permissions and the representation of file types.

Uploaded by

mithun
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
6 views

Permissions Topic

The document outlines the concepts of users, groups, and permissions in a Linux environment, detailing how users are identified by unique User IDs (UIDs) and how groups are identified by Group IDs (GIDs). It explains file ownership, permission types, and the methods to change file ownership and permissions using commands like chown and chmod. Additionally, it describes the precedence of permissions and the representation of file types.

Uploaded by

mithun
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Users, Groups and Permissions

Users
 Every user is assigned a unique User ID number (UID)
o UID 0 identifies root
 Users' names and UIDs are stored in /etc/passwd
 Users are assigned a home directory and a program that is run
when they log in (usually a shell)
 Users cannot read, write or execute each others' files without
permission

Groups
 Users are assigned to groups
 Each group is assigned a unique Group ID number (gid)
 GIDs are stored in /etc/group
 Each user is given their own private group
o Can be added to other groups for additional access
 All users in a group can share files that belong to the group

Linux File Security


 Every file is owned by a UID and a GID
 Every process runs as a UID and one or more GIDs
o Usually determined by who runs the process
 Three access categories:
o Processes running with the same UID as the file
(user)
o Processes running with the same GID as the file
(group)
o All other processes (other)

Permission Precedence
 If UID matches, user permissions apply
 Otherwise, if GID matches, group permissions apply
 If neither match, other permissions apply

Permission Types
 Four symbols are used when displaying permissions:
o r: permission to read a file or list a directory's
contents
o w: permission to write to a file or create and
remove files from a directory
o x: permission to execute a program or change into
a directory and do a long listing of the directory
o -: no permission (in place of the r, w, or x)

Examining Permissions
 File permissions may be viewed using ls -l
$ ls -l /bin/login
-rwxr-xr-x 1 root root 19080 Apr 1 18:26 /bin/login

 File type and permissions represented by a 10-


character string

Interpreting Permissions
-rwxr-x--- 1 andersen trusted 2948 Oct 11 14:07 myscript

 Read, Write and Execute for the owner, andersen


 Read and Execute for members of the trusted group
 No access for all others

The Seven Fundamental Filetypes


ls -l symbol File Type
- regular file
d Directory
l symbolic link
b block special file
c character special file
p named pipe
s Socket

Changing File Ownership


 Only root can change a file's owner
 Only root or the owner can change a file's group
 Ownership is changed with chown:
o chown [-R] user_name file|directory
 Group-Ownership is changed with chgrp:
o chgrp [-R] group_name file|directory

Changing the permissions.

In above screenshot student not able to create a file in /student dir. Because
/student dir is owned by user root group owned root and also other have
read and execution permissions there is no write permission. Therefore we
need to change the owner as a student for /student.
[root@server1 ~]# chgrp student /student

[root@server1 ~]# ls -ld /student

drwxr-xr-x. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]#

[root@server1 ~]# chown student:student /student/

Changing Permissions - Symbolic Method


 To change access modes:
o chmod [-R] mode file
 Where mode is:
o u,g or o for user, group and other
o + or - for grant or deny
o r, w or x for read, write and
execute
 Examples:
o ugo+r: Grant read access to all
o o-wx: Deny write and execute to
others
[root@server1 ~]# ls -ld /student

drwxr-xr-x. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]# chmod o-rx /student

[root@server1 ~]# ls -ld /student


drwxr-x---. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]# chmod g+w /student

[root@server1 ~]# ls -ld /student

drwxrwx---. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]# chmod u=rwx,g=rx,o=r /student

[root@server1 ~]# ls -ld /student

drwxr-xr--. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]# chmod u=rwx,g=rwx,o=rwx /student

[root@server1 ~]# ls -ld /student

drwxrwxrwx. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]# chmod a-rwx /student

[root@server1 ~]# ls -ld /student

d---------. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]# chmod a=rwx /student

[root@server1 ~]# ls -ld /student

drwxrwxrwx. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]# chmod g-w /student/

[root@server1 ~]# chmod o-w /student/

[root@server1 ~]# ls -ld /student

drwxr-xr-x. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]#

Changing Permissions - Numeric


Method
 Uses a three-digit mode number
o first digit specifies owner's
permissions
o second digit specifies group
permissions
o third digit represents others'
permissions
 Permissions are calculated by
adding:
o 4 (for read)
o 2 (for write)
o 1 (for execute)
 Example:
o chmod 640 myfile
[root@server1 ~]# ls -ld /student

drwxr-xr-x. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]# chmod 744 /student/

[root@server1 ~]# ls -ld /student

drwxr--r--. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]# chmod 777 /student/

You have new mail in /var/spool/mail/root

[root@server1 ~]# ls -ld /student

drwxrwxrwx. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]# chmod 755 /student/

[root@server1 ~]# ls -ld /student

drwxr-xr-x. 2 student student 23 Nov 11 09:15 /student

[root@server1 ~]#

You might also like