File Permissions
- Every file is owned by a user and group
- Three Access Categories are user, group, others
- Three Permission types are read, write & execute
- suid – command run with permission of owner
- sgid – command runs with group affiliation
- sticky bit – special restriction on deletion of files other than owner
- umask 002 – list permission to withhold (default value)
Permission types
| Letter | Numeric | Permission |
| r | 4 | read |
| w | 2 | create, write & remove files |
| x | 1 | execute |
| - | 0 | no permission |
Changing file permission
# chmod [-R] mode file|directory
where Mode is
| u | user |
| g | group |
| o | others |
| a | all |
| + | grant |
| - | deny |
Changing file ownership
# chown [–R] user file|directory
# chown [-R] user:group file|directory
# chgrp [–R] group file|directory
SUID and SGID Executables
Set on an executable file cause it to run under the user/group security context of file owner/group
SGID Directories
File created in directory with SGID bit set, it belongs to the same group as the directory
Sticky Bit
Only owner can delete the file
# chmod o+t directory
T appears if directory execute permission for others is off
| Octal Mode Number | Description |
| 1000 | Sets the sticky bit |
| 2000 | Sets the setgid bit |
| 4000 | Sets the setuid bit |
Linux Read mode permissions
- Read access on a file allows you to view file
- Read access on a directory allows you to view directory contents with ls command
Write mode permissions
- Write access on a file allows you to write to file
- Write access on a directory allows you to remove or add new files
Execute mode permissions
- Execute access on a file allows to run program or script
- Execute access on a directory allows you access file in the directory
Default File permission
Umask used to withhold permission on file creation
Default User’s umask is 022
File will have 644
Directories will have 755
No comments:
Post a Comment