Permission Management

Published by Admin on

Table of Contents hide
1. Basic Linux Permissions
2. Advanced Linux Permissions
3. Managing Advanced Linux Permissions
4. Managing umask
5. Summary of Commands Used in Permission Management in Linux
  • Linux permissions are a fundamental aspect of system security and user management.

Basic Linux Permissions

  • Linux employs a three-tiered permission system to control access to files and directories. Each file or directory has three main permission types:

Permission Types

    • Read (r): This permission allows viewing the contents of a file or listing a directory’s contents.
    • Write (w): This permission allows modifying a file or creating, renaming, and deleting files within a directory.
    • Execute (x): This permission allows running a file as a program or accessing a directory’s contents.
    • No Permission(-): Permission not given for any operation.

Permission Classes

    • Owner (u): The user who owns the file.
    • Group (g): A group of users who can share the same permissions.
    • Others (o): All other users on the system.

Permission Representation

    • Permissions are displayed using the ls -l command
    • For example :  -rwxr-xr 1 owner group size date name
    This part has 10 characters.
    (a) First character: File type
    → Regular file
    d → Directory
    l → Symbolic link
    Here, – in example means a regular file
    (b) Remaining 9 characters: Permissions
    They are divided into 3 groups of 3:
    rwx : read, write, and execute permissions for the owner.
    r-x : only read and execute permissions for the group.
    r– : Only read permissions for others.
    (c) 1 → represents the number of Links, or shows how many hard links the file has
    Here, 1 means only one link.
    (d) owner → represents File Owner/Name of the user who owns the file
    (e) group → represents Group Name/Group associated with the file
    (f) size → represents File Size/Size of the file in bytes
    (g) date → represents Last Modified Date/Shows when the file was last modified
    (h) name → represents File Name/Actual name of the file or directory
      • Each permission can also be represented in numeric form as :
        • First digit → for Owner
        • Second digit → for Group
        • Third digit → for Others 
        • We have following numeric values for, Read(r) = 4, Write(w) = 2, Execute(x) = 1 operations.
        • For example:
    Numeric Symbolic Description
    777 rwxrwxrwx Full access to everyone (risky)
    755 rwxr-xr-x Common for executables
    700 rwx—— Private to the owner
    644 rw-r–r– Common for files
    600 rw——- Secure private file

    Managing Linux Permissions

    • Basic permissions can be managed using the chmod, chown, and chgrp commands.

    Changing Permissions

      • Using Symbolic Permission Method

        • To add permission: chmod u+x file_name (adds execute for the owner).
        • To Remove permission: chmod g-w file_name (removes write for the group).
        • To set specific permission: chmod o=rw file_name (sets read and write for others).

      • Using the Numeric Permission Method

        • Example: chmod 755 file_name (Owner: rwx, Group: r-x, Others: r-x).

    Changing Ownership

      • Change file owner: chown username file_name.
      • Change file group: chgrp groupname file_name.
      • Change both: chown username:groupname file_name.

    Advanced Linux Permissions

    • Advanced permissions provide greater flexibility for securing files and directories. These include special bits and ACLs (Access Control Lists).

    Using Special Permission Bits

      • SetUID (s):

        • This allows a program to execute with the permissions of its owner.
        • This special bit is commonly used for programs needing elevated privileges (e.g., passwd).
        • For example : chmod u+s file_name (adds SetUID).

      • SetGID (s):

        • This ensures files created in a directory inherit the group ownership of the directory.
        • This is useful for collaborative environments.
        • For Example : chmod g+s directory_name.

      • Sticky Bit (t):

        • This is used on directories to restrict file deletion.
        • Only the file owner or directory owner can delete files, regardless of other permissions.
        • For example : chmod +t directory_name.

    Access Control Lists (ACLs)

      • ACLs provide fine-grained control by allowing permissions to be set for specific users or groups.
        • To view ACL : getfacl file_name.
        • To modify ACL : setfacl -m u:username:rw file_name(grants read/write to a user).
        • To remove ACL : setfacl -x u:username file_name.

    Managing Advanced Linux Permissions

    Enabling and Managing Special Bits

      • To SetUID : chmod 4755 file_name.
      • To SetGID : chmod 2755 file_name.
      • To Sticky Bit : chmod 1755 directory_name.

    Managing ACLs

      • To Set Default ACL: setfacl -d -m u:username:rwx directory_name (applies to new files within a directory).
      • To Set Recursive ACL: setfacl -R -m g:groupname:rw directory_name.

    Managing umask

    • The umask determines the default permissions for newly created files and directories.

    Understanding umask

      • Default permissions before applying umask:
        • For Files: 666 (read and write for all).
        • For Directories: 777 (read, write, and execute for all).
      • umask Subtracts permissions from the default.
        • Example: A umask of 022 results in:
          • Files: 644 (666 – 022).
          • Directories: 755 (777 – 022).

    Viewing and Setting umask

      • To view current umask: umask(press enter).
      • To set umask: umask 027 (sets default permissions to 640 for files and 750 for directories).

    Permanent umask Setting

      • To make the umask permanent, add it to the shell configuration file, for example :
        • For Bash shell : ~/.bashrc or ~/.bash_profile.
        • For Zsh shell : ~/.zshrc.

    Thus, simply we can say that this comprehensive framework ensures robust and flexible permissions management in Linux.

    Summary of Commands Used in Permission Management in Linux

    Permission Type Descriptions Commands Examples
    Change permissions chmod chmod 755 file
    Change owner chown chown user file
    Change group chgrp chgrp group file
    SetUID chmod u+s chmod 4755 file
    SetGID chmod g+s chmod 2755 file
    Sticky Bit chmod +t chmod 1755 directory
    View ACL getfacl getfacl file
    Modify ACL setfacl setfacl -m u:username:rw file
    View umask umask umask
    Set umask umask umask 027

    Loading

    Categories: Unix/Linux OS

    0 Comments

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Related Posts

    Unix/Linux OS

    Configuring a Firewall in Linux

    Firewalls are critical for securing Linux systems by controlling incoming and outgoing network traffic based on predefined rules. A firewall is a security system that monitors and controls network traffic. Linux firewalls operate at the Read more…

    Unix/Linux OS

    Configuring DNS Server

    DNS DNS(Domain Name System) is a hierarchical system used to translate human-readable domain names (e.g., example.com) into their respective machine-readable IP addresses (e.g., 192.0.2.1). In other words, a DNS Server resolves domain names into IP addresses Read more…

    Unix/Linux OS

    Managing Disk Partitions

    Partitioning is essential for organizing disk storage in Linux. It allows us to efficiently allocate space for the operating system, swap, data storage, and other purposes.  Disk Storage and Devices Storage devices in Linux are Read more…