Linux File Security permission
In Linux, every file and every directory are owned by a
single user on that system. Each file and directory also has a
security group associated with it that has access rights to the
file or directory. If a user is not the directory or file owner
nor assigned to the security group for the file, that user is
classified as other and may still have certain rights to access
the file.
Each of the three file access categories, owner,
group, and other, has a set of
three access permissions associated with it. The access
permissions are read, write,
and execute.
A user may belong to more than one group. Regardless of how
many groups a user belongs to if permissions are granted on a
file or directory to one of the user?s groups they will have the
granted level of access. You can check what groups a user
belongs to with the groups command.
$ groups tclark
tclark : authors users
The groups command is called with one argument, the username
you want to investigate. As you can see in the output above the
output lists the username and all the groups they belong to. In
this output tclark belongs to the groups authors and users.
From the information previously presented about file and
directory commands, using the ?l option with the ls command will
display the file and directory permissions as well as the owner
and group as demonstrated below:
The ls ?l command is the best way to view file and directory
ownership and permissions. Now let?s look at what each of these
permissions do.
File Permissions
File permissions are represented by positions two through ten
of the ls ?l display. The nine character positions consist of
three groups of three characters. Each three character group
indicates read (r), write (w), and execute (x) permissions.
The three groups indicate permissions for the owner, group,
and other users respectively.
In the example above, both the owner and the group have read
(r) and write (w) permissions for the file, while other users
have only read (r) permission.
The example below indicates read, write, and execute (rwx)
permissions for the owner, read and execute (r-x) permissions
for the group, and no permissions for other users (?).
The alphabetic permission indicators are commonly assigned
numeric values according to the scheme shown in the table below:
Alpha |
Numeric |
Permission |
- |
0 |
No permission granted |
x |
1 |
Execute permission granted |
w |
2 |
Write permission granted |
r |
4 |
Read permission granted |
Then, each three character permission group can be assigned a
number from zero to seven calculated by adding together the
three individual numeric permissions granted. For example, if
the owner has read, write, and execute permissions, the owner?s
permissions can be represented by the single digit 7 (4+2+1). If
the group has read and execute permissions, that can be
represented by the single digit 5 (4+0+1). If other users have
no permissions, that can be represented by the single digit 0
(0+0+0). These three numbers would then be listed in the order
of owner, group, other, in this case 750 as a way to
definitively describe the permissions on this file.
There are some additional abbreviations that can be used with
commands that manipulate permissions. These abbreviations are:
- u: user owner?s permissions
- g: group?s permissions
- o: other?s permissions
These abbreviations can also be used to change permissions on
files. As we will see later, they will allow you to manipulate
one level of the permissions (perhaps just the permissions
granted to group) without changing the others.
Of course just being able to read these permissions isn?t
enough? we want to be able to manipulate them. Stay tuned for
more on that in the near future.
|
|
|
Become a Certified Oracle Linux
Expert!
This is an excerpt from the great book
Oracle Certified Linux Exam Cram,
OCE Exam: 1Z0-046: Managing Oracle on
Linux Certified Expert. Order directly from the publisher
and save 30%.
|
|
|