8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 1/24
Permissions
1.Benefits of file permissions
2.Definition of file permissions
3.Reading file permissions
4.Formulations of file permissions
5.Changing file permissions
6.Extra file permissions7.User Mask (Umask)
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 2/24
1.0 Benefits of file permission
Restricting user so that he can only read certain files
Restricting user so that he can not modify certain files
Restricting user so that he can not execute certain files
Restricting user so that he can not enter and seecertain directories
Restricting user so that he can not remove certain files
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 3/24
2.0 Definitions of file permission?
Rights which is gave by root to the certain user to
utilize certain objects. In other words, filepermissions consists three basic concepts: who,permissions (rights), and objects.
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 4/24
3.0 Reading file permissions
$ ls -ldrwxr-xr-x 2 john scientists 4096 2009-09-24 11:50 projects/
who?
john scientistsd rwx r-x ---
permissions? what objects?
directory
other(besides user & group)user john (owner)
have rights rwx
group scientists have rights rx
other: besides user john and groupscientists have no rights at all
projects/
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 5/24
3.1 Reading directory permission
john scientistsd rwx r-x ---
directory
other
user john (owner)have rights rwx:(r) read directory content(w) write/add/erase directory content(x) execute/enter directory
group scientists have rights rx:(r) read directory content(x) execute/enter directory
other: besides user john and groupscientists have no rights at all
projects/
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 6/24
3.1 Reading file permission
john scientists- rwx r-x ---
file
other
user john (owner)have rights rwx:(r) read file content(w) write/add/erase file content(x) execute a file
group scientists have rights rx:(r) read file content(x) execute a file
other: besides user john and groupscientists have no rights at all
robot.c
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 7/24
3.3 File and directory permissions
read (r)
write (w)
execute (x)
see directory
contents:ls, ls -l
see file
contents:cat, vi, grep
add/erase directorycontent:
mkdir, rmdir, rm
add/erase filecontent:vi, gedit
Directory File
enter to a directory:cd
execute a file
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 8/24
3.4 QUIZ
Explain file permissions below:$ ls -l /etc/shadow-rw- r-- --- 1 root shadow 1118 2009-09-24 11:48 /etc/shadow
Answers:User root have rights?Group shadow have rights?
Besides user root and group shadow have rights?
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 9/24
3.5 QUIZ
Adjust the permissions (rwx):I want a file named secret.doc (under projects directory) only
can be read and modified by user john. While groupscientists only can read the files. Others have no rights at all.
Answers:User john have rights?
Group scientists have rights?Besides user and group have rights?
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 10/24
3.6 QUIZ
Adjust the permissions (rwx):I want a file named secret.doc (under projects directory) onlycan be removed by user john. What rights should be added,
and where?
Answers:Which part is responsible for deleting a file?File permissions or directory permissions?
What permissions should be added? Where? User, group orother?
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 11/24
4.0 Formulations of permissions
There are two types of formulations:1. Symbolic (rwx r-x ---)
2. Octal (750, 644, etc)
read (r) = 4
-rwx
write (w) = 2 execute (x) = 1
rwx = 4+2+1 = 7
r-x ---
r-x = 4+0+1 = 5
--- = 0+0+0 = 0
rwx r-x --- = 750
Octal numerations:
Example:
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 12/24
4.1 QUIZ
Change from symbolic to octal, or vice versa:
1. rw r-- ---
2. rwx --x –x3. 544
4. 755
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 13/24
5.0 Changing file permissions
2.Change ownership
john scientistsrwx r-x ---
1.Change perm
projects/
REQUIREMENT: Only the owner can change the permissions
rw- r-- r-- jack(user)
officeboy(group)
chmod chown chgrp
There are two ways to change permissions :
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 14/24
5.1 Chmod
Adding rights, from existing:
$ chmod u+rw,g+r,o+w secret.doc
(adding rights rw to user, r to group, w to others )
Removing rights, from existing:
$ chmod u-x,g-rw,o-r secret.doc(removing rights x from user, rw from group, r from others)
Setting new rights and over writting the existing:
$ chmod u=rw,g=r,o= secret.doc
(setting new rights rw to user, r to group, --- to others)Setting new rights using octal:
$ chmod 640 secret.doc
(setting new rights rw to user, r to group, --- to others)
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 15/24
5.2 Lab
1.Enter to your home directory ($ cd)
2.Create an empty file “lab” ($ touch lab)
3.Check the permissions of the file
4.Change the file permissions to rwx r-x r-x
5.Change again to 644
6.Change again so the file is executable for all7.Learn and check chmod manual ($ man
chmod)
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 16/24
5.3 Chown
Change user ownership, from john to jack:$ chown jack secret.doc
Change group ownership, from scientists to officeboy:
$ chgrp officeboy secret.doc
Change user and group ownership at the same time:
$ chown jack.officeboy secret.doc
or
$ chown jack:officeboy secret.doc
(file secret.doc now belongs to user jack & group officeboy)
(file secret.doc now belongs to user boni)
(file secret.doc now belongs to group officeboy)
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 17/24
5.4 Lab
1.Enter to your home directory ($ cd)
2.Create an empty file “lab2” ($ touch lab2)
3.Check the ownership of the file
4.Change the ownership to other user
5.Change the ownership to other group
6.Change back to the previous ownership (withsingle command)
7.Learn and check chgrp manual ($ man chgrp)
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 18/24
6.0 Extra file permissions
SUID (Set User ID)
SGID (Set Group ID)
Sticky BitExecutable files with sticky bit, after execution will remain stay in memory.So it will accelerate the file access if there are other users who wants toexecute the same file.
Executable files with SUID, when executed will change the user ID of theexecutor, to the owner of the file/application (even though the originalrole of the executor only other). After the execution is finished, the user IDchange back to the original.
Executable files with SGID, when executed will change the user ID of theexecutor, to the group of the file/application (even though the originalrole of the executor only other). After the execution is finished, the user IDchange back to the original.
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 19/24
6.1 Positions of extra file permissions
--s --- ---
suid
(set user id) chmod u+s file chmod 4xxx file
--- --s ---sgid
(set group id)chmod g+s file chmod 2xxx file
--- --- --Tsticky bit chmod +t file chmod 1xxx file
attribute position chmod symbolic chmod octal
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 20/24
6.2 Contoh Kasus SUID/SGID1. User john wants to change his login password:
2. So He executes the command:$ /usr/bin/passwd joni
3. Command passwd above will change the password restoredin /etc/shadow
4. But wait! User john can't modifies /etc/shadow,
take a look at the permissions:$ ls -l /etc/shadow-rw-r----- 1 root shadow 1118 2009-09-24 11:48 /etc/shadow
5. john position as other have no rights at all, even modifying the file.Only user root can do that.
6. So john (and others) in order to change his password, he have tobecome root.
7. This is accomplished by giving the SUID rights at the executablefile passwd:$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 29104 2008-04-03 08:08 /usr/bin/passwdVersion 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 21/24
6.3 Lab
1.Enter your home directory ($ cd)
2.Create an empty file “lab3” ($ touch lab3)
3.Check the permissions of the file
4.Add SUID right at the file
5.Add SGID right at the file
6.Remove SUID and SGID rights from the file7.Add Sticky Bit permission at the file
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 22/24
7.0 User Mask (Umask)
Create three files with touch, and check the permissions:
$ touch file1 file2 file3
-rw-r--r-- 1 john scientists 0 2009-09-27 21:38 file1-rw-r--r-- 1 john scientists 0 2009-09-27 21:38 file2
-rw-r--r-- 1 john scientists 0 2009-09-27 21:38 file3
$ ls -l file1 file2 file3
Create three directories with mkdir , and check the permissions:
$ mkdir dir1 dir2 dir3
drwxr-xr-x 2 john scientists 4096 2009-09-27 21:43 dir1drwxr-xr-x 2 john scientists 4096 2009-09-27 21:43 dir2drwxr-xr-x 2 john scientists 4096 2009-09-27 21:43 dir3
$ ls -ld dir1 dir2 dir3
From above we can see that the default permission for file is 644, and fordirectory is 755.
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 23/24
7.1 Change Umask
The default permission is determined by the value of user mask (umask):
$ umask
0022
For file: 666 - 22 = 644
Change the value of user mask (umask):
$ umask 33
For directory: 777 - 22 = 755
For file: 666 - 33 = 633 For directory: 777 - 33 = 744
The change above is temporarily, when computer restart it will change back to0022. If we want to change permanently, define the umask value inside/etc/profile.
Version 1.0 linuxslides.blogspot.com
8/9/2019 perm-pdf (en)
http://slidepdf.com/reader/full/perm-pdf-en 24/24
7.2 Lab
1.Go to your home directory ($ cd)
2.Check the current umask value
3.Change the umask value to 54
4.Create some files and check the permissions
5.Create some directories and check thepermissions
6.Change back the umask value to 22
7.Find the umask setting inside /etc/profile
Version 1.0 linuxslides.blogspot.com
Top Related