Managing Linux Permissions and Ownership

 Modify File and Directory Permissions

 Modify Default Permissions
 Modify File and Directory Ownership
 Set Special Permissions and Attributes

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 1

 Permissions

User with no permissions Users with permissions

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 2

 Permissions (Cont.)

Column Number Description

Permission string. This identifies if the item is a file or directory; the user, group, and
1
other permission assignment; and the access method.
Link count. Files usually have a link count of 1; directories have a link count of 2 plus
2
the number of nested directories.

3 Owner of the file or directory.

Group membership of the owner. All other members of this group have the group
4
permissions listed in the permission string.

5 Size (in bytes) of the file or directory.

6 Date and time of creation or last modification.

7 File or directory name.

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 3

 Permissions (cont.)

User (owner) Other user

permissions permissions

−rwxrwxrwx.

File (−) or SELinux

Directory (d) ACL (.)
or
Group Alternate
permissions ACLs (+)

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 4

 Permission Levels

Permission Level Description

User rwx Only the owner can read, write, and execute the file.

Only the owner and members of the owner’s group can read, write, and execute the
Group rwx
file.

Other rwx All users can read, write, and execute the file.

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 5

 The chmod Command

Original file
permissions

chmod alters
Permissions permissions
changes confirmed

Altered file
permissions

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 6

 chmod Command Options

Option Description

-c Reports changes that are made to permissions.

-f Hides most error messages.

-v Displays a diagnostic entry for every file processed.

-R Modifies permissions recursively.

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 7

 chmod Modes

Character mode Numeric mode

Access categories Permission attributes  r=4, w=2, x=1

 Add octals for permissions to grant
 Full permissions: 7
[ugoa] [-+=] [rwxXst]  Read and write: 6
 Read and execute: 5

Operators
 Three digits for complete permissions
 u=rwx,g=rx,o=rx: 755

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 8

 Default File and Directory Permissions

Default
directory
permissions
(755)

Default file
permissions
(644)

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 9

 The umask Command

Modified file
permissions

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 10

 The chown Command

Command Syntax Description

chown {user name} {file name} Changes the owner but not the group.

chown {user name:group name

Changes the owner and the group.
{file name}
Changes the owner and the group, with the new group being
chown {user name:} {file name}
the user’s login group.
Changes the group but not the owner. Equivalent to using the
chown {:group name} {file name}
chgrp command.

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 11

 The chown Command (Cont.)

Initial file owner

New file owner

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 12

 Special Permissions

 Used when normal permissions become inadequate, usually in the case of

processes.
 Frequently used special permissions are:
 Set User ID (SUID)
 Set Group ID (SGID)

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 13

 The chattr Command

Command Option Description

-R Recursively changes the attributes of directories and their contents.

-V Display the output of the chattr command and print the program version.

-v {version} Set the version number of a file.

+I Mark the file as read-only.

-I Remove the read-only attribute from a file.

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 14

 The chattr Command (Cont.)

Sets the immutable attribute

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 15

 The lsattr Command

Command Option Description

-R Recursively lists the attributes of directories and their contents.

-V Displays the program version.

-a Lists all files in directories.

-d Lists directories like files, instead of listing their contents.

-v Lists the version number of the file.

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 16

 Sticky Bits

Memory

Kept in swap space File remains in memory

Protection for the file

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 17

 The Immutable Flag

Immutable flag

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 18

 The ACL

File permissions
listed

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 19

 Special Permission Commands

Command Syntax Description

chmod u{operator}s {file name} Sets the SUID for a file.

chmod g{operator}s {directory name} Sets the SGID for a directory.

chmod o{operator}t {file name} Sets the sticky bit for a file.

umask {value} Sets the default file creation mode.

chattr {operator}i {file or directory

Sets the immutable flag for a file or directory.
name}

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 20

 Reflective Questions

1. What methods do you think you might use to preserve confidentiality of

information on Linux systems?
2. In what situation would you need to modify the default permissions?

Copyright © 2015 Logical Operations, Inc. All rights reserved. OV 5 - 21