TimeLinux1

Friday, October 22, 2010

Linux HowTo: File Permissions Basics


Every File on a Linux system has permissions for owner, group and world. These three govern who can access a file. Note that everything on a Linux System can be resolved to a File--eg files, directories, keyboard (input), output (screen), error etc.

-if you have only read permi and no exec permi on a dir, you can neither view nor access the contents of that dir.
-if you have only exec permi and no read permi on a dir, you cannot view the contents of the dir but access them.

-Normally, programs run with the invokers permissions, not the owners.
-But with suid and sgid, the programs run with the owners permissions, not the invokers.
-suid and sgid have an 's' bit in place of the 'x' bit in the permission list.
-such programs are called suid programs or sgid programs.
-octal value of suid = 4, sgid =2 and suid+sgid =6. eg: chmod 6755 afile, chmod 4755 afile, chmod 2755 afile.
-if the file is executable, suid or sgid are represented by lowercase 's'. if it is not an executable, suid/sgid is uppercase 'S'.

-sticky bit - prevents 'world' users to delete files from a dir even if they have write permissions on the parent dir.
-sticky bit is represented as 't' or 'T' for world users. t = exec but no delete. T = neither exec nor delete (just like suid,sgid s or S).
-sticky bit is represented by octal 1.
-eg:           Kali$ chmod 1544 ab/bb/bbc
                 -r-xr--r-T 1 Kali staff 8 Apr 9 22:15 ab/bb/bbc
                 Kali$ chmod 1545 ab/bb/bbc
                 -r-xr--r-t 1 Kali staff 8 Apr 9 22:15 ab/bb/bbc

-file permissions (rwx) and access modes (sStT) apply only for non-root users.
-in other words, root users can delete files even if they dont have the permissions / access modes set so for the file.
-to prevent such accidents, the 'immutable flag' is used.
-immutable flag prevents even root from deleting files until the flag is unset.
-to set the immutable flag, chattr -+i cmd is used.
-to view the immutable flag, lsattr cmd is used.
-eg:         # chattr +i afile [ sets immutable flag for afile, even root cant delete it ]
               # lsattr afile [ shows immutable flag permi ]
               # chattr -i afile [ unsets immutable flag ]
-man capabilities for more on immutable flag.

-umask - permissions that a user does not want to grant automatically to newly created files / dirs.
-umask is like the octal-negative of file permissions. eg: umask 022 => default permi will be 755.
Posted by Unknown at 6:37 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)