Understanding Linux Permission Sets

From ITCwiki
Revision as of 20:31, 12 December 2010 by Casey McBride (talk | contribs)
Jump to navigation Jump to search

Understanding Permission Sets

It’s all about control. Who gets to do what? In Linux, every file and directory has a set of permissions assigned to it. The permissions identifies “who can do what”. There are three categories of "who" (owner, group, and world). Each of these ownership types is given or denied three permissions. The three permissions are (read, write, and execute).


Basics 
  Permissions (Read, Write, Execute)
  Ownership (Owner, Group, World)
  Identifying Permissions ls –l
  File Types (Normal, Directory)
  Changing permissions.(Symbolic)
  Group permissions (groupadd, chgrp)
Advanced
  Permissions (SUID, SGID, Sticky bit)
  Ownership (Root, sudo)
  Defaults Permissions
  File Types
  Changing permissions (Octal)
  Managing permissions
  Finding special permissions


Basic Permissions

The three permission (read, write, and execute) have slightly different meanings depending on what object they are applied to. The two most common objects are files and directories. Below you can see how the permissions vary when applied to these two objects.

File folder.gif


Ownership

There are three types of ownership:

  • Owner - this is the ultimate user. The creator or current owner of the object. Also known as user.
  • Group - this is an assigned membership. You need to be a member of the group to get it.
  • World - this is everyone else. All the other guys. Also known as other.

Permission Sets provide security to your files and directories. You can either give or not give permissions. Permission Sets are made up of three triplets, each of which contains three characters. These three characters are "r" for read, "w" for write, and "x" for execute. A dash taking the place of any of those characters in the triplet means that the permission is denied. The first set of triplets represents the owner's(user's) permissions. The second set of triplets represents the group's permissions. The third set of triplets dictate the permissions for everyone else.

Permissions2.jpg

Identifying Permissions

You find out what permissions are being applied to the current objects with the ls -l command. The permission string is at the beginning of the object.

Example:

Ls -l.gif

The first digit in each line of output identifies the type of object it is. The two most common types are - and d . Type "-" represents a normal data file, like a text file, music file, graphics file, etc. The "d" represents a directory. The next nine characters are the permission sets.

Breakout.gif

When the owner (Dude) looks at these permissions he notices that the World has the "r" permission and can therefore read his LovePoem. This is not cool, Dude needs to change that permission.


Changing Permissions

The objects permissions can be changed using the chmod command. The symbolic method will be discussed here in basic permissions. There is also an octal method for changing permissions. That method will be discussed later in the advanced permissions. When using the symbolic method you identify which ownership group you want to change (u = Ultimate Owner, g = group, and o = others/world). Next, you use a "+" or "-" to add or remove the permission. Identify which permission (r,w,x) you want to add or remove. Lastly, the name of the file or directory you want to change.

So, Dude just figured out that the World has permission to read his LovePoem. He wants the World (o) to not have permission (-) to read (r) his LovePoem. So Dude enters the following chmod command to remove the permission.

Chmod LovePoem.gif

Excellent Dude!

Next, Dude notices that his LinuxScript doesn't have execute permission. Every first year Linux student knows that scripts need execute permission to work. So, Dude wants all the owners (a) to have permission (+) to execute (x) the LinuxScript.

Chmod LinuxScript.gif

Totally awesome Dude!


Group Permissions


In our current example Dude is both the owner and the group for all the files and directories. In order to allow specific groups to have access to specific things, Dude needs to add some groups and assign those groups to the objects he wants them to have access to. Dude want to add three groups: Teacher, Girlfriend, and Students. He does this with the groupadd command.

Groupadd.gif

Next, Dude adds these groups to his files and directory using the chgrp command.

File:Chrgp.gif

Dude wants Students (g) to have permission (+) to add music files (w) to the Music directory.

Chmod Music.gif

Rock on Dude!


Advanced Permissions

Sticky bit (mainly for directories)

Although the Sticky bit has had different uses over time. Currently it is used to protect files from being deleted by non-owners. If the sticky bit is used on a directory the files in that directory can only be deleted by the owner of the file, the owner of the directory, or root.

So Dude has added three friend to the Student Group (Sand, Surf, and Dudette). All three friends have been adding music to the Music directory. But Dudette doesn't like the Beach Boys, so she has been deleting some of Surf's Beach Boy songs. To prevent Dudette from continueing to delete other peoples music. Dude uses the chmod command to add (+) the Sitcky bit (t) to the Music directory.

Stickybit.gif

Notice that a "t" has replaced the "x" at the end of the permission string on the Music Directory. So chill Dudette.