Sunday, May 6, 2018

Unix File Permission | Core Concepts

Unix File Permissions

  1. What does specific unix permission means
  2. How to change the file permissions
  3. How to change the ownership of a file/directory
Unix file permissions are quite different than that of windows/MS DOS.

Unix Security Model

In unix security model, a user may own files and directories. Permissions in unix security model are granted to three different entities:
  1. Owners
  2. Group Members
  3. Everyone else (the world)
Consider the following:
ls -ltr
rwx-xr-r   18 MunishChandel  staff  576 Apr 30 11:14 orders

Permission Attributes

There are 3 different permission attributes r, x and w. These 3 attributes have the following effect on files and directories:
Table 1. Permission Attributes
AttributeFilesDirectory
w
Allows a file to be written to or truncated, however this attribute does not allow files to be renamed or deleted. The ability to delete or rename files is determined by directory attributes.
Allows files within a directory to be created, deleted, and renamed if the execute attribute is also set.
r
Allows a file to be opened and read.
Allows a directory’s contents to be listed if the execute attribute is also set.
x
Allows a file to be treated as a program and executed. Program files written in scripting languages must also be set as readable to be executed.
Allows a directory to be entered, e.g., cd directory.
Few real life examples of file permission attributes are listed in the below table.
Table 2. Permission Attributes Examples
Permission AttributesMeaning
-rwxr-rx-rx-
A regular file that is readable, writable and executable by file owner. others can read and execute it.
-rw-------
Only File owner can read and write the file. Others have no access.

Changing file permissions: chmod

chmod command is used to change the permissions of a file. Only file’s owner or the superuser can change the mode of a directory/file. To gain ownership of a file or directory you would like to execute chown command first.
changing file ownership using chown
sudo chown -R nexus:nexus /opt/oss
The above command recursively changes ownership of all files present in directory /opt/oss to user nexus.
There are broadly two distinct ways of changing file permissions using chmod:
  1. symbolic representation
  2. octal number representation

symbolic representation

We need to learn few more symbols other than r,w,x.
Table 3. Symbol meanings
SymbolMeaning
a
short for all of the above
u
file or directory owner
g
group owner
o
others/world
chmod needs two inputs:
  1. who is affected (user/group/world/all)
  2. what will be permissions (r/w/x)
Add execute permission to the owner on foo.bar
chmod u+x foo.bar
Add execute permission to everyone (owner/group/world)
chomd a+x foo.bar
Remove execute permissions from owner
chmod u-x foo.bar
Please be noted here that specifying +x or -x just sets a single attribute (x) without disturbing other attributes of file permission (r & w). The same is not possible in octal notation.

Octal notation for chmod

A single digit octal notation is enough to specify 3 different permission attributes (rwx) combination for an entity. Overall we need to specify 3 digit octal numbers to specify file mode for owner, group and world.
Table 4. Octal Notation for File Modes
OctalBinaryFile Mode
7
111
rwx
0
000
---
1
001
--x
2
010
-w-
3
011
-wx
4
100
r--
5
101
r-x
6
110
rw-
Few examples of octal notation:
600
owner has file mode 6 (rw), group and world has 0.
644
owner has file mode 6 (rw), group and world has read permission (4-4)
700
owner has file mode 7 (rwx), group and world have no permissions.
To set 600 on foo.bar
chmod 600 foo.bar

No comments:

Post a Comment

Your comment will be published after review from moderator