Tuesday, 19 November 2013

Centos 6/RHEL set file permissions

File permissions are an essential component of a Linux system and are used to implement security measures on a Server or Desktop system.

For any file or folder there are three types of access, or permission.

read (from the file)

write (to the file)

execute (run or access the file or folder).

When you do a long file listing (ls –l) of any folder, you will see listed the file permissions for each file. 

As you can see from the sample listing, ten ‘characters’ are used to represent the file permission of each file. For all but the first position, there are five possible characters


r, representing the read permission

w, representing the write permission

x, representing the execute permission

s, which is only found in the execute field (read on) and is used to set the ‘user id’, which gives them access to system resources

-, meaning no permission granted.

Each of the ten characters and its left-to-right sequence has a meaning see below.
The ten character permissions are divided into four groups: 

File type

a.

d represents a directory (or folder)

b.

- represents an ordinary file

c.

s represents a socket used in network communication

d.

p represents a pipe used in processor threads

e.

c and b represent characters and blocks for device-based data buffers. It is rare that you see any of these, so while it is not critical that you commit these to your long-term memory, it is important that you are able to ‘look these up’ in the future.
User permissions define how the owner (anton in the example above) may access, manage or use the file. 

Other user permissions define how the rest of the world may access, manage or use the file.

So in the image above

As an example, Table 11 lists permissions and the resulting access.

Linux file permissions examples

Permission
Access
-r--r-----
The user and the given group only have read access to the file
drwx------
The directory is available (to read, write or enter) for the user only
----rwxr--
Members of a group have full access to the file; other users have read access
----r-----
Only group members can read this file


To change permissions for any file, directory or collection of files (or folders) in Linux, you must use the change mode (chmod) command.

The command has the format

chmod who=/-/+permissions filename

where ‘who’ is …

u, the user who owns the file

g, the group the file is a member of

o, all other users

a, all of the above (a is an abbreviation for ugo).

With the symbols =, - and + you can equate (also known as assign), remove or add permissions. Permissions are r, w and x, a combination of all three, or none.

The chmod command can also assign the file permissions using octal values (octal is a number system from 0 to 7).

 Octal values for permissions

Permissionrwx

binary ‘values’421octal valueresulting file permission

0000---

0011--x

0102-w-

0113-wx

1004r--

1015r-x

1106rw-

1117rwx

If you wanted to set the permissions of a file called 
testfile.sh to rwxr--r--, you would use

chmod 744 testfile.sh

which is the same as the following 

chmod a=r,u=wx testfile.sh

The user executing the chmod command must be the owner of the file or root. 

If the user is root, then they can change any file even if the permission is set to 000 or ---------.

One especially dangerous option to chmod is –R which will recursively change all the permissions for a given folder and all files and folders below it.

So avoid that one unless absolutely necessary.

No comments:

Post a Comment