32. File Permissions and Ownership Flashcards
Learning Objectives
By the end of this chapter, you should be able to:
- Explain the concepts of owner, group, and world.
- Set file access rights (read, write, and execute) for each category.
- Authenticate requests for file access, respecting proper permissions.
- Use chmod to change file permissions, chown to change user ownership, and chgrp to change group ownership.
- Understand the role of umask in establishing desired permissions on newly created files.
- Use ACLs to extend the simpler user, group, world and read, write, execute model.
test
Owner, Group and World
When you do an ls -l, as in:
$ ls -l a_file
-rw-rw-r– 1 coop aproject 1601 Mar 9 15:04 a_file
1) what is the 1st character represented character slot (in bold) represent?
2) what the 3 groups that are represented via access right in the 9 character slots?
- owner: the first 3, the user who owns the file (also called user)
- group: the next 3, the group of users who have access
- world: the last 3, the rest of the world (also called other).
File Access Rights
If you do a long listing of a file, as in:
$ ls -l /usr/bin/vi
-rwxr-xr-x. 1 root root 1206144 Jun 14 08:49 /usr/bin/vi
what does r, w, x represent?
- r: read access is allowed
- w: write access is allowed
- x: execute access is allowed
chmod
What utility is used to change the file permission of a file?
chmod
chmod
What the difference between a non superuser (regular user) changing file permissions vs a superuser changing their file permission?
A regular user can only change the file permissions of a file they own vs and superuser can change the file permission of any files even if they don’t own it.
chmod
What are the 2 forms that can be used to change a files permissions?
- 1st form (symbolic form)
- u+rwx
- u-rwx
- g+rwx
- g-rwx
- o+rwx
- o-rwx
- Combination example
- chmod u+rwx,g+rw,o-r filename
- 2nd form (bitmap - octal form)
- 0755
- ect..
Octal Digits
What are the 3 octal digits used to change a files permission and which value do they represent?
The octal form is a short hand form to change user, group, others in a set of 3 numbers which represent a sumed value of the selected octal digits. EX: chmod 755 filename
- 4 - read permission desired
- 2 - write permission desired
- 1 - execute permission desired
4 + 2 = 7 = read + write permission desired
4 + 1 = read + execute permission desired
EX:
Changing file user ownership
What command is used to change the user ownership of a file?
chown
Changing file user ownership
What is the command to change a file named “somefile” to the owner “billy”?
sudo chown billy somefile
Changing file owner and group ownership
What is the command to change both user and group ownership?
chown newUser:newGroup filename
Changing file owner and group ownership recursively
What is the command to change all files in the current directory and all its subdirectories?
chown -R newUser:newGroup filename
Changing file group ownership
What is the command to change the file group ownership?
chgrp
Changing file group ownership
What is the command to change the group to “researchers” on the file named “biology”?
chgrp researchers biology
umask
What is the purpos of umask?
It is a tool used to globally configure denial of file permissions r,w,x on either the user, group, other worlds using octal format.
It subtracts a octal number from the default or preset file permission.
Example:
The current value can be shown by:
$ umask
0002
which is the most conventional value set by system administrators for users. This value is combined with the file creation permissions to get the actual result; i.e.,
0666 & ~002 = 0664; i.e., rw-rw-r–
You can change the umask at any time with the umask command, as in
$ umask 0022
Filesystem ACLs
What is the linux filesystem ACL?
- Commands:
- getfacl
- setfacl
It is extends the simpler user, group, world and read, write, execute model file/directory access protocal.
Particular privileges can be granted to specific users or groups of users when accessing certain objects or classes of objects. Files and directories can be shared without using 777 permissions.
While the Linux kernel enables the use of ACLs, it still must be implemented as well in the particular filesystem. All major filesystems used in modern Linux distributions incorporate the ACL extensions, and one can use the option -acl when mounting. A default set of ACLs is created at system install.