WK 3 Authenticate and authorise users: file permissions and ownership Flashcards
Permissions
Permissions are the type of access granted for a file or directory. Permissions are related to authorisation.
Authorisation
Authorisation is the concept of granting access to specific resources in a system. Authorisation allows you to limit access to specified files or directories. A good rule to follow is that data access is on a need-to-know basis.
Three types of permissions in Linux
- Read
The first type of permission is read. On a file, read permissions means contents on the file can be read.
On a directory, this permission means you can read all files in that directory.
Three types of permissions in Linux
- Write
Next are write permissions. Write permissions on a file allow modifications of contents of the file.
On a directory, write permissions indicate that new files can be created in that directory
Three types of permissions in Linux
- Execute
Finally, there are also execute permissions. Execute permissions on files mean that the file can be executed if it’s an executable file.
Execute permissions on directories allow users to enter into a directory and access its files.
Three different types of owners
- User
The first type is the user. The user is the owner of the file. When you create a file, you become the owner of the file, but the ownership can be changed.
Three different types of owners
- Group
Group is the next type. Every user is a part of a certain group. A group consists of several users, and this is one way to manage a multi-user environment.
Three different types of owners
- Other
Finally, there is other. Other can be considered all other users on the system. Basically, anyone else with access to the system belongs to this group.
File permissions representation:
drwxrwxrwx.
In Linux, file permissions are represented with a 10-character string. For a directory with full permissions for the user group, this string would be: drwxrwxrwx.
Let’s examine what this means more closely. The first character indicates the file type. As shown in this example, d is used to indicate it is a directory. If this character contains a hyphen instead, it would be a regular file.
The second, third, and fourth characters indicate the permissions for the user. In this example, r indicates the user has read permissions, w indicates the user has write permissions, and x indicates the user has execute permissions.
If one of these permissions was missing, there would be a hyphen instead of the letter. In the same way, the fifth, sixth, and seventh characters indicate permissions for the next owner type group.
As it shows here, the type group also has read, write, and execute permissions. There are no hyphens to indicate that any of these permissions haven’t been granted.
Finally, the eighth through tenth characters indicate permissions for the last owner type: other. They also have read, write, and execute permissions in this example.
world-writable file
When the user, the group, and other can all write to a file. This type of file is considered a world-writable file. World-writable files can pose significant security risks.
How to check permissions?
Options
So how do we check permissions? First, we need to understand what options are.
Options modify the behavior of the command. The options for a command can be a single letter or a full word. Checking permissions involves adding options to the ls command.
First: ls -l
How to check permissions?
ls -l
ls -la
First, ls -l displays permissions to files and directories. You might also want to display hidden files and identify their permissions. Hidden files, which begin with a period before their name, don’t normally appear when you use ls to display file contents.
Entering ls -a displays hidden files. Then you can combine these two options to do both. Entering ls -la displays permissions to files and directories, including hidden files.
