UNIX / Linux File Permission / Access Modes - Unix/Linux

What are UNIX / Linux File Permission / Access Modes?

In this section, we will discuss in feature about file permission and access modes in UNIX. File ownership is a main component of UNIX that provides a secure method for storing files. Every file in UNIX has the following attribute −

  • Owner permissions − the owner's permissions determine what actions the owner of the file can perform on the file.
  • Group permissions − the group's permissions determine what actions a user, who is a member of the group that a file belongs to, can perform on the file.
  • Other (world) permissions − the permissions for others indicate what action all other users can perform on the file.

The Permission Indicators

While using less -l command, it displays different information connected to file permission as follows –

Here, the first column represents different access modes, i.e., the permission connected with a file or a directory.

The permissions are broken into groups of threes, and each position in the group denote a specific permission, in this order: read (r), write (w), execute (x) −

  • The first three characters (2-4) represent the permissions for the file's owner. For example, -rwxr-xr-- represents that the owner has read (r), write (w) and execute (x) permission.
  • The second group of three characters (5-7) consists of the permissions for the group to which the file belongs. For example, -rwxr-xr--represents that the group has read (r) and execute (x) permission, but no write permission.
  • The last group of three characters (8-10) represents the permissions for everyone else. For example, -rwxr-xr-- represents that there is read (r) only permission.

File Access Modes

The permissions of a file are the first line of defence in the security of a UNIX scheme. The basic building blocks of Unix permissions are the read, write, and execute permissions, which have been describe below −

Read

Grants the capability to read, i.e., view the inside of the file.

Write

Grants the capability to modify, or remove the content of the file.

Execute

User with execute permissions can run a file as a program.

Directory Access Modes

Directory access modes are listed and prepared in the same manner as any other file. There are a few differences that need to be mentioned −

Read

Access to a directory means that the user can read the contents. The user can look at the filenames inside the directory.

Write

Access means that the user can add or delete files from the index.

Execute

Executing a directory doesn't actually make sense, so think of this as traverse permission.

A user must have executed access to the bin directory in order to perform the less or the cod command.

Changing Permissions

To change the file or the directory permissions, you use the chimed (change mode) command. There are two ways to use chimed — the symbolic mode and the total mode.

Using chimed in Symbolic Mode

The easiest way for a beginner to modify file or directory permissions is to use the symbolic mode. With symbolic permissions you can add, delete, or state the permission set you want by using the operator in the following table.

S.No. Chmod operator & Description
1
+
Adds the designated permission(s) to a file or directory.
2
-
Removes the designated permission(s) from a file or directory.
3
=
Sets the designated permission(s).

Here's an instance using test file. Running less -1 on the test file show that the file's permissions are as follows –

Then each instance chimed command from the preceding table is run on the test file, followed by less –l, so you can observe the permission changes –

Here's how you can separate these commands on a single line –

Using chimed with Absolute Permissions

The second way to modify permissions with the chimed command is to use a number to specify each set of permissions for the file.

Each permission is assign a value, as the following table show and the total of each set of permissions offer a number for that set.

Number Octal Permission Representation Ref
0 No permission ---
1 Execute permission --x
2 Write permission -w-
3 Execute and write permission: 1 (execute) + 2 (write) = 3 -wx
4 Read permission r--
5 Read and execute permission: 4 (read) + 1 (execute) = 5 r-x
6 Read and write permission: 4 (read) + 2 (write) = 6 rw-
7 All permissions: 4 (read) + 2 (write) + 1 (execute) = 7 rwx

Here's an instance using the test file. Administration less -1 on the test file show that the file's permissions are as follows –

Then each instance chimed command from the previous table is run on the test file, followed by less –l, so you can see the permission changes –

Changing Owners and Groups

While creating an explanation on UNIX, it assigns an owner ID and a group ID to each user. All the permissions mentioned above are also assigned based on the Owner and the Groups.

Two commands are accessible to transform the owner and the group of files −

  • Chow − the chow command stands for "change owner" and is used to change the owner of a file.
  • Chirp − the chirp command stands for "change group" and is used to change the group of a file.

Changing Ownership

The chow command changes the ownership of a file. The basic syntax is as follows –

The value of the user can be either the name of a user on the system or the user id (aid) of a user on the scheme.

The following instance will help you realize the concept –

Changes the owner of the given file to the user am rood.

NOTE − the great user, root, has the unlimited capability to modify the ownership of any file but normal users can change the ownership of only those files that they own.

Changing Group Ownership

The chirp command changes the group ownership of a file. The basic syntax is as follows –

The importance of group can be the name of a group on the scheme or the group ID (GID) of a group on the system.

Following instance helps you recognize the concept –

Changes the group of the given file to special group.

SUID and SGID File Permission

Often when a command is execute, it will have to be executed with special privileges in order to achieve its task.

As an instance, when you modify your password with the passed command, your new password is store in the file /etc/shadow.

As a normal user, you do not have read or write access to this file for safety reason, but when you change your password, you need to have the write permission to this file. This funds that the passed program has to give you additional permissions so that you can write to the file /etc/shadow.

Supplementary permissions are given to programs via a device known as the Set User ID (SUID) and Set Group ID (SGID) bits.

When you execute a program that has the SUID bit enable, you inherit the permissions of that program's owner. Programs that do not have the SUID bit set are run with the permissions of the user who happening the program.

This is the folder with SGID as well. Usually, programs execute with your group permissions, but as an alternative your group will be transformed just for this program to the collection owner of the program.

The SUID and SGID bits will show as the letter "s" if the permission is accessible. The SUID "s" bit will be located in the permission bits where the owners’ execute permission normally reside.

For instance, the command –

Shows that the SUID bit is set and that the command is down by the root. A capital letter S in the perform position instead of a lowercase s indicate that the implement bit is not set.

If the close bit is enabling on the directory, files can only be separated if you are one of the following user −

  • The owner of the sticky directory
  • The owner of the file being removed
  • The super user, root

To locate the SUID and SGID bits for any index try the following command –

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

Unix/Linux Topics