Day 4: How to Identify/ Change the file permissions

Welcome back Champ!

Now that we have understood the filesystem let's jump into how we keep it secure. Although there are already a lot of good security features built into Linux-based systems, one very important potential vulnerability can exist when local access is granted – – that is file permission-based issues resulting from a user not assigning the correct permissions to files and directories.

Permission Groups

In Linux, each file and directory has three basic permission groups

• Owner – The Owner permissions apply only to the owner of the file or directory, they will not impact the actions of other users.

• Group – The Group permissions apply only to the group that has been assigned to the file or directory, they will not affect the actions of other users.

• All users – The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.

Permission Types

Each file or directory has three basic permission types:

• Read – Read permission refers to a user’s capability to read the contents of the file.

• Write – The Write permissions refer to a user’s capability to write or modify a file or directory.

• Execute – Execute permission affects a user’s capability to execute a file or view the contents of a directory.

Viewing File Permissions

You can view the permissions by checking the file or directory permissions in your favorite GUI File Manager or by reviewing the output of the “ls -l” command while in the terminal and while working in the directory that contains the file or folder.

ls -l file.txt

-rw-r--r--. 1 root root 0 May  6 14:11 file.txt

The "-rw-r--r--" is the part of the output that shows the permissions. To understand what it means, we need to break it into four parts. The first character indicates the file type. Here it is a dash because file.txt is an ordinary file. It could also be a d for a directory, or various other letters for more obscure types of file.

The next nine characters fall into three sets of three, corresponding to the access rights of the user who owns the file, the group that owns the file, and all other users. The three characters in each set indicate whether users in the relevant category may read, write, or execute the file. An r, w, or x means that the users do have the corresponding right, while a dash means that they do not.

Thus in the above example, root (the user who owns the file) has the access rights rw-, meaning that they may read and write the file but not execute it (since it's a txt file, executing it wouldn't make much sense). Everyone else has the access rights r--, meaning that they may read the file but not write or execute it.

Modifying the Permissions

File permissions are changed by using the chmod command. The format of this command is:

chmod permissions list_of_files

In Linux, file permissions are represented by a three-digit octal number. Each digit corresponds to the access rights of the user who owns the file, the group, and other users. Here's what you need to know:

• 755: You can do anything with the file or directory, and other users can read and execute it but not alter it. Great for programs and directories you want to share publicly.

• 644: You can read and write the file or directory, and other users can only read it. Perfect for public text files.

• 711: You can do anything with the file or directory, and other users can only execute it. Ideal for directories where you want to limit browsing but give access to specific files, like your personal website.

• 700: You can do anything with the file or directory, and other users have no access at all. Use this for private directories and programs.

• 600: You can read and write the file or directory, and other users have no access. Best for keeping text files private.

Using Alphabet reference to Set permissions

You can also use it with the help of the alphabet, here's how:

The permission Groups used are:

• u – Owner

• g – Group

• o – Others

• a – All users

The potential Assignment Operators are + (plus) and – (minus); these are used to tell the system whether to add or remove specific permissions.

The Permission Types that are used are:

• r – Read

• w – Write

• x – Execute

Considering the above example I have a file.txt that currently has the permission set to -rw-rw-rw-, Now we want to remove the read and write permissions from the all users group.

To make the following changes we will use the following command:

chmod a-rw file.txt

To add permissions we will use the following command:

chmod a+rw file.txt

Owners and Groups

I have made several references to Owners and Groups above, but have not yet told you how to assign or change the Owner and Group assigned to a file or directory.

You use the chown command to change owner and group assignments, the syntax is simple

chown owner:group filename

so to change the owner of the file to the user and the group to the family you would enter

chown user:family file1.

Setuid/Setgid Special Permissions

The setuid/setguid permissions are used to tell the system to run an executable as the owner with the owner’s permissions.

Be careful using setuid/setgid bits in permissions. If you incorrectly assign permissions to a file owned by root with the setuid/setgid bit set, then you can open your system to intrusion.

You can only assign the setuid/setgid bit by explicitly defining permissions. The character for the setuid/setguid bit is s.

So do set the setuid/setguid bit on file.sh you would issue the command

chmod g+s file2.sh

Now I want you all to mess around it!

Mastering file permissions is essential for effective file management and system security in Linux. By understanding the concepts of permissions, permission levels, and permission notations, users can confidently manage access to their files and directories, ensuring the integrity and security of their Linux systems.

Until next time… Toodeloo!