There is lot of good security features in linux build in it, one of the most very important feature that helps as from local access. That is permission based files and directories.
Basic File Permissions :
In Linux each files and directory has three user based permission groups
Basic File Permissions :
In Linux each files and directory has three user based permission groups
- owner - The Owner permissions will not impact the other user actions.
- group - The Group permission has the permission only the user in that group others action will not impact.
- all users - The All users permission apply to all user it will impact to all users action.
Permission Type :
In Linux each files and directories have three basic permission type
- read - The Read permission refers to a user's capability to read the contents of the file.
- write - The Write permission refers to a users to write or modify the files and directory.
- execute - The Execute permission to execute a file or view the contents of a directory.
View the Permissions :
We can view the permissions of file or directory with following command ls -l
The permission in the command line is displayes as : _rwxrwxrwx 1 owner:group
- The first character that I marked with an _ is the special permission flag that can vary.
- second rwx is for owner permission.
- third rwx is for group permission.
- forth is for all users permissions.
- number displays the number of hard links to the file.
- next it shows the owner and group of the file or directory.
Explicitly Defining Permissions :
To explicit define permissions you nned to reference the permission group and permission type.
The Permission Groups are :
- u - Owner
- g - Group
- o or a - All users
The potential assignment operators are + (plus) and - (minus) tells the system whether to add or remove the permissions.
The permission types are :
- r - Read
- w - Write
- x - Execute
file permission example if I have test file and it has _rw_rw_rw and I want to remove the rw permission from all users for that I use the following command
chmod a-rw test
if I want to add all user to rw then
chmod a+rw test
Binary Permissions :
Now you understand the permissions of groups and types. Now we are going to use binary permissions. We need to understand the input is have 3 binary number. That listed below.
- r = 4
- w = 2
- x = 1
sample permission string is below mentioned
chmod 751 test
it means that owner has full permission, group has read and write permission and all users have execute permission.
Owner and Group :
For owner and group we need different command to assign permissions. Below I have mentioned below
chown owner:group file
chown redhat:team test
In that redhat is owner and team is group.
Advanced Permissions :
The special permissions flag can be marked with any of the following.
- _ - no special permissions
- d - directory
- l - The file or directory is a symbolic link
- s - Indicates the setuid/setgid permissions. This is not set displayed in the special permission part of the display, but it represented as a s in the read portion of the owner or group permissions.
- t - It indicates the sticky bit permissions.
Setuid/setgid special permission
This permissions are used to run the executable file as owner with owner permission. If we assigned it wrongly then it will open your system in intrusion.
It's easy to add setuid and setgid with following command with s.
chmod g+s test.sh
chmod u+s test1.sh
Sticky Bit special permission
In this permission owner only can rename or delete the file or folder.
We can assign this sticky bit permission by explicitly with the character of t.
we add this permission with following command.
chmod +t testdir
if we want to remove then use the following command
chmod -t testdir
If any mistakes in this please command and made this in correct.
Thanks in advance.
This permissions are used to run the executable file as owner with owner permission. If we assigned it wrongly then it will open your system in intrusion.
It's easy to add setuid and setgid with following command with s.
chmod g+s test.sh
chmod u+s test1.sh
Sticky Bit special permission
In this permission owner only can rename or delete the file or folder.
We can assign this sticky bit permission by explicitly with the character of t.
we add this permission with following command.
chmod +t testdir
if we want to remove then use the following command
chmod -t testdir
If any mistakes in this please command and made this in correct.
Thanks in advance.
No comments:
Post a Comment