Unix/Linux file system security is developed in such a way that it provides best protection method for storing files. So lets invest some time in Understanding file permissions in Unix or Linux and modify using Chmod. The file permissions in Unix or Linux contains majorly three attributes namely owner/user,Group , Other(rest of the world). Here, Owner/user is the person who creates the file. Group implies that the group the user belong to, and lastly Other is rest of the world implies other users from other groups etc.Here only owner or root can change the permissions and these privileges cannot be delegated.
For example, when we try to list out the files using the command ‘ls -l ‘ it will list all the files including with their permission in below format.
-rwxr-xr-- 1 xyz users 1024 Aug 20 2013 file1 drwxr-xr--- 1 xyz users 820 Aug 80 2013 dir1
The above image explains clearly about each section in the file list.
Generally, each file and directory will be having 3 modes of access i.e Read, Write and Execute. In the above result of ls –l command, Read is defined by r, Write by w and Execute by x. In the first section of the image, the permissions are mentioned for that particular format. The first letter refers to either d or -. Here ‘d’ indicates it is a directory and ‘-‘ indicates it is a normal file. Next three characters (2-4 positions) describes about the access permissions given to owner. Characters (5-7) positions describes about the access permissions owned by the group. Characters (8-10) describes about the access permissions owned by others (rest of the world). Here always the order of the access modes should be rwx, i.e read, write, execute only.
-rwxrwxrwx a file that everyone can read, write and execute (and delete).
-rw——- a file that only the owner can read and write – no-one else can read or write and no-one has execution rights (e.g. your mailbox file).
Apart from this, we also have special SUID and SGID file permissions. There’s a good explanation I found on this concept at this link.
Chomod command utilization
In Linux/Unix, we have two methods for changing the file permissions using command mode. The command used to alter the permission is chmod(Change mode). For list of basic unix commands, click here The two methods are using absolute permissions and symbolic mode. While Using chmod with absolute permissions, we utilize the numbers to alter the set of permissions for the file.
The above table clearly describes on how the octal representation works. For eg: Lets calculate the absolute value a particular file with permissions as ‘rwxr-xr–‘
SO, the octal representation will be 754 for the permission set ‘rwxr-xr–’
So now when we execute the command as below, the file permission set will be altered to 754.
$ chmod 754 file1
The second method is using the Chmod command in symbolic mode. In this method we make use of operators like +,-,=
Here, + represents adding the permissions, – represents removing the permissions and = represents setting the given permissions regardless of previous permissions of the file. For example:
$chmod o+wx,u-x,g=rx file1 $ls -l file1 -rw-r-xrwx 1 xyz users 1024 Dec 10 00:10 file1
Here in the o is others, U is user/owner, g is group which I mentioned in the beginning of the article.
Hope, this article will help you in understanding the concept. Thank you. Have a great day.