May 23, 2021 UNIX Getting started
6. Chmod is used in symbol mode
7. Absolute permissions are used in chmod commands
8. Change the owner and the group to which it belongs
9. Change the owner relationship
File ownership is an important part of UNIX and provides a secure way to store files. Each file in UNIX has the following properties:
When using the ls -l command, the various permissions associated with the file are presented as follows:
$ls -l /home/amrood
-rwxr-xr-- 1 amrood users 1024 Nov 2 00:10 myfile
drwxr-xr--- 1 amrood users 1024 Nov 2 00:10 mydir
The first column of the output represents the access pattern or permissions associated with the file or directory.
Permissions are divided into three groups, each of which represents a specific permission, read (r), write (w), and execute (x):
-rwxr-xr--
that the owner of the file has permission to read (r), write (w), and execute (x).
-rwxr-xr--
that the group it belongs to has permission to read (r) and execute (x), but does not have write permissions.
-rwxr-xr--
that others have only read (r) permissions.
File permissions are the first line of defense against UNIX system security. The basic component of UNIX permissions is read, write, and execute permissions, as follows:
Directory access patterns are organized in the same way as other files. However, there are some differences that need to be mentioned:
The user must first access the bin directory in order to execute the ls or cd command.
To change the permissions of a file or directory, you can use the chmod command. There are two ways to use chmod: symbol mode and absolute mode.
For beginners, using symbol patterns is the easiest way to modify permissions for a file or directory. You can use the symbols in the following table to add, remove, or specify the permissions you want to set.
Chmod operator | Describe |
---|---|
+ | Add the specified permissions to the file or directory. |
- | Permission to delete a file or directory. |
= | Set the specified permissions. |
The following is an example of a testfile file.
Running
ls -l
on a testfile file displays the permissions of the file as if:
$ls -l testfile
-rwxrwxr-- 1 amrood users 1024 Nov 2 00:10 testfile
Next, run the chmod command in the previous table on testfile, and here's how you can see the file permissions change after
ls -l
runs:
$chmod o+wx testfile
$ls -l testfile
-rwxrwxrwx 1 amrood users 1024 Nov 2 00:10 testfile
$chmod u-x testfile
$ls -l testfile
-rw-rwxrwx 1 amrood users 1024 Nov 2 00:10 testfile
$chmod g=rx testfile
$ls -l testfile
-rw-r-xrwx 1 amrood users 1024 Nov 2 00:10 testfile
Here's how to combine the above commands into one line:
$chmod o+wx,u-x,g=rx testfile
$ls -l testfile
-rw-r-xrwx 1 amrood users 1024 Nov 2 00:10 testfile
The second way to modify permissions with the chmod command is to use a number to specify some column permissions for a file.
Each permission is assigned a value, as shown in the table below, and provides a value for the sum of each permission set.
Numerical | Permission octals are represented | Reference |
---|---|---|
0 | There are no permissions | --- |
1 | Executable permissions | --x |
2 | Write permissions | -w- |
3 | Execution and write permissions: 1 (execution) s 2 (write) s 3 | -wx |
4 | Read permissions | r-- |
5 | Read and execute permissions: 4 (read) s 1 (execute) s 5 | r-x |
6 | Read and write permissions: 4 (read) s 2 (write) s 6 | rw- |
7 | All permissions: 4 (read) s 2 (write) s 1 (executed) s 7 | rwx |
The following is an example of a testfile file. Running the ls-l command shows the permissions associated with the file as follows:
$ls -l testfile
-rwxrwxr-- 1 amrood users 1024 Nov 2 00:10 testfile
Run each chmod sample command in the table above on testfile, as follows, after ls -l, you can see the change in permissions in the following command:
$ chmod 755 testfile
$ls -l testfile
-rwxr-xr-x 1 amrood users 1024 Nov 2 00:10 testfile
$chmod 743 testfile
$ls -l testfile
-rwxr---wx 1 amrood users 1024 Nov 2 00:10 testfile
$chmod 043 testfile
$ls -l testfile
----r---wx 1 amrood users 1024 Nov 2 00:10 testfile
When you create an account on UNIX, each user is assigned an owner ID and a group ID. All of the permissions mentioned above are also assigned based on owners and groups.
The following two commands can change the owners and groups of a file:
The chown command is used to change the owner of a file, and its basic syntax is as follows:
$ chown user filelist
The user in the command above can be neither the user name of the system nor the id (uid) of the user in the system. Example:
$ chown amrood testfile
$
Change the owner of the testfile file to an amrood user.
Note: Super users, root users, have unrestricted permissions to change the owners of all files, but the average user can only modify the owner of the files they own.
The chgrp command is used to modify the group to which the file belongs. The basic syntax is as follows:
$ chgrp group filelist
The group in the command above can be neither the name of the group that exists in the system nor the ID (GID) of the group that exists in the system.
Example:
$ chgrp special testfile
$
The group that changes a given file is the special group.
Typically, when you execute a command, it must have some special permissions in order to complete the task.
For example, when you change your password using the
passwd
command, your new password is stored
/etc/shadow
As an ordinary user, you don't have access to this file for security reasons, but when you change your password, you need to have permission to write to the file.
This
means that the passwd
program must give you additional permissions so that you can write a file
/etc/shadow
which means that additional permissions are required.
You can give the program additional permissions by setting the user ID (SUID) and group ID (SGID) bits.
When you execute a SUID-enabled program, you inherit the permissions of the program owner. Users who start a modified program can run the program directly without setting up a SUID.
This also applies to SGIDs. Typically, a program is executed by group permission unless your group changes the owner of the group to which the program belongs.
If SUID and SGID permissions are available, they will appear in a low-key "s". T he "s" bit of the SUID is usually next to the owner execution permission in the permission. As follows:
$ ls -l /usr/bin/passwd
-r-sr-xr-x 1 root bin 19031 Feb 7 13:47 /usr/bin/passwd*
$
The above shows that the SUID is set and that the command is owned by the root user. T he execution bit is not set when the capital letter S is used instead of the lowercase letter.
If you set the anti-delete bit (sticky bit) on a directory, you can delete the file only if you are any of the following users:
You can set the SUID and SGID bits for any directory in the following way.
$ chmod ug+s dirname
$ ls -l
drwsr-sr-x 2 root root 4096 Jun 19 06:45 dirname
$