File Permissions
Linux allows several users to access the system. As a result, it must protect the safety of all users. It protects users from making unauthorized changes to files. These permissions were separated into two categories by Linux: ownership and permission. Understanding these concepts is important to operate any Linux distribution. In this section, we will discuss this in detail.
- Ownership: Every file and directory in Linux is owned by a user, group, or other entity. The individual who generated the file is referred to as the user. A user group is a collection of users who all have the same permissions. Instead of providing access to each user individually, Linux allows you to group all users together. Other users who did not create the file or who do not belong to a user group might possess the file. So it applies to everyone else in one sense.
- Permissions: Linux offers three kinds of permissions to every directory and file. These are read, written, and executed. With read permissions, you can open the file and read it but can not make a change. To modify the file you must need to write permission. Execute permissions are needed to run a program that is a similar type to the ‘.exe’ extensions in Windows. Without executing permissions, you may read and write the file but can not run it.
To see the permissions of a file (sample.txt), you need to run the following command.
$ ls -l sample.txt
Different sorts of permissions are displayed in the result. The initial ‘-‘ denotes the presence of a file, sample.txt. It displays ‘d’ for a directory. There are three permit groups after that. The first group is for users, the second is for groups, and the third section displays permissions for additional groups.
We can see different letters for different permissions.
- R: read
- W: write
- X: execute
- -: no permission
Next to the permissions, the terminal shows the file owner and the date when the file was created.
Modifying Permissions
Permissions of any files or directory can be changed using the ‘chmod’ command. To change the permission first you need to choose the ownership for which you want to change the permissions.
Permissions added to a file
Let’s say you want to add execute permission for a user of the sample.txt file. For this run the following command.
$ chmod u+x sample.txtNow, you can see sample.txt has to execute permission for the user. You may also change this for the user group by running the “ug+x” command.
Removing the permissions
For removing permissions, you need to use the ‘-’ operation. Try the command line below.
$ chmod u-x sample.txt
Another option is to alter the authorization in numerical format. The following are the numerical representations:
- 4: read
- 2: write
- 1: execute
Now, run the command below.
$ chmod 765 sample.txt
The first digit represents the user, the second digit represents the user group, and the last digit represents the other group. So, in this situation, the user has read, write, and execute rights because of the 7(4+3+1) permissions number, the user-group has read and write permissions because of the 6(4+2) permissions number, and the other group has read and execute permissions because of the 5(4+1) permissions number.
Setuid
Users can run a file or program with the rights of the user (setuid) or group (setgid) that controls the file using setuid and setgid. If you want a user to be able to do a certain operation that requires root/superuser rights but doesn’t want to grant them sudo or root access, this is a good option.
To explore this in detail, let’s run the following command.
$ passwdBy running the command, you can change your user password in the system. This password is saved in the ‘usr/bin/passwd’ directory. Now, let’s see the permissions of the directory.
$ ls -l usr/bin/passwd
You can see that root is the owner of the directory. So, how come you can change it? The answer lies in the ‘s’ in the user permissions group. This ‘s’ denotes the user id (UID) which allows the user to change its password. That means ‘s’ provides a certain kind of superuser power to the user. By user id, one user can only modify its own password, not the others.
Like traditional ways to change a file’s permissions, there are two ways to modify SUID permissions.
Symbolic way:
$ sudo chmod u+s sample.txt
You can notice that there are ‘s’ in the user group.
Numerical way:
$ chmod 4755 sample.txtSUID permission number(4) is placed before the other three permissions.
In this same way, you can also change the group id (SGID) of a file or directory. To try this, first, make a folder named ‘group’ and check its default permissions.
$ mkdir group
$ ls -ld group/
So, it does not have any SGUID. To set SGUID, run the following command.
$ chmod g+s group
$ ls -ld group
Now, the folder has ‘s’ in the group-user permission group. You can also do this in a numerical way.
$ chmod 2555 folder
