File Permissions
File permissions
$ls -l Desktop/
drwxr-xr-x 2 pete penguins 4096 Dec 1 11:45 .
Four parts to file permissions
Filetype (d (for directory) in the example) a is for regular file
These 3 parts are the actual file permissions.
d | rwx | r-x | r-x
Filetype | User Permissions | Group Permissions | Other Permissions
r - readable
w - writable
x - executable
- empty
Modifying Permissions
$ chmod u+x myfile
Format: Chmod, permission set (user, group or other), file
The + is adding the permission
$ chmod u-x myfile
The - is removing the permission
$ chmod ug+w
Adding write to user and group (add “o” for other permissions)
Numerical representations for changing permissions
4: read permission
2: write permission
1: execute permission
Ex: $ chmod 755 myfile
Rwx re re user, group, other
Ownership permissions
$ sudo chown patty myfile
Sets the owner of myfile to patty (chown is change owner)
$ sudo chgrp whales myfile
Set the group of myfile to whales (chgrp = change group)
$ sudo chown patty:whales myfile
Changes group and user at the same time.
Umask
Used to chane default permissions
Only persists if you modify .profile
$ umask 021
Takes away x permissions from others (the default is 022)
Setuid
SUID
Allows a user to run a program as the owner of the program file rather than as themselves.
in /usr/bin/passwd you’ll see an ’s’ in permissions for SUID.
This means when a user is running the passwd command they are running as root.
-rwsr-xr-x 1 root root 47032 Dec 1 11:45 /usr/bin/passwd
Modifying SUID
2 ways to modify
Symbolic:
$ sudo chmod u+s myfile
Numerical:
$ sudo chmod 4755 myfile
SUID is denoted with a 4 and is pre-pended to the permission set.
SUID denoted as a capital S does not have execute permissions
Setgid
SGID
Allows a program to run as if it was a member of that group.
Modifying SGID
$ sudo chmod g+s myfile
$ sudo chmod 2555 myfile
Numerical representations for SGID is 2
Process permissions
Effective user ID
There are three UIDs associated with every process.
When you launch a process, it runs with the same permissions as the user or group that ran it. This is used to grant access rights to a process.
Real User ID
The ID of the user who launched the process. Used to track down the user who launched a process.
Saved user ID
Allows a process to switch between the effective user ID and the Real user ID
The Sticky Bit
A permission bit that makes it so only the owner or root can delete or modify the file.
$ls -ld /tmp
drwxrwxrwxt 6 root root 4096 Dec 15 11:45 /tmp
The t at the end is the sticky bit.
Modify sticky bit
$ sudo chmod +t mydir
$ sudo chmod 1755 mydir
The numerical representation of the sticky bit is 1