Linux is a robust operating system with a variety of security features. However, improper file and directory permissions can introduce vulnerabilities, especially when local access is granted. This guide covers essential concepts, commands, and examples to help you understand and manage Linux file permissions effectively.
Permission Groups
Every file or directory in Linux has three user-based permission groups:
Owner
Permissions apply solely to the file/directory owner.
Changes made here do not affect other users.
Group
Permissions apply to a specific group assigned to the file/directory.
These do not affect users outside the group.
All Users
Permissions apply to all other system users.
This is the most critical group to monitor for vulnerabilities.
Permission Types
Permissions define what actions a user can perform:
Read (r) – Allows viewing the content of a file or listing a directory's contents.
Write (w) – Grants the ability to modify or delete files/directories.
Execute (x) – Enables running executable files or accessing directory contents.
Viewing Permissions
To check file or directory permissions, use:
ls -l
The output format looks like this:
-rwxrwxrwx 1 owner:group file_name
The first character indicates the type:
-for regular files,dfor directories, andlfor symbolic links.
The next nine characters represent permissions for Owner, Group, and All Users, grouped in sets of three (
rwx).After this comes the number of hard links, followed by the Owner and Group assignments.
Modifying Permissions
File permissions can be modified using the chmod command. Permissions can be set either explicitly or through binary references.
1. Explicit Permission Assignment
Explicit changes involve specifying permission groups and types.
Permission Groups:
u= Ownerg= Groupo= Othersa= All users
Assignment Operators:
+= Add permission-= Remove permission
Examples:
To remove read and write permissions for all users:
chmod a-rw file1To add read and write permissions for all users:
chmod a+rw file1
2. Using Binary References
Linux permissions can also be set using a numerical representation.
Reference Numbers:
r= 4w= 2x= 1
The sum of these values determines the permissions for each group (Owner, Group, Others).
Example: To set a file's permissions to Owner (rwx), Group (r), Others (none): This corresponds to:
chmod 740 file1Owner:
4+2+1=7(rwx)Group:
4=4(r--)Others:
0=0(---)
Changing File Owners and Groups
Use the chown command to assign or modify the owner and group:
chown owner:group file_name
Example: To assign ownership of
file1touser1and group tofamily:chown user1:family file1
Advanced Permissions
Special permission flags provide additional control:
_– No special permissionsd– Directoryl– Symbolic links– Setuid/Setgid (allows a program to run with the owner's/group's permissions)t– Sticky bit (prevents users from deleting files they don't own in shared directories)
Practical Tips
Always apply the principle of least privilege. Grant only the permissions required.
Regularly audit permissions using tools like
ls -l.Use special permissions
SetuidorSticky Bitwith caution.
By mastering these commands and practices, you’ll ensure secure and effective management of files and directories in Linux. Proper permissions safeguard your system from unauthorized access and misuse.
And that’s a wrap on Linux File Permissions! We’ve delved into Permission Groups and Types, learned how to modify permissions, and picked up some handy tips along the way. While it may seem straightforward, mastering file permissions is absolutely crucial—after all, your files are the heart of your work, and you don’t want anyone messing with them, right?
But don’t close your terminal just yet! Next up, we’re diving into the world of Text Editors in Linux—your trusty sidekicks for scripting and beyond. So, stay tuned as we explore the tools that will take your Linux skills to the next level.
Until next time, keep coding, automating, and advancing in DevOps! 😁
Peace out ✌️