Module –

Permissions
Permissions

2
 Permissions

Linux permissions
 Broken up into 3 parts, owner, group and everyone
• ls –l displays the permissions as –rwxr-xr-x

–rwxr-xr-x

Other’s
permissions
file type Owner
Group
(usually – or d) Permissions
permissions
• r = read
• w = write
• x = execute
• this is needed for directories and binary files or scripts

3
 Permissions Con’t

Setting permissions
 Done by adding the numbers associated with each type
 4 – read permissions
 2 – write permissions
 1 – execute permissions

 To give a file full permissions you would use 7

 4+2+1 = 7

 A number is used for all 3 groups (owner, group and everyone)

 Use chmod
 chmod 755 filename
 sets the permissions to –rwxr-xr-x

4
 The chmod command

Description: Sets the permissions on a file or directory.

Usage:
chmod permissions FILENAME

Examples:
chmod 755 /home/Documents/myfile
chmod u+x /home/scripts/myscript

Additional info:
When using the second method the syntax for the permissions is
[ugoa]+/-[rwx]
u – the user who owns the file
g – the file’s group
o – other users or everyone
a – all 3 (default if ugo not defined)

5
 Specialized File Permissions

 SUID (Set User ID)

 Allows normal users to run a script or program as the owner of that file
• An example is the passwd command, which needs to be run as
root.
 There will be an ‘s’ in the owner’s permissions for the file
• -rwsrwxr-x
 SGID (Set Group ID)
 Normally used with directories
 Allows all users of a group to add and read files in a directory
 An ‘s’ will be located in the group’s permissions for the file
• drwxrwsr-x
 Sticky bit
 Usually applied to a directory
 Ensures files and directories are only deleted by their owners
 /tmp is an example
 A t or T will be located in the other’s permissions for the file
• drwxrwxr-t OR drwxrwx--T

6
 Specialized File Permissions Con’t

 To set these a 4th digit is added to the front of the number version of chmod
 4 is for SUID
 2 is for SGID
 1 is for the sticky bit
 Adding them has the same effect as before
 Can also use +/- method as shown below
 Examples of setting the specialized bits
 chmod 1770 /tmp
 chmod o+t /tmp
 chmod 4775 /home/user/myscript
 chmod u+s /home/user/myscript
 chmod 7777 /home/myfile

7
 Specialized File Permissions Con’t

 To find files that have the special permissions set use the find command
 find / -perm +4000 (To find SUID bit set)
 find / -perm +2000 (To find SGID bit set)
 find / -perm +1000 (To find sticky bit set)
 Adding the numbers also works to find multiple in one command

8
 File Ownership and Groups

 All files have an owner and a group associated with them

 Can be seen with ‘ls -l’
-rwxr-xr-x. 3 user user 156 Oct 2 15:14 file1

 The owner is the name listed first

 The group is the name listed second
 To change these values you would use chown and chgrp

9
 The chown command

Description: Changes the owner and/or group of a file or directory.

Usage:
chown [OPTIONS] user:group FILE

Examples:
chown mark:mark /home/mark/myfile
chown -R :root /home/mark

Additional info:
If the colon is there without a username before, like the second example,
the command will just change the group of the file.

The -R switch is for recursive changes, so it will change the owner for all
files in a directory.

Note: Some *nix variants require group to be changed with chgrp

(eg. busybox on routers)

10
 The chgrp command

Description: Changes the group associated with the file.

Usage:
chgrp [OPTIONS] group FILE

Examples:
chgrp mark /home/mark/myfile
chgrp -R root /home/mark

Additional info:
The -R switch is for recursive changes, so it will change the owner for all
files in a directory.

11
 The unmask command

Description: This command is used to set the default permissions when a new file
or directory is created within the current session. It is represented by 4 digits that
are subtracted from the permissions normally set on a file, 666.
• Defaults to 0002 (the first bit is unused currently)
• Sets permissions on the new file to 664 or -rw-rw-r--
• Execute is no longer given to files when they are created

Usage:
umask [NEW MASK]

Examples:
umask
umask 0222

Additional info:
The -S switch will display the umask in symbolic form instead of digits

12