File access rights / modes in Unix

File access rights / modes in Unix


File ownership is an important component of Unix that provides a secure way to store files. Every file in Unix has the following properties to indicate access rights to it (File Permission):

Access rights of the owner: The owner access authority determines what actions the owner can perform on the file.

Permission to access groups: The access rights of a group determine what actions a user, a member of a group that owns the file, can perform on the file.

Other access rights: Only action that all users can perform on file.

Signs of access rights

While using the command ls -l, it displays various information regarding file access rights as follows:

$ls -l /home/amrood -rwxr-xr-- 1 amrood users 1024 Nov 2 00:10 myfile drwxr-xr--- 1 amrood users 1024 Nov 2 00:10 mydir

Here, the first column represents different access modes, such as access rights associated with a file or directory.

Access rights are divided into three groups, each of which represents a specific access authority, in the order of read (r), write (w) and execute (x):

The first characters from 1 to 3 (2-4 in the sequence including the – sign) represent access rights for the file owner. For example -rwxr-xr– Show that the owner allows reading (r), writing (w), and running the program (x).

The next 3-character group of 5-7 represents group access rights to owned files. For example -rwxr-xr– represents that the group allows read (r) and execute (x), but does not allow write (w)

The last 3-character group of 8-10 represents other access powers. For example -rwxr-xr– Represents that someone in the world only allows reading (r).

File access mode in Unix / Linux

The access rights of a file are the first line of protection in a Unix system. The basic building blocks in Unix access rights are the read, write and execute access rights described below.

1. Read:

Lets read the contents of the file.

2. Write:

Allows editing or removing the content of the file.

3. Implementation:

Users with executable access rights can run a file as a program.

Directory access mode

The access modes to the directory are listed and organized in the same way as in any other file. There are a few differences that you need to pay attention to:

1. Read:

Accessing a directory means that the user can read the content. Users can view the names of files inside a directory.

2. Write:

Allow user to add or delete file contents of the directory.

3. Implementation:

Running a directory doesn’t really make much sense, so you just consider it a license to traverse.

A user must have executable access to the bin directory to run, for example, the ls or cd command.

Change access permissions in Unix / Linux

To change the permissions of a file or directory, use the command chmod (stands for change mode). There are two ways to use chmod: symbolic mode (Symbolic Mode) and absolute mode (Absolute Mode).

Use chmode in symbolic mode

The easiest way for beginners to edit file or folder access permissions is to use the symbol mode. With this mode, you can add, delete, or define sets of permissions you want using the following operators:

The chmod operator Describe
+ Add specified access permissions to a file or file
Remove specified access permissions from a file or directory
= Set the specified access rights.

Here is an example using the testfile command. Running ls -1 on testfile indicates that the file’s access rights are as follows:

$ls -l testfile -rwxrwxr-- 1 amrood users 1024 Nov 2 00:10 testfile

Each chmod command example from the previous table is then run on the testfile, followed by ls -l so you can observe the access permission changes.

$chmod o+wx testfile $ls -l testfile -rwxrwxrwx 1 amrood users 1024 Nov 2 00:10 testfile $chmod u-x testfile $ls -l testfile -rw-rwxrwx 1 amrood users 1024 Nov 2 00:10 testfile $chmod g=rx testfile $ls -l testfile -rw-r-xrwx 1 amrood users 1024 Nov 2 00:10 testfile

Here’s how you can connect these commands on a single line:

$chmod o+wx,u-x,g=rx testfile $ls -l testfile -rw-r-xrwx 1 amrood users 1024 Nov 2 00:10 testfile

Use chmod with absolute access rights in Unix / Linux

The second way to edit access rights with the chmod command is to use numbers to define access permissions for the file.

Each access authority is assigned a value, as shown in the table below, and the sum of each access authority provides a number for that set of settings.

Number Represents the access authority in radix 8 Reference
0 Do not allow
first Enables execution –x
2 Allow to record -w-
3 Allow execution and writing: 1 (execute) + 2 (write) = 3 -wx
4 Lets read r–
5 Allow reading and executing: 4 (read) + 1 (execute) = 5 r-x
6 Allow reading and writing: 4 (read) + 2 (write) = 6 rw-
7 Allow all: 4 (read) + 2 (write) + 1 (execute) = 7 rwx

Here is an example using testfile. Running ls -1 on testfile indicates that the file’s access rights are as follows:

$ls -l testfile -rwxrwxr-- 1 amrood users 1024 Nov 2 00:10 testfile

Each chmod example from the previous table is run on the testfile, followed by ls -l so you can observe changes to access permissions:

$ chmod 755 testfile $ls -l testfile -rwxr-xr-x 1 amrood users 1024 Nov 2 00:10 testfile $chmod 743 testfile $ls -l testfile -rwxr---wx 1 amrood users 1024 Nov 2 00:10 testfile $chmod 043 testfile $ls -l testfile ----r---wx 1 amrood users 1024 Nov 2 00:10 testfile

Change owner and group in Unix / Linux

While creating an account on Unix, it assigns an owner ID and a group owner ID to each user. All access rights mentioned above are also assigned based on user and group.

The two commands available for changing individual and group ownership of files are:

  1. chown: This command represents the change owner.
  2. chgrp: This command represents the change of group ownership (change group).

Change of ownership in Unix / Linux

The chown command changes the ownership of a file. The basic syntax is:

$ chown user filelist

The value of the user can be the name or the ID of the user on the system. For example:

For example:

$ chown amrood testfile $

Change the owner of the given file to the owner amrood.

Note: The original owner has unrestricted rights to change the ownership of any file but the normal owner can only change the ownership of the files they own.

Change group ownership in Unix / Linux

The chrgp command changes the group ownership of the file. The simple syntax is:

$ chgrp group filelist

The value of the group can be the name or the ID of the group on the system. For example:

For example:

$ chgrp special testfile $

Change the selected group ownership to the group special.

Access rights SUID and SGID (set up personal and group ID) in Unix / Linux

Usually when a command is run, it will have to run with special privileges to perform its task.

As an example, when you change the password with the command passwd, the new password is kept in / etc / shadow file.

As an ordinary user, you do not have access to read or write to this file due to security reasons, but when you change the password, you need write access to this file. This means the program passwd must give you extra permissions so you can write etc / shadow.

Additional rights are provided to the program through a technique known as Set User ID (SUID bit) and Set Group ID (Set Group ID – SGID bit).

When you run a program that has access rights SUID, you use it to change the ownership of that program. Programs that do not set SUID are running with the user access rights that launch the program.

This is true for SGID. Normal programs run with group access, but instead, it only changes the group ownership for the running program, not the other group’s programs.

The bit SUID bit and SGID bit will appear with the letter “s” if access rights are available. The SUID “s” bit will be placed in the permission bits, where the enforcement owner will be authorized. For example, the following command:

$ ls -l /usr/bin/passwd -r-sr-xr-x 1 root bin 19031 Feb 7 13:47 /usr/bin/passwd* $

This indicates that the SUID bit is set and that the command is owned by the root owner. The uppercase letter S in the execution position instead of the lowercase s indicates that the executable bit is not set.

If sticky bit Allowed on directories, files can only be removed if you are one of the following:

Owners of sticky folders;

The owner of the file was removed;

Original owner

To set the SUID bit and SGID bit for any directory, try the following syntax:

$ ls -l /usr/bin/passwd -r-sr-xr-x 1 root bin 19031 Feb 7 13:47 /usr/bin/passwd* $

Follow Tutorialspoint

Previous lesson: Managing directories in Unix / Linux

Next: How to install Unix / Linux

.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *