Linux Security Debian Slax Tiny Core Health

Linux

If a Computer Won't Start from a CD, DVD or USB Drive

Filesystems

Partitioning

Live CDs for Partitioning

Grub

Master Boot Record

Root Terminal

Root File Manager

Root Text Editor

File Ownership

File Permissions

List the Contents of a Directory

Change Directory

Mount a Drive or Partition

Mount an ISO Image Without Writing it to a CD or DVD

Download Large Files

Other Commands

Dial Up Modems

Linux Links


Other Links


Contact Details

Linux

File Permissions

File Ownership

When using a Linux filesystem, every file and directory belongs to an Owner and Group.


Owner, Group and Others

Every file and directory has three sets of permissions, for the owner, group and others.


Read, Write and Execute

Permissions include read, write and execute, or no permission.


Files

If you have permission to read a file, you can read it, but not modify it. If you have permission to write, you can modify it. If you have permission to execute, you can execute it. This normally applies to program files. If you don't have any permissions, you cannot even read the file.


Directories

If you have permission to read a directory, you can use a command such as ls to list the files in that directory. If you have permission to write to a directory, you can create, delete or rename files or subdirectories in that directory. If you have permission to execute a directory, you can use the cd command to go to that directory and make it the working directory.


Security

Having File Ownership and permissions, increases the security of Linux operating systems. Files cannot be modified without appropriate permissions. Unauthorized access is more difficult. Linux is less likely to be affected by viruses and malware. When malware does affect Linux, it is less invasive.


Root File Manager

With most Linux distributions, permissions can be changed using the Root File Manager. To do this, right click on a file or directory. Click "Properties," then click "Permissions."


Root Terminal

Following is how to change permissions using the Root Terminal.


Find Out Permissions

To find out permissions, open the terminal and type:

ls -l

ls stands for list, and -l stands for long.


You will see something like:

d rwx rwx rwx
 owner group others

The first letter shows the type of file. The next three letters show permissions for the owner. The three after that show the permissions for the group. The last three show the permissions for others.


The first letter may be:

-   file

d   directory

l   link


The following letters may be:

-   no permission

r   read

w   write

x   execute


Changing Permissions Using the Numeric Mode

There are different ways to change permissions. One way is using the numeric mode. The following numbers are used.

0   no permission

4   read

2   write

1   execute


Add numbers together. For example, for read and write use 6 (4+2), for read and execute use 5 (4+1), and for read, write and execute, use 7 (4+2+1).

Permissions go in the order owner, group and others.

For example 640 means, read and write for the owner, read for the group, and no permission for others.


To change permissions, open the Root Terminal and type:

chmod [options] numeric-permissions file [more files]

chmod stands for change mode.

The options within square brackets are optional. You must always include "chmod," the numeric mode numbers, and the name of the file.

For example, to change the permissions of anyfile.txt, to read, write and execute for the owner, and read and execute for the group and others, use:

chmod 755 anyfile.txt

The Recursive Option

The recursive option enables you to change the permissions of a directory, and all files and directories within that directory, with one command. To do this use "-R."

For example, if you wanted to change the permissions of the directory mydirectory, and all files and directories within mydirectory, to 755, you could use:

chmod -R 755 mydirectory

Changing Permissions Using the Symbolic Mode

When changing permissions using the symbolic mode, you specify who to change the permissions for. This may be:

u   user

g   group

o   others

a   all

These may be combined. You may have:

ug   user and group

uo   user and others

go   group and others

ugo   all - the same as a

If not specified, permissions are changed for all.


Permissions may be:

+   added

-   removed

=   changed to the permissions specified


Permissions may be:

r   read

w   write

x   execute


Following are examples.


To add read for user and group, use:

chmod ug+r filename

To remove execute for all, use:

chmod -x filename

To make permissions read and write for all, use:

chmod =rw filename

The recursive option may also be used. To add read permission for the user for all files and subdirectories in a directory, use:

chmod -R u+r directoryname

Set User ID

Permissions are normally r, w or x. In some situations, the x may be replaced by an s. This enables the user to have the permissions of the owner or group of the file, just for that process. This may be used, for example, to enable users to change their passwords. You normally need to be root to change passwords. s may be used to enable users to have root permissions just while changing their password.


More Information

For more information and other options, open the terminal and type:

man chmod

for the manual, or

chmod --help

for help.


< File Ownership

List the Contents of a Directory >

© Copyright Guy Shipard 2008 - 2009