All files and directories are "owned" by the person who created them. You created the file text.txt in your login directory, so test.txt belongs to you.
That means you can specify who is allowed to read the file, write to the file, or who can execute the file.
Reading, writing, and executing are the three main settings in permissions. Since users are placed into a group when their accounts are created, you can also specify whether certain groups can read, write to, or execute a file.
Features:
1. The ability to restrict/control access to files
Note: 10 bits represent permissions for files (including directories)
Note: use 'ls -l' to examine permissions or GUI application like 'Nautilus'
-rwxrwxr-x 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl
1st bit = file type :
'-' = a regular file,
'd' = a directory,
'l' = a symbolic link to another program or file elsewhere on the system
2nd - 4th bits = owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
5th - 7th bits = group owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
8th - 10th bits = everyone (world)
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
Task:
1. Manipulate file permissions using 'chmod'
a. chmod -x regextest.pl
-rw-rw-r-- 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl
rw = 6 or 4+2 for owner
rw = 6 or 4+2 for group owner
r = 4 for everyone else (world)
Octal notation: 664 for file 'regexetest.pl'
chmod 664 regextest.pl - removes execution for ALL users
chmod 775 regextest.pl - enables execution for ALL users
2. Ensure that 'regextest.pl' is rw by owner and noone else
a. chmod 600 regextest.pl
Note: File will now be rw by owner (linuxcbt) and 'root'
3. Ensure that 'regextest.pl' is r by owner and noone else
a. chmod 400 regextest.pl && ls -l regextest.pl
Note: chmod supports string values, which represent octal values
chmod +/- x file
chmod +/- w file
chmod +/- r file
chmod +/- u+x file - updates owner's execute permissions on the file
chmod +/- o+x file - updates other's execute permissions on the file
chmod +/- g+x file - updates group's execute permissions on the file
chmod a+rwx = chmod 777
chown - permits changing of ownership of files
a. chown root regextest.pl - changes ownership to 'root'
b. chown linuxcbt:sales regextest.pl - changes owner and group to 'linuxcbt:sales'
Task:
Update 'regextest.pl' so that owner and group owner may modify the file
a. chmod 660 regextest.pl
Special Permission
SETUID:
Features:
1. ability to execute file as owner
chmod 4760 regextest.pl - this will ensure that the perl script always executes as the user 'linuxcbt'
-rwsrw---- 1 linuxcbt sales 787 Jan 13 16:08 regextest.pl
's' in the execute position means that the program will execute as that user
SETGID:
Features:
1. Ability to enforce permissions to a directory structure
mkdir /sales
chmod 2775 /sales
Create a file in the '/sales' directory as 'linuxcbt'
seq 1000000 > linuxcbt.1million.txt
chgrp:
Permits updating of group permissions
Sticky Bit:
Features:
1. Ability to ensure that users cannot delete others' files in a directory
drwxrwxrwt 23 root root 4096 Jan 13 15:05 /tmp/
/tmp - users cannot delete other user's files in '/tmp'
chmod 3777 /sales - ensures that /sales will not lose files from incorrect users
Task:
1. Set '/sales' using sticky bit and test
a. chmod 3777 /sales && ls -ld /sales OR chmod 777 /sales && chmod +t /sales