Free Domain Sign up for PayPal and start accepting credit card payments instantly.

Thursday, July 15, 2010

File Types - Permissions - Symlinks

Features:
1. The ability to restrict/control access to files

Note: 10 bits represent permissions for files (including directories)

Note: use 'ls -l' to examine permissions or GUI application like 'Nautilus'

-rwxrwxr-x 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl

1st bit = file type. '-' = file, 'd' = directory
2nd - 4th bits = owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0

5th - 7th bits = group owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0

8th - 10th bits = everyone (world)
r = read = 4
w = write = 2
x = execute = 1
- = none = 0

Task:
1. Manipulate file permissions using 'chmod'
a. chmod -x regextest.pl

-rw-rw-r-- 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl
rw = 6 or 4+2 for owner
rw = 6 or 4+2 for group owner
r = 4 for everyone else (world)

Octal notation: 664 for file 'regexetest.pl'

chmod 664 regextest.pl - removes execution for ALL users
chmod 775 regextest.pl - enables execution for ALL users


2. Ensure that 'regextest.pl' is rw by owner and noone else
a. chmod 600 regextest.pl

Note: File will now be rw by owner (linuxcbt) and 'root'

3. Ensure that 'regextest.pl' is r by owner and noone else
a. chmod 400 regextest.pl && ls -l regextest.pl

Note: chmod supports string values, which represent octal values
chmod +/- x file
chmod +/- w file
chmod +/- r file

chmod +/- u+x file - updates owner's execute permissions on the file
chmod +/- o+x file - updates other's execute permissions on the file
chmod +/- g+x file - updates group's execute permissions on the file

chmod a+rwx = chmod 777


chown - permits changing of ownership of files
a. chown root regextest.pl - changes ownership to 'root'
b. chown linuxcbt:sales regextest.pl - changes owner and group to 'linuxcbt:sales'

Task:
Update 'regextest.pl' so that owner and group owner may modify the file

a. chmod 660 regextest.pl


SETUID:
Features:
1. ability to execute file as owner

chmod 4760 regextest.pl - this will ensure that the perl script always executes as the user 'linuxcbt'
-rwsrw---- 1 linuxcbt sales 787 Jan 28 16:08 regextest.pl

's' in the execute position means that the program will execute as that user


SETGID:
Features:
1. Ability to enforce permissions to a directory structure

mkdir /sales
chmod 2775 /sales

Create a file in the '/sales' directory as 'linuxcbt'
seq 1000000 > linuxcbt.1million.txt


chgrp:
Permits updating of group permissions


Sticky Bit:
Features:
1. Ability to ensure that users cannot delete others' files in a directory

drwxrwxrwt 23 root root 4096 Jan 28 15:05 /tmp/


/tmp - users cannot delete other user's files in '/tmp'

chmod 3777 /sales - ensures that /sales will not lose files from incorrect users

Task:
1. Set '/sales' using sticky bit and test
a. chmod 3777 /sales && ls -ld /sales OR chmod 777 /sales && chmod +t /sales

5 comments:

  1. Nice notes but this are for Red Hat Enterprise Linux 5 & not for Red Hat Linux 5.

    Yourself being and RHCE should know the difference.

    ReplyDelete
  2. Nirmal I understand your word, But What I thought is "Red Hat Enterprise Linux 5 " string length is long and anyhow,an RHCE aspirants know it is Red Hat Enterprise Linux 5 .. So I cut shorted it,
    Thanks for Visiting my blog and for u suggestion, I hope it help u ...

    ReplyDelete