• Welcome to Bashguru

    Linux is one of popular version of UNIX operating System. It is open source as its source code is freely available. It is free to use. Linux was designed considering UNIX compatibility. It's functionality list is quite similar to that of UNIX and become very popular over the last several years. Our Basic motive is to provide latest information about Linux Operating system.

  • Python Programming

    Python is a comparatively simple programming language, compared to c++. Although some of the benefits of c++ are abstracted away in python, they are replaced with an overall easier to learn language with many “intuitive” features. For this reason it is common and recommended by most professionals that people new to programming start with python.

  • Perl Programming

    Perl is an open-source, general-purpose interpreted programming language. Used often for CGI, Perl is also used for graphics programming, system administration, network programming, finance, bioinformatics, and other applications. The Perl languages borrow features from other programming languages including C, shell scripting (sh), AWK, and sed. They provide powerful text processing facilities without the arbitrary data-length limits of many contemporary UNIX command line tools, facilitating easy manipulation of text files.

  • Android

    Android is an operating system based on the Linux kernel, and designed primarily for touch screen mobile devices such as smart phones and tablet computers. Android is a Linux-based software system, and similar to Linux, is free and open source software. This means that other companies can use the Android operating developed by Google and use it in their mobile devices.Android gives you a world-class platform for creating apps and games for Android users everywhere, as well as an open marketplace for distributing to them instantly.

Thursday, March 18, 2010

Posted by venu k
7 comments | 8:41 AM

What are file permissions:


Every file or folder in Linux has access permissions. There are three
types of permissions (what allowed to do with a file):


read access (symbolized by the letter r)
write access (symbolized by the letter w)
execute access (symbolized by the letter x)

Permissions are defined for three types of users:

the owner of the file (symbolized by the letter u )
the group that the owner belongs to (symbolized by the letter g)
other users (symbolized by the letter o)

Thus, Linux file permissions are nine bits of information. The table
below shows the syntax:

12345678910
FileUser PermissionsGroup PermissionsOther Permissions
TypeReadWriteExecuteReadWriteExecuteReadWriteExecute
drwerwerwe

- > The first character is not a permission bit, it simply indicates
the type of file as indicated in the table below:

Character Type of file
- regular file
ddirectory
lsymbolic link
ssocket
pnamed pipe
ccharacter device file (unbuffered)
bblocked device file (buffered)

Remaining nine bits are permission bits.

-> Characters 2-4 show owner of the file permissions.
Character 2 indicates read permission, character 3 indicates write
permission, and character 4 indicates execute permission.
-> Characters 5-7 show group permissions(group to which belong the file).
Character 5=read, 6=write, 7=execute .
-> Characters 8-10 show permissions for all other users. (users who are
neither a member of the Group nor the owner of the file)
Character 8=read, 9=write, 10=execute.

Ownership: When you create a file, you automatically become its
owner. The owner has full authority to tamper with a file's contents
and permissions –a privilege not available with others except the root
user.Similarly, You can create, modify or remove files in a directory
if you are the owner of the directory.

Group Ownership: When creating a user account,the system admin-
istrator also assigns the user to some group. People working on a
project are generally assigned a common group, and all files created
by group members (who have separate user ids) will have the same group
owner. However, make no mistake : The privileges of the group are set
by the owner of the file and not by the group members.

ls -l : Listing File Attributes

$ ls -l sample
-rwxr-xr-- 1 king development 0 Mar 15 00:26 sample

ls -l displays most attributes of a file – like its permissions,size
and ownership details. If file is a directory,to list attributes of a
directory use “ls -ld”.

As you can see in this example, the "ls -l" command gives a lot of
information about the file "sample":

- Its name, "sample";
- Its permissions, "-rwxr-xr--";
- Its owner, "king";
- Its group, "development";
- And other information time,size,date etc..

Permissions: rwx r-x r--

  r  Read access is allowed
wWrite access is allowed
xExecute access is allowed    
-No permissions


The first group (rwx) has all three permissions.The file is readable,
writable and executable by the owner of the file,King. But do we Know
who the owner is? Yes we do. The third column shows king as the owner
and the first permissions group applies to king. You have to log in
with the username king for these privileges to apply to you.

The second group (r-x) has a hyphen in the middle slot, which indica-
tes the absence of write permission by the group owner of the file.
This group owner is development, and all users belonging to the devel-
opment group have read and execute permissions only.

The third group (r--) has the write and execute bits absent. This set
of permissions is applicable to others i.e., those who are neither the
owner king nor belong to the development group. So this file is not
world writable.

chmod: CHANGING FILE PERMISSIONS


If you are owner of the file you can set different permissions for
the three categories of users --owner,group, and others.It's important
that you understand them because a little learning here can be a
dangerous thing.A faulty file permission is a sure recipe for disaster.

The chmod (change mode) command is used to set the permissions of
one or more files for all three categories of users.It can be run only
by the user(the owner) and the superuser. The command can be used in
two ways:

1.In a relative manner by specifying the changes to the current
permissions.
2.In an absolute manner by specifying the final permissions.

Relative Permissions:

When changing permissions in a relative manner, chmod only changes
the permissions specified in the command line and leaves the other
permissions unchanged. In this mode it uses the following syntax:

chmod category operation permission filename(s).

Bellow table shows letters to represent category, operation and
permission:
CategoryOperationPermission
u User + Assigns permissionr Read Permission
g Group - Removes permissionw Write Permission
o Other = Assigns absolute permissionx Execute Permission
a All(ugo)

Now let's consider an example. First create a file temp.

$ cat > temp
Hello world
Ctrl+d
$ ls -l temp
-rw-r--r-- 1 root root 12 Mar 16 13:32 temp

To assign execute permissions to the User of the file temp, we need
to frame a suitable expression by using appropriate characters from
each of the three columns of above Table. Since the file needs to be
executable only by the user,the expression required is u+x:

$ chmod u+x temp
$ ls -l temp
-rwxr--r-- 1 root root 12 Mar 16 13:32 temp

The command assigns(+) execute(x) permissions to the user(u), but
other permissions remain unchanged. To enable group and others to exe-
cute this file, you have to use multiple characters to represent the
user category(ugo) or simply use a it implies ugo.

$ chmod ugo+x temp
$ ls -l temp
-rwxr-xr-x 1 root root 12 Mar 16 13:32 temp

chmod command also accept more than one file name in the command line.
When you need to assign the same set of permissions to a group files,
all the file names have to be specified with a single chmod command:

$ chmod u+x temp1 temp2 temp3

Permissions are removed with the - operator. To remove the read
permission from both group and others, use the expression go-r:

$ chmod go-r temp ; ls -l temp
-rwx--x--x 1 root root 12 Mar 16 13:32 temp

chmod also accepts multiple expressions delimited by commas. For
instance, to restore the original permissions to the file temp,you
have to remove the execute permission from all(a-x) and assign read
permission to group and others(go+r):

$ chmod a-x,go+r temp; ls -l temp
-rw-r--r-- 1 root root 12 Mar 16 13:32 temp

More than one permission can also be set; u+rwx is a valid chmod
expression.So setting write and execute permissions for others is no
problem:

$ chmod o+rwx temp; ls -l temp
-rw-r--rwx 1 root root 12 Mar 16 13:32 temp

Absolute Permissions:

Some times you don't need to now what a file's current permissions
are,but want to set all nine permission bits explicitly.The expression
used by chmod here is a string of three octal numbers(base 8).Each type
of permission is assigned a number as shown :

I. Read permission - 4
II. Write permission - 2
III. Execute permission - 1

For each category we add the numbers that represent the assigned
permissions. For instance, 6 represents read and write permissions,and
7 represents all permissions.

This table shows what numeric values mean:

Octal digitText equivalentMeaning
0--- All types of access are denied
1--x Execute access is allowed only
2-w- Write access is allowed only
3-wxWrite and execute access are allowed
4r--Read access is allowed only
5 r-xRead and execute access are allowed
6rw-Read and write access are allowed
7rwx Everything is allowed


We see that "1" stands for execute only, "2" stands for write only,
"4" stands for read only.To combine the permissions you can simply add
1, 2 and 4 to get a needed combination. For instance, to get read and
write permissions,you add 4 (read) and 2 (write), thus getting 6 (read
and write). To get read and execute permissions, you add 4 (read) and
1 (execute), thus getting 5 (read and execute).

To take a simple example,if a file has read and write permissions for
the user, the octal representation of the user's permissions will be
4 + 2 = 6. When this exercise is repeated for the other categories, the
result will be a three character string representing three octal digi-
ts, with each octal digit indicating the permissions for the category.
The sequence followed is user,group and others. You can use this method
to assign read and write permissions to all three categories.

Examples:

To assign all permissions to the owner,read and write permissions to
the group,and only execute permission to the others, use this:

$ chmod 761 sample ; ls -l sample
-rwxrw---x 1 king development 0 Mar 15 00:26 sample

Assign yourself full access to read and modify the file,allow members
of the group to read it and do not allow any others access:

$ chmod 640 sample ; ls -l sample
-rw-r----- 1 king development 0 Mar 15 00:26 sample

Some octal permissions and their meaning:

PermissionsMeaning
644owner: read and write permissions,
group: only read permissions,
others: only read permissions. 
755 owner: read, write and execute permissions,
group: read and execute permissions,
others: read and execute permissions. 
754 owner: read, write and execute permissions,
group: read and execute permissions,
others: only read permissions. 


As long as you're the owner of a file, you can use the chmod command
to set the permissions any way you like.

umask: Default file and Directory permissions:



The UNIX system has the following default permissions for all files
and directories:

rw-rw-rw-(octal 666) for regular files.
rwxrwxrwx(octal 777) for directories.


However,you don't see these permissions when you create a file or a
directory. To understand this let us first create an empty file called
sample using the touch command and then try to list it.

$ touch sample ; ls -l sample
-rw-r--r-- 1 king development 0 Mar 18 00:41 sample

How come that the file permissions for this file have been set to 644
What Unix does is it uses the value stored in a variable called umask
to decide the default permissions. The umask value tells Unix which of
the three permissions are to be denied rather than granted.The current
value of umask can be easily determined by just typing umask.

# umask
0022
(Default umask value for admin is 0022)

$ umask
0002
(Default umask value for normal user is 0002)

Here, the first 0 indicates that what follows is an octal number.This
octal number which has to be subtracted from the system default to ob-
tain the actual default. This becomes 664 (666-002) for ordinary files
and 775 (755-002) for directories.When you crate a file on this system
,it will have the permissions rw-rw-r--.

umask is a shell built-in command though it also exists as an external
command. A user can also use this command to set a new default. Here's
an extreme setting:

$ umask 000 All read-write permissions on

A umask value of 000 means that you haven't subtracted anything, and
this could be a dangerous. The system's default then applies (666 for
files and 777 for directories). All files and directories are then
writable by all; nothing could be worse than that! However, a mask
value of 666 or 777 doesn't make much sense either; you'll then be cr-
eating files and directories with no permissions.

For instance, if you want all new directories to get permissions
rwxr-xr--- and files to get permissions rw-r----- by default(modes 750
and 640), you'll need to use a umask value which removes all rights to
other,and write permissions to the group : 027. The command to use is:

$ umask 027

One important thing to remember is that,no one not even the administ
rator can turn on permissions not specified in the system wide default
settings. However you can always use chmod as and when required. The
system wide umask setting is placed in one of the machine's startup
scripts, and is automatically made available to all users.

Directory Permissions:



Unix treats every thing as a file, directories too are treated by
Unix as files.A directory, as Unix perceives, is a file which contains
the names of the files present in the directory.Hence a read permission
on a directory allows the listing of the directory contents and
nothing else.

Directories also have their own permissions and the significance
of these permissions differ from those of ordinary files. Read and
write access to an ordinary file are also influenced by the permissio-
ns of the directory housing them. It's possible that a file can't be
accessed even though it has read permission, and can be removed even
when it's is write protected.

Here are some typical permissions required on directories:

To understand permissions first create temp directory and create some
files in that directory.

$ mkdir temp
$ cd temp
$ touch a b
$ pwd
/home/project/temp
$ ls -l
total 8
-rw-r--r-- 1 king development 0 Mar 18 18:56 a
-rw-r--r-- 1 king development 0 Mar 18 18:56 b

-> Execute permission is required for a user to cd into a directory.

change temp directory permissions to 400(Read only permission).
Then try to change directory, you won't be permitted.

$ chmod 400 temp
$ cd temp
cd: temp: Permission denied
$ ls temp
a b

-> Read permission is required for a user to use a command such as ls
to view the files contained in a directory.

$ chmod 300 temp
$ ls temp
ls: temp: Permission denied
$ cd temp
$ pwd
/home/project/temp

-> Execute-only permission allows a user to access the files in a
directory as long as the user knows the names of the files in the
directory, and the user is allowed to read the files.

$ chmod 100 temp
$ ls temp/
ls: temp/: Permission denied
$ cat temp/a
Hello world

-> Write permission allows the user to create, delete, or modify any
files or sub directories, even if the file or sub directory is owned by
another user.

Difference in access permissions for files and
directories:



Access permissions for files and folders mean different things from
the user standpoint. The table below shows the difference.

Access typeFileDirectory
Read If the file contents can
be read
If the directory listing can
be obtained
Write If user or process can
write to the file
(change its contents)
If user or process can change
directory contents somehow: create
new or delete existing files in the
directory or rename files.
Execute If the file can
be executed
If user or process can access the
directory, that is, go to it (make
it to be the current working direc
tory)

7 comments:

  1. An operating system is the most important software that runs on a computer(Best UNIX Training in Chennai). It manages the computer's memory, processes, and all of its software and hardware. Using a highly secured and effective operating systems are always wanted by the consumers(Unix Shell Scripting Training in Chennai). You hae said that crystal clear in your content above. Thanks for sharing this in here.
    Best UNIX Training in Chennai | Unix Shell Scripting Training in Chennai

    ReplyDelete
  2. Well Said, you have furnished the right information that will be useful to anyone at all time. Thanks for sharing your
    Ideas.
    digital marketing course in Chennai | digital marketing training in Chennai

    ReplyDelete
  3. The strategy you posted was nice. The people who want to shift their career to the IT sector then it is the right option to go with the ethical hacking course.
    Ethical hacking course in Chennai | Ethical hacking training in chennai

    ReplyDelete
  4. Nice interesting information on the latest arrived technology which helped me to get update according to the recent trends.
    Salesforce Training in Chennai | Salesforce Course in Chennai

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Very nice I gathered good information from this content.
    qtp training in chennai

    ReplyDelete