Understanding the Linux File Permissions

UNIX is a multi-user OS that many users can access simultaneously. Linux is pretty much a cloned version of UNIX that you can also use in servers and mainframes without modification. However, this brings up several security concerns since any unauthorised or malicious user can change, remove or corrupt sensitive data.

The existing file permissions in Linux make up a significant part of the OS’s defence against unauthorised user access. There are several security features in Linux systems, but granting local access can expose significant vulnerabilities. Therefore, it’s vital to assign the most accurate permissions to directories and files. 

Groups of Permissions in Linux:

Every directory and file in Linux provides permissions in three user-based groups:

  • owner - Owner permissions are available only to a file or directory’s owner or creator. This permission does not impact other users’ actions. 
  • group - Group permissions are only applicable to a group that the file/directory has been assigned to. A Group permission won’t affect other users’ actions.
  • all users - All Users permissions on Linux apply to every other user on a system. This is the permission that has the highest potential for misuse.

Types of Permissions:

Files and directories in Linux have three basic types of permissions:

  • Read - This permission allows a user to read or view the contents within a file.
  • Write - This permission allows a user to modify the contents in a directory or file and allows them to write in it.
  • Execute - This permission allows users to execute files or view the contents in a directory.

Viewing Permissions in Linux:

To view a file or directory’s permissions, 

  • Check the permissions of a file or directory in your GUI File Manager.
  • Review the output of the ‘Is -I’ command while working within the directory containing the file and while you’re in the terminal.

The permissions of a file or directory are displayed in the command line as follows:
_rwxrwxrwx 1 owner:group

  1. User permissions/rights:

The first character shown with an underscore is the special permission and varies with change.

  • The next set of 3 rwx characters refers to owner permissions.
  • The next set of 3 characters refers to group permissions.
  • The final set of 3 characters refers to the all users permission.
  1. The number or integer that is displayed after these characters refers to the number of hard links that a file has. 

  2. The final piece of the command is the assigning of Owner and Group, hence the formatting of Owner:Group.

Defining Permissions Explicitly:

To define permissions in Linux explicitly, you need to reference each Permission Type and Permission Group. 

The permission Groups are denoted as:

  • u - owner
  • g - group
  • o - others
  • a - all users

Potential Assignment Operators used are plus (+) and minus (-), which tell systems whether to remove or add a specific permission.

The Permission Types are denoted as:

  • r - read
  • w - write
  • x - execute

Consider an example. Imagine you are working with a file saved as ‘file1’ with existing permissions _rw_rw_rw. This means the file permissions to read as well as write are present for everyone - the owner, group and all users. If you want to remove the permission to read and write for ‘all users’, you must invoke the chmod command in Linux. More specifically, chmod a-rw file1. If you wish to grant this permission, you need to simply change the minus sign to plus, like chmod a+rw file1. 

Also Read: Linux vs Windows: Which One Is The Best Choice For You?

Using a Binary Reference to Set Permissions:

To set file permissions using a binary reference, you need to understand that you can enter three numbers or integers to provide input. As a sample string of permissions, consider chmod 640 file1. This means the owner has permission to read and write, the group has permission to read, but the all user group has no permissions.

The first number represents owner permissions, the second one, group permissions and the last one denotes all other users’ permissions. These numbers provide a binary rwx string representation. 

  • r = 4
  • w = 2
  • x = 1

By adding these numbers, you will get the number or integer that represents the permissions you want to set. You must include binary permissions for each permission group there is.

When are Permissions Important:

For Windows or Apple computer systems, you never really need to think about permissions at a personal level. That is because these operating systems don’t focus too much on user-based file rights, except at a corporate level. But the situation changes when you use a Linux-based system with permission-based file security. You can easily restrict access to files and directories as you please. 

Take a look at some folders and documents you should focus on and the optimal permissions you should set up:

  • home directories: A user’s home directory is important because you wouldn’t want strangers to see or be able to modify your documents that are saved to your desktop. To ensure this doesn't happen, your home directory should have this command enabled:Drwx______ (700). This means if you want to enforce relevant permissions on a home directory saved as file1, you can give the command chmod 700 /home/file1.
  • bootloader configuration files: If you want to enable a password for booting a specific OS, you need to remove all permissions from the configuration file for every user except the user. This means you need to change the file permissions to 700.
  • system and daemon configuration files: Restricting rights to daemon and system configuration files is critical for security and to ensure users cannot edit contents. While read permissions don’t necessarily need to be restricted, writing or modifying permissions should always be restricted. Thus, modifying permissions to 644 is the best way to go. 
  • firewall scripts: You don’t necessarily need to block users from reading your firewall file. Sometimes, the root user automatically runs the firewall script on booting. Therefore, since no other groups of users need any rights, you can assign permissions as 700.

To know more about how Linux permissions work and how to navigate a Linux-based system, you can benefit from a Linux training course. Enrol in one on Koenig today.

Armin Vans
Devpriyam is a Microsoft Certified Trainer with rich experience in Database Administration, System Administration, Oracle Applications, Troubleshooting, and Backup & Recovery concepts. I deliver training on various Database Systems Management tools.

COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here
You have entered an incorrect email address!
Please enter your email address here

Loading...

Submitted Successfully...