Linux divides the file permissions into 3 groups with read, write and execute denoted by r,w, and x respectively.
Each file and directory has three user based permission groups:
And each user group has 3 permissions:
Read - This permission give you the authority to open and read a file. Read permission on a directory gives you the ability to lists its content.
Write - The write permission gives you the authority to modify the contents of a file. The write permission on a directory gives you the authority to add, remove and rename files stored in the directory as well as the directory itself.
Execute - In Windows, an executable program usually has an extension ".exe" and which you can easily run. In Unix/Linux, you cannot run a program unless the execute permission is set. If the execute permission is not set, you might still be able to see/modify the program code (provided read & write permissions are set), but not run it. Fon a directory the execute permission allows you to cd into the directory.
r = read permission
w = write permission
x = execute permission
- = no permission
On the example below we observe the following permission:
# ls -l my_file.txt
-rwxr-xr-x. 1 root root 0 Dec 9 15:34 my_file.txt
Takes octal (0000) and symbolic version (ugo,-+=,rws)
Changing ownership:
chown root.cloud_user [file]
Which is the same as:
chown root:cloud_user [file]
📝 NOTES:
/etc/profile (login shells), /etc/bashrc (non-login shells) or ~/.bash_profileExample of umask configuration in /etc/profile so values are different for system accounts vs real users:
# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi
📝 NOTE: It looks like special permission (except SGID) may not be part of the v8 exam
When a command or script with SUID bit set is run, its effective UID becomes that of the owner of the file, rather than of the user who is running it.
rws-----
Note that SUID does not work on scripts that start with shebang ('#!').
# chmod u+s [file]
-rwsr--r--. 1 root root 0 Mar 16 21:48 test
# chmod 4744 [file]
-rwsr--r--. 1 root root 0 Mar 16 21:48 test
📝 NOTE: A capital 'S' (-rwSr--r--) indicates that the execute bit is not set
SGID permission is similar to the SUID permission, only difference is – when the script or command with SGID on is run, it runs as if it were a member of the same group in which the file is a member.
rwxr-sr--
# chmod g+s [file]
-rwxr-sr--. 1 root root 0 Mar 16 21:48 test
# chmod 2754 [file]
-rwxr-sr--. 1 root root 0 Mar 16 21:48 test
📝 NOTE: A capital 'S' (-rwxr-Sr--) indicates that the execute bit is not set
Anyone can write, but only owner can delete the files (like '/tmp').
drwxrwxrwt
Sticky bit is usually set on directories. Setting the sticky bit on a file does nothing (on Linux).
# chmod o+t [file]
drwxrwrwt. 1 root root 0 Mar 16 21:48 testdir
# chmod 1777 [file]
drwxrwxrwt. 1 root root 0 Mar 16 21:48 testdir
📝 NOTES:
| Mode | Octal | Symbolic |
|---|---|---|
| SUID | 4755 | u+s |
| SGID | 2775 | g+s |
| Sticky Bit | 1777 | o+t |
A '.' can represent special permissions (SELinux related).
-rw-rw-rw-.
A '+' indicates ACLs are applied.
-rw-rw-rw-+