[Share Experiences] [1060a Series] Permission Management
Tofloor
poster avatar
SuperDavid
Moderator
2024-09-06 17:08
Author

[1060a Series] Permission Management

I. Explanation of ls -l** Output**

[root@1060a ~]# ls -l

total 8

-rw------- 1 root root 1206 Nov 2 19:40 anaconda-ks.cfg

drwxr-xr-x 2 root root 59 Nov 2 19:42 Desktop

drwxr-xr-x 2 root root 6 Nov 2 19:37 Documents

drwxr-xr-x 2 root root 6 Nov 2 19:37 Downloads

-rw------- 1 root root 1483 Nov 2 19:41 initial-setup-ks.cfg

drwxr-xr-x 2 root root 32 Nov 2 19:37 Music

drwxr-xr-x 3 root root 24 Nov 2 19:37 Pictures

drwxr-xr-x 2 root root 6 Nov 2 19:37 Videos

Each line can be divided into 8 fields:

-|rw------- | 1 | root | root | 1206 | Nov 2 19:40 | anaconda-ks.cfg

  1. File Type: - indicates a regular file. Other types include:

    • d: directory
    • l: link file
    • b: block device file
  2. Permissions: Divided into three groups (owner, group, others), with an additional + indicating ACL permissions.

  3. Number of Links: For directories, this represents the number of subdirectories; for files, the number of hard links.

  4. File Owner: The owner of the file.

  5. Group Owner: The group owning the file.

  6. File Size: Size of the file in bytes.

  7. Last Modification Time: Last time the file content was modified. Use stat command to view all timestamps:

[root@1060a ~]# stat anaconda-ks.cfg

  1. File Name: The name of the file.

II. Basic Permissions

Permissions define what actions users can perform on files. Basic permissions in Linux are:

  • r (read)
  • w (write)
  • x (execute)

Effect of Permissions on Files and Directories:

  • Files:

    • r: Read file content.
    • w: Modify file content.
    • x: Execute the file as a command.
  • Directories:

    • r: Read the directory content.
    • w: Modify directory content.
    • x: Enter the directory.

Determining Permissions:

  • When running a command, a process is created with the user's UID and GID.
    • If the process UID matches the file UID, the user permissions apply.
    • If the process GID matches the file GID, the group permissions apply.
    • Otherwise, the others' permissions apply.
  • Permission priority: user > group > others.

Modifying Permissions:

  • Use chmod to change permissions.
  • Symbolic Mode:

chmod [options] u/g/o/a +/-/= filename

  • u: user
  • g: group
  • o: others
  • a: all
  • Numeric Mode:

chmod [options] permissions filename

  • Permissions are represented by three digits, e.g., 755.
  • Examples:

chmod 777 file1

chmod 651 file1

  • Changing Ownership:
    • Use chown to change file owner and group:

chown [options] [OWNER][:[GROUP]] FILE...

  • Examples:

chown admin file1

chown :admin file1

chown user1:user1 file1

III. Special Permissions

Representation of Special Permissions

Permission Symbol Corresponding Number
suid s 4
sgid S 2
sticky T 1

Types of Special Permissions:

  1. SUID: When a user executes a file with SUID, they execute it as the file owner. It applies only to executable files.

chmod u+s filename

  1. SGID:
    • Files: Similar to SUID but for groups.
    • Directories: Files created within inherit the directory's group.

chmod g+s filename/dirname

  1. Sticky Bit: Only file owners and root can delete files in a directory with this permission.

chmod o+t dirname

Setting Special Permissions with Numeric Mode:

chmod 4xxx filename # SUIDchmod 2xxx filename/dirname # SGIDchmod 1xxx dirname# Sticky bit

IV. Hidden Permissions

Types of Hidden Permissions:

  1. i Permission: Immutable. Cannot modify or delete the file.
  2. a Permission: Append-only. Can only add to the file.

Managing Hidden Permissions:

  • Use chattr to set hidden permissions:

chattr +/- permission filename

  • Use lsattr to view hidden permissions:

lsattr filename

V. ACL Permissions

Access Control Lists (ACLs) provide fine-grained permissions for files and directories.

Viewing ACLs:

  • Use ls -l to see if a file has ACL permissions (indicated by a + at the end).
  • Use getfacl to view ACL details:

getfacl filename

Setting ACLs:

  • Use setfacl to manage ACLs:

setfacl [options] filename/dirname

  • Common Options:
    • -m: Modify ACL.
    • -x: Remove a specific ACL.
    • -b: Remove all ACLs.
    • -d: Set default ACLs.
    • -k: Remove default ACLs.
    • -R: Recursively set ACLs.
  • Examples:

setfacl -m u:st:r file

setfacl -m g:stg:rx file

setfacl -x g:stg file

setfacl -x u:st file

setfacl -b file

setfacl -dm u:user1:rwx,g:user1:rx dir

Reply Favorite View the author
All Replies

No replies yet