X

Rate Us :



Share with Friends :

Menu

Permission :

To access any resource we require different types of permissions (read, write, execute) for owner, group owner and others.

Types of permissions :-

  • Basic file permission




  • Advance file permission




  • Access Control List (ACL)




  • File and directory attributes :

    Linux/Unix files have 8 attributes :

    [root@localhost~]#ls -l <file_name or dir_name> This command is used to display file or directory information. Example : [root@localhost~]#ls -l file1 Output : -rw-r--r-- 1 root root 46 2016-01-25 12:20 file1 - => Type of document [- for file and d for directory] rw-r--r-- => Permission 1 => Link [shortcut] root => owner root => group owner [owner's primary group] 46 => size [in bytes] 2016-01-25 12:20 => Last modification date & time file1 => file name Note : Only the owner or root can change or modify the permission.

    Access Level :


    rwx rwx rwx => Permission rwx - owner(u) rwx - owner's primary group(g) rwx - others(o)

    Access Mode :


    Symbolic Mode Absolute Mode r 4 w 2 x 1 rwx 4+2+1=7

    The default file permission in absolute mode : 6 4 4


    rw- r-- r-- 6 4 4 owner group others

    The default directory permission in absolute mode : 7 5 5


    rwx r-x r-x 7 5 5 owner group others

    The default administrator home directory permission in absolute mode : 5 5 0


    r-x r-x --- 5 5 0 owner group others

    Full permission in absolute mode : 7 7 7 [least security]


    rwx rwx rwx 7 7 7 owner group others

    Modifying the permission :


    [root@localhost~]#chmod <permission/weight> <file_name or dir_name> This command is used to change the files and directories permission for owner, group owner and others. Option :


    Category u g o
    Operators + - = Permission r w x Weight 4 2 1 Add new permission => + Remove a permission => - Override with default permission => =

    Changing the permission of a file :


    Create a file - [root@localhost~]#cat > file1 To check default file permission - [root@localhost~]#ls -l file1 Create a user - [root@localhost~]#useradd algouser Change the file permission in symbolic mode - [root@localhost~]#chmod o+w file1 [Providing write permission to others(o)] Login with the user - [root@localhost~]#su - algouser Add some data to the file - [algouser@localhost~]$cat >> file1 To logout - [algouser@localhost~]$exit

    Changing the permission of a directory :


    Create a directory - [root@localhost~]#mkdir dir1 To check default directory permission - [root@localhost~]#stat dir1 Change the directory permission in absolute mode - [root@localhost~]#chmod 777 dir1 [Providing full permission to all users] Change the directory permission in symbolic mode - [root@localhost~]#chmod ugo=rwx dir1 [Providing full permission to all users] Change the directory permission in absolute mode - [root@localhost~]#chmod 000 dir1 [Providing no permission to all users]

    Changing the owner of a file or directory :


    [root@localhost~]#chown <user_name> <file_name or dir_name> This command is used to change the owner of a file or directory. Create a directory - [root@localhost~]#mkdir dir1 Create a user - [root@localhost~]#useradd algouser To check the directory owner - [root@localhost~]#ls -ld dir1 To change the owner of the directory - [root@localhost~]#chown algouser dir1 [only one user gets permission at a time]

    Changing the group owner of a file or directory :


    [root@localhost~]#chgrp <group_name> <file_name or dir_name> This command is used to change the group owner of a file or directory. Create a directory - [root@localhost~]#mkdir dir1 Create a group - [root@localhost~]#groupadd algogroup Add users (secondary members) to the group - [root@localhost~]#useradd -G algogroup user1 [root@localhost~]#useradd -G algogroup user2 [root@localhost~]#useradd -G algogroup user3 To change the group owner of the directory - [root@localhost~]#chgrp algogroup dir1 To add write permission to the group - [root@localhost~]#chown g+w dir1 [only one group gets permission at a time]

    Access Control List(ACL) :

    Basic file permission can be applied on the owner, owner's primary group and others.

    ACL are created to configure different permissions for different users or groups.

    ACL can be implemented only on ACL enabled partitions.

    For RHEL (Red Hat Enterprise Linux) version 5 onwards by default every partition is coming with ACL.

    To apply Access Control List for users or groups - [root@localhost~]#setfacl -m u:user1:---,u:algouser:rwx,algogroup:--x /opt To check - [root@localhost~]#su - user1 [user1@localhost~]$cd /opt [permission denied] [user1@localhost~]$exit [to logout] To check permission for user and group in ACL - [root@localhost~]#getfacl /opt To remove user and group from ACL - [root@localhost~]#setfacl -x u:user1,algouser,g:algogroup /opt