File permissions / access mode in Unix
File ownership is an important component of Unix that provides a secure way to store files. All Unix files have the following properties to represent access rights to it (File Permission) :
Owners' access rights: The owner's access authority determines what actions the owner can perform on the file.
Group access permissions : The access permissions of the group determine what actions the user, group member owns the file, can perform on the file.
Other access permissions : Only actions that all users can perform on the file.
Signs of access rights
While using the ls -l command, it displays various information related to access permissions on the file as follows:
$ ls - l / home / amrood - rwxr - xr - 1 amrood users 1024 Nov 2 00 : 10 myfile drwxr - xr --- 1 amrood users 1024 Nov 2 00 : 10 mydir
Here, the first column represents different access modes, such as access permissions associated with a file or directory.
Access permissions are divided into three groups, where each position in the group represents a specific access authority, in order: read (r), write (w) and execute (x):
The first characters from 1 to 3 (2-4 in the range including the -) represent access permissions for file users. The -rwxr-xr-- example represents that the owner has permission to read (r), write (w), and run the program (x).
The next 3-letter group from 5-7 represents the right to group access to proprietary files. For example -rwxr-xr-- represents that the group has permission to read (r) and execute (x), but does not allow write (w)
The last 3-letter group from 8-10 represents other access powers. For example -rwxr-xr-- represents that someone in the world only allows reading (r).
Access mode to files in Unix / Linux
Access permissions of a file are the first line of protection in Unix systems. The basic building blocks in Unix access permissions are read, write and execute access permissions described below
1. Read:
Allow reading the contents of the file.
2. Remember:
Allows editing or removing content of the file.
3. Enforcement:
Users with executable access permissions can run a file as a program.
Access mode to the folder
The access modes to folders are listed and organized in the same way as in any file. There are a few differences that you need to keep in mind:
1. Read:
Access to a folder means that the user can read the content. Users can view the file names within a folder.
2. Remember:
Allows users to add or delete file contents of folders.
3. Enforcement:
Running a directory does not really mean much, so you only consider it a license to pass.
A user must have access to the bin directory to run ls or cd, for example.
Change access permissions in Unix / Linux
To change access permissions of files or folders, use the chmod command (short for change mode). There are two ways to use chmod: Symbolic Mode (Absolute Mode) and Absolute Mode.
Use chmode in symbolic mode
The easiest way for beginners to edit file or folder access permissions is to use symbolic mode. With this mode you can add, delete or define the set of permissions you want by using the following operators:
Chmod Operator Description + Add specified access permissions to a file or file - Remove specified access permissions from a file or folder = Set the specified access permissions.Here is an example using the testfile command. Running ls -1 on testfile indicates that file access permissions are as follows:
$ ls - l testfile - rwxrwxr - 1 amrood users 1024 Nov 2 00 : 10 testfile
Then each example of the chmod command from the previous table is run on testfile, followed by ls -l so you can observe changes in access permissions.
$ chmod o + wx testfile $ ls - l testfile - rwxrwxrwx 1 amrood users 1024 Nov 2 00 : 10 testfile $ chmod u - x testfile $ ls - l testfile - rw - rwxrwx 1 amrood users 1024 Nov 2 00 : 10 testfile $ chmod g = rx testfile $ ls - l testfile - rw - r - xrwx 1 amrood users 1024 Nov 2 00 : 10 testfile
Here is how you can connect these commands on a single line:
$ chmod o + wx , u - x , g = rx testfile $ ls - l testfile - rw - r - xrwx 1 amrood users 1024 Nov 2 00 : 10 testfile
Use chmod with absolute access permissions on Unix / Linux
The second way to modify access permissions with the chmod command is to use numbers to determine access permissions for the file.
Each access authority is assigned a value, as shown in the table below, and the sum of each access authority provides a number for that set of settings.
NumberRepresenting access authority in base system 8 Reference 0 Disallow --- 1 Allow execution --x 2 Allow -w- 3 write Allows execution and writing: 1 (execution) + 2 (write) = 3 -wx 4 Allow r-- read 5 Allow read and execute: 4 (read) + 1 (executable) = 5 rx 6 Allow read and write: 4 (read) + 2 (write ) = 6 rw- 7 Allow all: 4 (read) + 2 (write) + 1 (execute) = 7 rwxHere is an example of using testfile. Running ls -1 on testfile indicates that the access permissions of the file are as follows:
$ ls - l testfile - rwxrwxr - 1 amrood users 1024 Nov 2 00 : 10 testfile
Each example of the chmod command from the previous table is run on testfile, followed by ls -l so you can observe changes in access permissions:
$ chmod 755 testfile $ ls - l testfile - rwxr - xr - x 1 amrood users 1024 Nov 2 00 : 10 testfile $ chmod 743 testfile $ ls - l testfile - rwxr --- wx 1 amrood users 1024 Nov 2 00 : 10 testfile $ chmod 043 testfile $ ls - l testfile ---- r --- wx 1 amrood users 1024 Nov 2 00 : 10 testfile
Change owner and group in Unix / Linux
While creating a Unix account, it assigns a owner ID and a group property ID for each user. All access rights mentioned above are also assigned based on user and group.
The two commands available to change individual ownership and group ownership of the file are:
- chown: This command represents personal change (change owner).
- chgrp: This command represents group change (change group).
Change ownership in Unix / Linux
The chown command changes the ownership of a file. The basic syntax is:
$ chown user filelist
User value can be the name or ID of the user on the system. For example:
For example:
$ chown amrood $ testfile
Change the owner of the file to the owner of the amrood .
Note : Owners of root rights are not restricted to change the ownership of any file but ordinary owners can only change ownership of the files they own.
Change group ownership in Unix / Linux
The chrgp command changes the group's ownership of the file. The simple syntax is:
$ chgrp group filelist
The value of the group can be the name or group ID on the system. For example:
For example:
$ chgrp special testfile $
Change the owner of the selected group to the special group.
Access permissions SUID and SGID (personal and group ID settings) in Unix / Linux
Usually when a command is run, it will have to run with special privileges to perform its task.
As an example, when you change the password with the passwd command, the new password is kept in the / etc / shadow file.
When you are a regular user, you do not have access to read or write to this File for security reasons, but when you change the password, you need to have permission to write to this File. This means that the passwd program must give you additional permissions so you can record etc / shadow.
Additional permissions are provided to the program through a technique known as Setting User ID (Set User ID - SUID bit) and Setting Group ID (Set Group ID - SGID bit).
When you run a program that has SUID access, you use it to change the ownership of that program. Programs that do not set up SUID are running with user access permissions that start the program.
This is true for SGID. Common programs run with group access permissions, but instead, they only change the group ownership for the running program and not the other program's group.
The bits SUID bits and SGID bits will appear with the "s" character if access permissions are available. The "s" SUID bit will be placed in bit permissions, where the executing owner will have authority. For example, the following command:
$ ls - l / usr / bin / passwd - r - sr - xr - x 1 root bin 19031 Feb 7 13:47 / usr / bin / passwd * $
This indicates that the bit SUID is set and the command is owned by the original owner. The capital letter S in the executable position instead of lowercase s indicates that the executable bit is not set.
If sticky bit is allowed on the folder, the file can only be removed if you are one of the following users:
The owner of the sticky folder;
The owner of the file is removed;
Original owner
To set the bit SUID and SGID bits for any directory, try the following syntax:
$ ls - l / usr / bin / passwd - r - sr - xr - x 1 root bin 19031 Feb 7 13:47 / usr / bin / passwd * $
According to Tutorialspoint
Previous article: Managing folders in Unix / Linux
Next lesson: How to install Unix / Linux
You should read it
- Distribute file access with chmod command
- Network communication utilities in Unix / Linux
- Use variables in Shell
- Signal and Trap in Unix / Linux
- User management in Unix / Linux
- How to Change File Permissions on Windows 7
- Learn basic file access licenses in UNIX
- Basic file system in Unix / Linux
- What is Unix / Linux?
- File Management in Unix / Linux
- How to edit application permissions on Android
- How to access Safe Mode Windows 10 on startup
Maybe you are interested
US users can now access ChatGPT via 1-800-CHATGPT
How to Label Locations on Google Maps for Quick Access
How to access the hidden web browser on PS5
How to delete applications that grant access to Zalo
How to fix the error of not being able to access Canva super fast and simple
What can hackers actually do if they gain access to your Wi-Fi router?