File permissions / access mode in Unix

File ownership is an important component of Unix that provides a secure way to store files. All Unix files have the following properties to represent access rights to it (File Permission) :

Owners' access rights: The owner's access authority determines what actions the owner can perform on the file.

Group access permissions : The access permissions of the group determine what actions the user, group member owns the file, can perform on the file.

Other access permissions : Only actions that all users can perform on the file.

Signs of access rights

While using the ls -l command, it displays various information related to access permissions on the file as follows:

 $ ls - l / home / amrood - rwxr - xr - 1 amrood users 1024 Nov 2 00 : 10 myfile drwxr - xr --- 1 amrood users 1024 Nov 2 00 : 10 mydir 

Here, the first column represents different access modes, such as access permissions associated with a file or directory.

Access permissions are divided into three groups, where each position in the group represents a specific access authority, in order: read (r), write (w) and execute (x):

The first characters from 1 to 3 (2-4 in the range including the -) represent access permissions for file users. The -rwxr-xr-- example represents that the owner has permission to read (r), write (w), and run the program (x).

The next 3-letter group from 5-7 represents the right to group access to proprietary files. For example -rwxr-xr-- represents that the group has permission to read (r) and execute (x), but does not allow write (w)

The last 3-letter group from 8-10 represents other access powers. For example -rwxr-xr-- represents that someone in the world only allows reading (r).

Access mode to files in Unix / Linux

Access permissions of a file are the first line of protection in Unix systems. The basic building blocks in Unix access permissions are read, write and execute access permissions described below

1. Read:

Allow reading the contents of the file.

2. Remember:

Allows editing or removing content of the file.

3. Enforcement:

Users with executable access permissions can run a file as a program.

Access mode to the folder

The access modes to folders are listed and organized in the same way as in any file. There are a few differences that you need to keep in mind:

1. Read:

Access to a folder means that the user can read the content. Users can view the file names within a folder.

2. Remember:

Allows users to add or delete file contents of folders.

3. Enforcement:

Running a directory does not really mean much, so you only consider it a license to pass.

A user must have access to the bin directory to run ls or cd, for example.

Change access permissions in Unix / Linux

To change access permissions of files or folders, use the chmod command (short for change mode). There are two ways to use chmod: Symbolic Mode (Absolute Mode) and Absolute Mode.

Use chmode in symbolic mode

The easiest way for beginners to edit file or folder access permissions is to use symbolic mode. With this mode you can add, delete or define the set of permissions you want by using the following operators:

Chmod Operator Description + Add specified access permissions to a file or file - Remove specified access permissions from a file or folder = Set the specified access permissions.

Here is an example using the testfile command. Running ls -1 on testfile indicates that file access permissions are as follows:

 $ ls - l testfile - rwxrwxr - 1 amrood users 1024 Nov 2 00 : 10 testfile 

Then each example of the chmod command from the previous table is run on testfile, followed by ls -l so you can observe changes in access permissions.

 $ chmod o + wx testfile $ ls - l testfile - rwxrwxrwx 1 amrood users 1024 Nov 2 00 : 10 testfile $ chmod u - x testfile $ ls - l testfile - rw - rwxrwx 1 amrood users 1024 Nov 2 00 : 10 testfile $ chmod g = rx testfile $ ls - l testfile - rw - r - xrwx 1 amrood users 1024 Nov 2 00 : 10 testfile 

Here is how you can connect these commands on a single line:

 $ chmod o + wx , u - x , g = rx testfile $ ls - l testfile - rw - r - xrwx 1 amrood users 1024 Nov 2 00 : 10 testfile 

Use chmod with absolute access permissions on Unix / Linux

The second way to modify access permissions with the chmod command is to use numbers to determine access permissions for the file.

Each access authority is assigned a value, as shown in the table below, and the sum of each access authority provides a number for that set of settings.

NumberRepresenting access authority in base system 8 Reference 0 Disallow --- 1 Allow execution --x 2 Allow -w- 3 write Allows execution and writing: 1 (execution) + 2 (write) = 3 -wx 4 Allow r-- read 5 Allow read and execute: 4 (read) + 1 (executable) = 5 rx 6 Allow read and write: 4 (read) + 2 (write ) = 6 rw- 7 Allow all: 4 (read) + 2 (write) + 1 (execute) = 7 rwx

Here is an example of using testfile. Running ls -1 on testfile indicates that the access permissions of the file are as follows:

 $ ls - l testfile - rwxrwxr - 1 amrood users 1024 Nov 2 00 : 10 testfile 

Each example of the chmod command from the previous table is run on testfile, followed by ls -l so you can observe changes in access permissions:

 $ chmod 755 testfile $ ls - l testfile - rwxr - xr - x 1 amrood users 1024 Nov 2 00 : 10 testfile $ chmod 743 testfile $ ls - l testfile - rwxr --- wx 1 amrood users 1024 Nov 2 00 : 10 testfile $ chmod 043 testfile $ ls - l testfile ---- r --- wx 1 amrood users 1024 Nov 2 00 : 10 testfile 

Change owner and group in Unix / Linux

While creating a Unix account, it assigns a owner ID and a group property ID for each user. All access rights mentioned above are also assigned based on user and group.

The two commands available to change individual ownership and group ownership of the file are:

1. chown: This command represents personal change (change owner).
2. chgrp: This command represents group change (change group).

Change ownership in Unix / Linux

The chown command changes the ownership of a file. The basic syntax is:

 $ chown user filelist 

User value can be the name or ID of the user on the system. For example:

For example:

 $ chown amrood $ testfile 

Change the owner of the file to the owner of the amrood .

Note : Owners of root rights are not restricted to change the ownership of any file but ordinary owners can only change ownership of the files they own.

Change group ownership in Unix / Linux

The chrgp command changes the group's ownership of the file. The simple syntax is:

 $ chgrp group filelist 

The value of the group can be the name or group ID on the system. For example:

For example:

 $ chgrp special testfile $ 

Change the owner of the selected group to the special group.

Access permissions SUID and SGID (personal and group ID settings) in Unix / Linux

Usually when a command is run, it will have to run with special privileges to perform its task.

As an example, when you change the password with the passwd command, the new password is kept in the / etc / shadow file.

When you are a regular user, you do not have access to read or write to this File for security reasons, but when you change the password, you need to have permission to write to this File. This means that the passwd program must give you additional permissions so you can record etc / shadow.

Additional permissions are provided to the program through a technique known as Setting User ID (Set User ID - SUID bit) and Setting Group ID (Set Group ID - SGID bit).

When you run a program that has SUID access, you use it to change the ownership of that program. Programs that do not set up SUID are running with user access permissions that start the program.

This is true for SGID. Common programs run with group access permissions, but instead, they only change the group ownership for the running program and not the other program's group.

The bits SUID bits and SGID bits will appear with the "s" character if access permissions are available. The "s" SUID bit will be placed in bit permissions, where the executing owner will have authority. For example, the following command:

 $ ls - l / usr / bin / passwd - r - sr - xr - x 1 root bin 19031 Feb 7 13:47 / usr / bin / passwd * $ 

This indicates that the bit SUID is set and the command is owned by the original owner. The capital letter S in the executable position instead of lowercase s indicates that the executable bit is not set.

If sticky bit is allowed on the folder, the file can only be removed if you are one of the following users:

The owner of the sticky folder;

The owner of the file is removed;

Original owner

To set the bit SUID and SGID bits for any directory, try the following syntax:

 $ ls - l / usr / bin / passwd - r - sr - xr - x 1 root bin 19031 Feb 7 13:47 / usr / bin / passwd * $ 

According to Tutorialspoint

Previous article: Managing folders in Unix / Linux

Next lesson: How to install Unix / Linux