180 likes | 310 Views
Understanding File Listing, Ownership and Permission. Overview In any operating system, there are files, whose access has to be limited only to certain users like owner of the file or users of a specific group etc. In order to make files secure and organized, file permissions have to be set.
E N D
Overview In any operating system, there are files, whose access has to be limited only to certain users like owner of the file or users of a specific group etc. In order to make files secure and organized, file permissions have to be set. Lessons Covered in this lesson 1. Understanding File Listing, Ownership and Permission Module 3 – Understanding File Listing, Ownership and Permission
Introduction Linux is a multi-user system where users can assign different access permission to their files. Access permissions can be set per file for owner, group and others on the basis of read (r), write (w) and execute permissions (x). Topics Covered in this Lesson File Permissions and Access Types of Access Who has to Access to a File? Access Control Lists Lesson 1 - Understanding File Listing, Ownership and Permission
Topic 1 – File Permissions and Access File permissions specifies about the details like who have the access to file and what type of access the user has. Each file is owned by a particular user. However, files are also owned by a particular group, which is a defined group of users of the system. Types of permissions r – read w –write x –execute
In Linux, every file or folder has access permissions. There are three types of permissions. read access write access execute access Limitations of access permissions If the file is read only it cannot be writable and the directory should have execution permission to open the directory. Example: -rw-r--r-- Topic 2 - Types of Access
By default the linux system assigns certain permissions to a newly created file. Displaying the umask Default file permissions Displaying the default umask value
Default file permissions Changing the umask To change the default umask use the command Syntax # umask <umask value> Example: umask 004
Textual representation of "-rwxr--r--" It consists of 10 characters. The first character shows the file type. Next 9 characters are permissions, consisting of three groups: owner, group and others. Each group consists of three symbols: rwx, if some permission is denied, then a dash "-" is used instead. Example: -rwxr--r--
If a numeric representation is used, then it is in the octal format with the base of 8, and digits involved are 0 to 7. Octal format is used for the simplicity of understanding, every octal digit combines read, write and execute permissions together. Respective access rights for owner, group and others are the last three digits of the numeric file permissions representation. Here, ‘1’ stands for execute only, ‘2’ stands for write only, ‘4’ stands for read only. Numeric (octal) representation
Difference in access permissions for files and folders Difference in access permissions for files and folders
Topic 3 – Who has Access to a File? The owner and the root have the main access rights over a file. In the above example, the first column gives the access permissions to the user, group and others. The second column shows the user or owner of the file. The third column shows the group to which the file belongs.
An access control list (ACL) is an object that contains entries specifying the access that individual users or groups of users have to the file. Using the chmod command the user can set permissions to owner, group or others. Setting ACL using Setfacl: setfacl - set file access control lists Topic 4 - Access Control Lists
Topic 4 - Access Control Lists Getting ACL using getfacl The getfacl displays the file name, owner, the group, and the Access Control List (ACL). Syntax # getfacl <filename> Snapshot showing getfacl
Topic 4 - Access Control Lists Copying ACL The acl’s can be copied to any files, for which the files get the same acl permissions from its source file. Syntax getfacl <acl filename> | setfacl --set-file= - <filename>
Exercise : In this lab you have to use useradd, usermod, chmod and chgrp commands to restrict the user to their department directory. Perform the following steps. Create users, john, sam, tom, peter, joe, Mathew, and steve Create the following groups with the group IDs as give below and use -g option Group GID ----- ----- sales 10000 hr 10001 web 10002 Lab Exercise Contd…
Add users to the following group by using usermod command with –G option add john, sam to sales group add tom and peter to hr group add joe and mathew to web group add steve to all group Login as each user and use the id command to verify that they are in the appropriate groups Create a directory called /depts with a sales, hr, and web directory with in the /depts directory. Lab Exercise
Lab Exercise Change group ownership of each directory to the group that matches with it. Set the permission on the /depts directory to 755 and each subdirectory to 770. Set the sgid bit on each departmental directory so that files created within those directory owned by the appropriate group. Check by logging in as each user and creating or altering files in each of the directories. Only Steve should be able to enter all directories
Summary File permissions protect user files from accessing by other users The file system can be accessed by the owner and has the control over the attributes and access to a file A file attribute contains the basic and extended permissions that control access to the file Question and Answer Session Conclusion