8 More File Operations & File Permissions

Mr. Hardik Joshi

epgp books

 

1. Introduction

 

In the previous module we discussed the Linux file system structure and some basic operations performed on files and directories. In this module we will continue our discussion on files and various file attributes like security permissions, owners, date of modification, etc. Linux being a server operating system, file permissions provide a way to secure the data of one user from others users and user groups by means of access control. In this module we will discuss various permissions provided by the OS, ways to modify the permissions and some other file attributes. Let us begin our discussion with the security of Linux system.

 

2. Overview of Users and Groups

 

Linux is a network operating system; file security is the first level of security provided by the operating system. Let us first understand the concept of users and groups of Linux system.

 

In Linux, everyone who can log-in is considered as a user. Let us imagine that each student is provided a log-in account. Linux identifies each user by a unique user-id (UID). A special user called super-user is considered as the administrator of the operating system. The super -user has maximum privileges than any other normal user. Users can be combined together to form a group. We can also imagine that a class of students belongs to a common group. There can be different groups like staff, faculty, and students. Each group can contain one or more users. The advantage of grouping users is that we can enforce a common security rule applicable to all the users within a group. For example, we can easily disable all the users of students group when the semester gets over. Each group is uniquely identified by a group-id (GID). A user may belong to multiple groups at a time. If a user is not assigned to any group then the system creates a group with the same name as user- id. We will explore the commands to create users and groups in future modules. A schematic diagram illustrating the relationship between users and groups is shown in Figure 1.

Figure 1: Linux Users and Groups

 

In Linux, groups command will display the group of a specified user. Similarly, id command displays user-id and group-id of the user.

Usage: groups <user_name>

The above snapshot illustrates that a user Demo belongs to Group1

Note:

  • 1) The details of all users existing in the system are stored in the file /etc/passwd. To see the details type the command more /etc/passwd. The format of file is : Username:Encrypted Password:UID:GID:User Info:Home Directory:Default Shell
  • 2) The details of all groups existing in the system are stored in the file /etc/group.

3 File and Directory Security

 

Linux provides three levels of security to all the users. The permissions required by a user are

  • Login permission by providing username and password
  • Directory access permissions to enter his default working directory
  • File permissions to perform various operations on a file like reading a file, appending a file or to execute a file.

There are 3 basic permissions required to perform any operation on a file or a directory. The permissions are read, write and execute which can be enforced on individual users (owners of the file/directory), group of users and all other users. We can provide read/write/execute permission or a combination of these permissions to a file or a directory. Figure 2 illustrates the permissions triplet.

Figure 2: Users and Permissions

 

The system uses specific symbolic codes to denote permissions, operations and on whom the permissions are applied. The list of symbolic codes is illustrated in Table 1.

 

In Linux, by applying long directory listing you can see 10 characters. The first character shows the file type. Next 9 characters are permissions, consisting of three groups: owner, group, others. Each group consists of three symbols: rwx (in order), if some permission is denied, then a dash “-” is used instead. Example:

The above snap-shot illustrates the use of getfacl command. The access control list is used to determine access permissions of any object like file or a directory. When a user makes a request to perform some operation on a file or a directory, the system internally checks the FACL, if the request made by the user is valid then the user is given permission to perform the corresponding operation.

 

File Permissions:

 

File permissions can be granted to owner, group and all others. The three basic permissions of a file are read, write and execute. The r (read) permission means we can see the contents of that file, including opening the file with an application such as vi  editor. It also allows copying a file. The w(write) permission means that we can make changes to the file. If we do not have the write permission to a file when opening it in vi, the file will be opened as read-only. If we make changes to it, we will have to save the file using a new name. A file with write permissions can be deleted. If we have write permission to a file but do not have read permission, we will not be able to open that file with a text editor such as vi. Instead, will get an access denied error message. The x (execute) permission means we can run(execute) that file by typing its name at a command prompt. In most of the cases, programs, utilities and scripts contain execute permission. If we try to execute a text file, we will get an error message. The absence of any permission is represented by a ‘-‘. Table 2 summarizes the file access permissions.

The snap-shot shown below illustrates file permissions. There are 5 text files in the directory “MyDir”, file1.txt is granted all permissions to owner, group and others whereas file2.txt is granted all permissions to owner and group. file5.txt is granted all the permissions to the owner but only read and execute permissions to group.

 

Directory Permissions:

 

Directory permissions are similar to file permissions except that they are applied to directories rather than files.

 

The r(read) permission allows to list the files in a given directory. It allows seeing the contents within the directory. If we do not want someone else to see the contents of a directory, it can be achieved by removing the read permissions from that directory. The w(write) permission allows to add or delete entries in a directory. This allows us to create, delete or copy a file in that directory. We can also create or delete sub-directories within that directory. The x(execute) permission makes that directory permissible to navigate. The cd command will allow us to move to a directory with execute permission. Table 3 summarizes the directory access permissions.

 

4 Modifying File Permissions (chmod)

 

In the previous sections we discussed the permissions associated with files and directories, users can change these permissions. The system creates files or directories with some default permissions, if a user wants to modify the permissions it can be done using chmod command. There are two ways to use the chmod command:

 

1)Symbolic Codes (Generally used to modify existing permissions)

2) Octal Notations (Generally used to assign new permissions by removing the previous)

 

chmod using Symbolic Codes:

 

Symbolic codes are mentioned in table 1, operators are used to modify the permissions. Assignment operator(=) is used to set any permission, plus sign (+) is used to add permissions, minus (-) sign is used to remove the permissions, while using +/- operators the previous permissions are preserved. The syntax of chmod command is :

 

Usage:

  • chmod -options modes <file/directory>
  • Some of the widely used options are as follows:
  • -f       Do not display a diagnostic message if chmod could not modify the mode for a file or directory
  • -R   Recursively change the permissions of directories and their contents.
  • -v Cause chmod to be verbose, showing filenames as the mode is modified. Modes can be octal digits or text characters. Mode specifies the type of permission applied to a particular file or directory.

Illustration:

 

In the following snap- shot, the execute (x) permission is applied to file1.txt to users/owners (u) and group (g). We used the option ug+x to perform the mentioned operation.

The use of assignment operator (=) removes all previous permissions and grants the new permissions. Such kind of operation is called absolute permission assignment whereas +/- operation is called relative permission assignment as it makes modifications to the original permissions. Let us see another example that shows the difference between = and + operations.

 

Illustration:

In the following snap-shot, file1.txt has write (w) permission for others, by issuing chmod o=x command the write permission is removed and a new execute (x) permission is assigned whereas by issuing chmod o+w command the previous permissions are sustained and a new write (w) permission is added for others. It must be noted that by changing the permissions for others, owners permissions are not affected.

 

command chmod using Octal Notation:

 

Linux and Unix are programmers friendly operating system, there are more convenient ways to use chmod command. Administrators use octal notation more frequently than using symbolic codes. Octal notations start from 0 to 7, it means that the permissions can range from 0 to 7. Octal number 4 indicates read(r), 2 indicates write(w), 1 indicates execute(x) and 0 indicates no permissions. We can combine various permissions by summing up these numbers. For example 7 (4+2+1) indicates read, write and execute permissions whereas 5 (4+1) indicates read and execute permissions respectively. It must be noted that that octal notation removes all the previous permissions and assigns new permissions. Table 5 illustrates the permissions in octal notations.

 

Illustration:

In the following snap-shot, you can see that by using 000 with chmod, all permissions on file1.txt are removed, later we assigned 763 permission to file1.txt. Here 763 indicates 7(rwx for owner), 6(rw for group) 3(wx for others) different levels of permissions for user/owner, group and others.

Note: You can apply the same permissions to all files recursively. The option -R is used with chmod command to apply recursive permissions. For example the following commands apply execute permission to all files for others.

$chmod -R 001 *

OR

$chmod -R o+x *

 

5 Changing the Owner (chown)

 

Every file has its owner, by default the creator a file is considered as the owner. The system stores the information of owners as one of the file attributes. At times it becomes necessary to change the owner of any file, you will face such situations when a file is copied from one user’s account to some other user’s account. The chown command is used to change the owner of any file.

 

Usage:

chown options <new_owner>  <file>

 

The above snap-shot illustrates the use of chown command, you may notice that earlier file test.txt was owned by Demo user belonging to the group Group1, after issuing the chown command, the owner of the file is Temp who belongs to the group Group1. The chown command can be applied recursively to all files using -R option.

 

6 Changing the Group (chgrp)

 

The chgrp command is similar to chown command, it allows to change the group of any file without changing the owner. The below snap-shot illustrates the use of chgrp command where the group of file test.txt is changed from Group1 to wheel. Note that the root user belongs to wheel group.

 

Usage:

chgrp options <new_group>  <file>

 

7 Changing Default permissions (umask)

 

Each user has a default set of permissions given by the administrator or generated by the operating system. When we create a file or a directory using vi, there are some default permissions existing with the file. You may experiment by creating a file and viewing the permissions with ls -l command. There is a command umask provided by the system to view the default permissions. The permissions are represented in octal notation, we studied earlier. In most of the cases umask command shows 022 as default permissions.

 

When we create a new file, the permissions that are applied to that new file are set by the system based on that individual’s file creation mask. This creation mask is called umask (user’s creation mask) and is defined in the default settings for a particular user. The mask indicates the octal numbers for the permissions that are to be denied from the default value whenever user creates a file or a directory. The default values for a directory are 777 and for a file are 666. Table 7 illustrates mask values and different permissions for file and directory.

 

 

Hence, a umask value of 022 for a file indicates that the owner has read, write permissions whereas group and others have read permissions. So if our umask value is 022, then any new files that are created will, by default, have the permissions 644 (666 – 022). Likewise, any new directories will, by default, be created with the permissions 755 (777 – 022).

 

8 Changing Time-stamps of a file (touch)

 

The filesystem stores creation time, modification time and last access time for each file. From the earlier section you might have observed that ls -l command displays the last modification time of the files. We can change the time-stamp of a file using touch command. The command can change modification time or access time of any file, options allow you to enter your own time-stamp (by default it takes system time). This command can also be used to create an empty file.

 

The following snap -shot illustrates the use of touch command, where the file time-stamp is changed to the current system time.

 

Keywords

Octal notation, symbolic notation, sticky bit, mask

Commands: chmod, chgrp, chown, getfacl, id, groups, setgid, setuid, touch, umask

 

Summary

 

Let us summarize the key concepts covered in this module

  • Linux provides access privileges using the notion of users and groups.
  • Files and directories have read, write and execute permissions.
  • Permissions of files and directories can be modified using chmod command.
  • The owner of a file, group of a file can be changed used chown and chgrp commands.
  • Default permissions of a file or directory can be set using umask command.
you can view video on More File Operations & File Permissions

References:

 

[1] Jain, 100 Shell Programs in Unix. Pinnacle Technology, 2009.

[2] Garrels, Bash Guide for Beginners (Second Edition). Fultus Corporation, 2010.

[3] Isrd, Basics Of Os Unix And Shell Programming. Tata McGraw-Hill Education, 2006.

[4] Seebach, Beginning Portable Shell Scripting: From Novice to Professional. Apress, 2008.

[5] Foster-Johnson, J. C.Welch, and M. Anderson, Beginning Shell Scripting. John Wiley & Sons, 2007.

[6] Robbins and N. H. F. Beebe, Classic Shell Scripting: Hidden Commands that Unlock the Power of Unix. O’Reilly Media, Inc., 2005.

[7] Peters, Expert Shell Scripting. Apress, 2009.

[8] G. Venkateshmurthy, Introduction to Unix and Shell Programming. Pearson Education India, 2005.

[9] Festari, Learning Shell Scripting with Zsh. Packt Publishing Ltd, 2014.

[10] Newham, Learning the bash Shell: Unix Shell Programming. O’Reilly Media, Inc.,2005.

[11] Rosenblatt and A. Robbins, Learning the Korn Shell. O’Reilly Media, Inc., 2002.

[12] E. S. Jr, Linux Command Line. NO STARCH Press, 2012.

[13] Blum and C. Bresnahan, Linux Command Line and Shell Scripting Bible. John Wiley & Sons, 2015.

[14] Blum and C. Bresnahan, Linux Command Line and Shell Scripting Bible. John Wiley & Sons, 2015.

[15] Lakshman, Linux Shell Scripting Cookbook. Packt Publishing Ltd, 2011.

[16] Tushar, Linux Shell Scripting Cookbook. Packt Publishing Ltd, 2013.

[17] O. Burtch, Linux Shell Scripting with Bash. Sams, 2004.

[18] K. Michael, Mastering Unix Shell Scripting: Bash, Bourne, and Korn Shell Scripting for Programmers, System Administrators, and UNIX Gurus. John Wiley & Sons, 2011.

[19] Johnson, Pro Bash Programming: Scripting the Linux Shell. Apress, 2009.

[20] Veeraraghavan, Sams Teach Yourself Shell Programming in 24 Hours. Sams Publishing, 2002.

[21] Parker, Shell Scripting: Expert Recipes for Linux, Bash and more. John Wiley & Sons, 2011.

[22] F. A. Johnson, Shell Scripting Recipes: A Problem Solution Approach. Dreamtech Press, 2007.

[23] Verma, Unix and Shell Programming. Laxmi Publications, 2006.

[24] A. Forouzan and R. F. Gilberg, UNIX and Shell Programming: A Textbook. Brooks/Cole-Thomson Learning, 2003.

[25] P. Kanetkar, Unix Shell Programming. BPB Publications, 2002.

[26] Sanchez-Clark, Unix Shell Scripting Interview Questions, Answers, and Explanations: Unix Shell Certification Review. Equity Press, 2007.

[27] Taylor, Wicked Cool Shell Scripts: 101 Scripts for Linux, Mac OS X, and Unix Systems. No Starch Press, 2004.