Practical 4: Perform an operation of operating system for File Permissions
2024, February 14
4. File Permissions Operations
In operating systems like those based on Unix, file permissions govern the actions that a user can perform on a file or directory. These permissions determine who can read, write, or execute a file, which are crucial for maintaining system security and data integrity. In Linux distributions such as Kali Linux, file permissions are often manipulated using the command line.
Introduction
File permissions are a set of rules that determine who can access a file and what they can do with it. In Linux, file permissions are divided into three categories: read, write, and execute. Each category has three levels of access: owner, group, and others. The permissions are represented by a series of ten characters, where the first character indicates the file type, and the next nine characters represent the permissions for the owner, group, and others.
4.1. Understanding File Permission Basics
Every file and directory in a Linux environment has associated permissions. These permissions affect three types of users: the file owner, the group members, and others. Permissions are denoted by a sequence of characters, for example, -rwxr-xr--. Additionally, permissions can be represented numerically, often referred to as the octal notation, such as 755.
- Read (r): Permission to open and read the file.
- Write (w): Permission to modify or delete the file.
- Execute (x): Permission to run the file as a program or script.
4.2. The chmod Command
The chmod (change mode) command is used to change the access permissions of file system objects. It can modify the rights for the owner, group, and others. Syntax to change permissions:
chmod [options] mode fileWhere mode specifies the permissions to be set. It can be specified in either symbolic or numeric format.
4.2.1. Understanding chmod Numeric Permissions
The numeric (octal) permission system for files and directories in Unix and Linux consists of three digits, each ranging from 0 to 7. Each digit represents a different class of users: the first digit for the owner's permissions, the second for the group's permissions, and the third for others' permissions.
4.2.2. Permission Values
Each type of permission (read, write, execute) is assigned a specific value:
- Read (r): 4
- Write (w): 2
- Execute (x): 1
To determine the numeric value for a set of permissions, sum the values of the desired permissions. For example, to allow read and execute (r-x), sum 4 (read) and 1 (execute) to get 5.
4.2.3. Common Permission Sets
Here are some common permission sets and their numeric codes:
- 7 (rwx): Read, write, and execute
- 6 (rw-): Read and write
- 5 (r-x): Read and execute
- 4 (r--): Read only
- 3 (-wx): Write and execute
- 2 (w-): Write only
- 1 (--x): Execute only
- 0 (---): No permissions
4.2.4. Examples of chmod in Action
Here are a few examples of how these permissions can be applied:
chmod 755 filenameThis command sets the permissions to read, write, and execute for the owner, and read and execute for the group and others (rwxr-xr-x).
chmod 644 filenameThis sets the permissions to read and write for the owner, and read only for the group and others (rw-r--r--).
4.2.5. Special Permissions
In addition to the basic permissions, there are also special permissions used in Unix and Linux:
- Setuid (4): When set on an executable file, allows the file to be executed with the permissions of the file's owner.
- Setgid (2): When set on an executable file, allows the file to be executed with the permissions of the file's group. When set on a directory, files created within the directory inherit the directory’s group ID.
- Sticky bit (1): When set on a directory, files within the directory can only be renamed or deleted by the file’s owner, the directory’s owner, or the root user.
To include these special permissions, prepend their value to the three-digit code. For example, chmod 1755 includes the sticky bit.
4.2.6. Using Symbolic Mode
Symbolic mode uses letters and symbols to change permissions:
chmod u+x filenameThis command adds execute permission to the user (owner) of the file.
4.2.7. Using Numeric Mode
Numeric (or octal) mode uses numbers to represent permissions:
chmod 755 filenameThis sets the permissions to read, write, and execute for the owner, and read and execute for the group and others.
4.3. Viewing Permissions with ls
The ls command, particularly with the -l option, is used to display the permissions and other information associated with files and directories:
ls -lThis will output the permissions, number of links, owner, group, size, date, and filename for each file in the directory.
4.4. Practical Examples
Example of setting multiple permissions simultaneously using symbolic mode:
chmod u+rwx,g+rx,o+r filenameThis command grants read, write, and execute permissions to the owner, read and execute permissions to the group, and read permission to others.
4.5. File Permission Demonstration Commands
Below is a step-by-step demonstration of changing file permissions using the chmod command. These commands will show how permissions can be modified and viewed.
4.5.1. Create a Test File
First, create a test file named testfile.txt:
touch testfile.txt
4.5.2. View Default Permissions
Check the default permissions set for testfile.txt:
ls -l testfile.txt
4.5.3. Change Permissions to Read-Only for Owner
Set the file permissions so that only the owner can read the file:
chmod 400 testfile.txtView the updated permissions:
ls -l testfile.txt
4.5.4. Allow Group Read Permission
Add read permission for the group:
chmod g+r testfile.txtView the updated permissions:
ls -l testfile.txt
4.5.5. Allow Others Execute Permission
Grant execute permission to others:
chmod o+x testfile.txtView the updated permissions:
ls -l testfile.txt
4.5.6. Set All Permissions Using Numeric Mode
Finally, set the file to be readable, writable, and executable by everyone:
chmod 777 testfile.txtView the final permissions:
ls -l testfile.txt
4.5.7. Clean up
If you want to remove the test file after experimenting, you can delete it:
rm testfile.txt
