What Is Required To Control Access To The File

Linux file access permissions reference

Introduction

Linux file access permissions are used to control who is able to read, write and execute a certain file. This is an of import consideration due to the multi-user nature of Linux systems and every bit a security mechanism to protect the critical organisation files both from the individual user and from any malicious software or viruses. Access permissions are implemented at a file level with the appropriate permission fix based on the file owner, the group owner of the file and world broad access. In Linux, directories are too files and therefore the file permissions utilise on a directory level as well, although some permissions are applied differently depending upon whether the file is a regular file or directory.

As devices are also represented as files then the same permissions commands tin exist applied to admission to certain resources or external devices.

The grouping mechanism provides each user with a default group (also known as a main group), but so allows the users to be added to additional groups. This allows users to exist given the appropriate level of access past creating a group for each department or job function, restricting access to those groups.

The default grouping for each user is determined by the set-upward of the system. This is normally configured to create a grouping with the same proper name as the username that but that user is a fellow member of. This is the most secure default every bit it ways that at that place are no other users with default admission. An alternative is to accept a default group that all users take when created.

The access permission design allows a good amount of flexibility in what permissions tin be applied. For example it is possible to restrict access to the possessor; make files publicly viewable only but editable by the owner and also to apply different permissions based on a group (eastward.g. members of the aforementioned department). There also besides features that can also be used to give permissions as though some other user (suid). If something beyond the standard file permissions is required then admission command lists tin be used instead (ACLs). The employ of ACLs is less ordinarily used and they are not discussed in detail here.

Dissimilar types of users

Usernames vs. userid and group names vs. groupid

For most of this document I will refer to users and groups by their names. This is the most common and user-friendly style of agreement file permissions. It should however be noted that behind the scenes this is stored as numerical userids (uid) or groupids (gid). The translation from uid / gid is handled by the operating system and the reference stored on the disk is the numerical id. This is non normally important on a unmarried system, simply it should be considered when transferring files using an archiving tool (eg. tar) or when moving a disk from one system to another. If the usernames / groupnames have a different numerical uid / gid then access may be given where it is not expected, or rejected where information technology is required.

The translation betwixt username and userid (uid) is stored in the /etc/passwd file, and the translation from groupname to groupid (gid) is in the /etc/group file. The /etc/passwd file also includes the users main (default) group and the /etc/group file includes all users that are members of each grouping (although does not listing the user where that is their primary group).

The root user (superuser)

There is a special user on each system with unlimited access to the arrangement. This user has username and groupname of root and the numerical uid and gid of 0. This user is required to let administrative actions that are not granted under the other users and for certain daemons that have full access to the organization. This user is defined by the uid - so multiple superusers could be created by creating multiple entries with this uid. This is not recommended equally information technology provides a potential security result (see sudo below for the recommended method of providing root access to normal users).

Depending upon the setup and whether physically on the figurer or access information technology remotely it may or may non be possible to login directly as root. It is strongly recommended not to login equally root unless it is admittedly necessary due to the risk of adventitious deleting of import information.

su and sudo

When logging on to a Linux figurer you lot will normally have user level privileges. To elevate to root user access the commands su or sudo are used. These can really be used to switch to any user, merely it is virtually unremarkably used when root privileges are required. The commands su and sudo are run on the control line, but there is a graphical version called gksudo. When access is required in a graphical application and so it will usually be ready-up to prompt for the appropriate hallmark automatically. Alternatively it is sometimes possible to correct click on an application icon and cull "Run equally adminstrator" or "Run as root".

Linux gksudo Run as adminstrator

su- The su command is ordinarily used where the user knows the countersign of the user that they wish to run as. By default this will switch to the root user and the control is often (incorrectly) referred to as the superuser control. If a username is entered on the command-line then information technology will change to that user instead. If y'all are already running as root (perhaps through su already) so information technology will not prompt for a countersign.

The '-' (hyphen) tin be used to also accept the user settings as (eastward.g. search path) too as privileges.

The command syntax is:

su [-] [username]

The post-obit screenshot shows a user switching to the superuser. Note that the root password is entered, not the users password.

          stewart@linuxserver1:~$ su -  Password:   root@linuxserver1:~#

sudo - The sudo command tin can be used every bit an alternative to the su command, and on some systems in used exclusively (due east.g. Ubuntu). The sudo command can be much more than flexible than su, depending upon how it is configured. For example sudo can be configured to restrict administrator privileges to certain commands and could fifty-fifty exist configured and so that the user is not required to enter a password when using sudo (careful thought needs to be made as to the security of the awarding and whether an unattended session could let someone to gain access permissions). Where sudo requests the user to enter a password this is commonly their ain password rather than the root password (Ubuntu and some other distributions take this further by not having a root password meaning that root admission can merely exist obtained through sudo).

One time the user has authenticated themselves using sudo information technology will normally take a period of fourth dimension where sudo can be run without having to re-enter the countersign. This is particularly useful when used with another feature of sudo that allows commands to be run directly rather than irresolute the permission of the shell session. For example the following instance is often used on Ubuntu to install a new application:

sudo apt-get install applicationname

If y'all wish to run a shell session instead then either the shell should exist run on the command-line e.g.

sudo fustigate

or the -s switch used.

sudo -due south

In the case below the user is required to cosign the beginning time then run sudo, but can then run subsequent commands without having to re-authenticate. The countersign given is the users ain password and not the root password.

          stewart@linuxserver1:~$ sudo ls /etc/security            [sudo] countersign for stewart:            access.conf  limits.conf     namespace.init  pam_env.conf   time.conf  grouping.conf   namespace.conf  opasswd         sepermit.conf    stewart@linuxserver1:~$ sudo ls /etc/security  access.conf  limits.conf     namespace.init  pam_env.conf   time.conf  group.conf   namespace.conf  opasswd         sepermit.conf  stewart@linuxserver1:~$

Notation I have made the text bold and added a blank infinite to show the same command existence run twice. The countersign was requested when the command was kickoff run, but not on subsequent runs using the sudo command every bit it volition call back recent authentications.

To run a command as a user other than root the -u username switch is used before the command.

The configuration of sudo is contained inside the /etc/sudoers file.

The following show some of the sudoers configuration options. Note that the admin or bike groups are usually used to restrict who can run sudo but this is a popular convention rather than a rule. It is possible to use whatsoever groupname, or sudo can be configured by listing the authorised users in the sudoers file.

A farther advantage of sudo is that user access is logged which may be required equally a security characteristic on a server with multiple adminstrators. For security and configuration options sudo is usually preferred over su.

The following extract allows root or members of the admin grouping to su to whatever other user.

          # User privilege specification  root    ALL=(ALL) ALL    # Members of the admin group may gain root privileges  %admin ALL=(ALL) ALL

User permission on files

Having discussed the different types of users and groups these are so practical to files based on the file permissions. This does not just use to data files, but can be applied to directories to determine who can change to the detail directory and to commands to restrict who can run that control.

File Structure (Inodes)

To understand the manner that permissions work it is often useful to understand how the file permissions are stored on the disk. This gets a little technical so if you don't feel prepare for this feel gratis to skip to the side by side section on file permissions.

Each file on disk has 2 parts. The Inode which describes the file and the information blocks that actually hold the data. The file permissions are contained within the Inode for the file.

The following information is kept within the Inode:
Size of file
Permissions
Date & time of creation
Date & fourth dimension of terminal modification
Link count

It is the Inode that is referenced by the operating organisation when determining if a user has the relevant permissions.

Directories exist as links to the Inodes of all the files (or other sub-directories) contained inside that directory. This is shown below;

Directory structure on the disk
Directory construction on the disk

File Permissions

The file permissions can be seen past using the ls command with the -50 (long list pick) as shown below

          ls -50  total 0  -rwxr-xr-ten i stewart stewart   0 2009-01-30 17:00 executable  -r--r--r-- 1 stewart stewart   0 2009-01-30 xvi:58 read-only-all.txt  -rw-rw-r-- 1 stewart engineers 0 2009-01-30 16:59 read-write-group.txt

From the ls output the file permissions tin be seen at the left.
These are the first 10 characters of the file entry. The first character relates to the file type then the remaining are in three groups of 3 characters relating to the unlike access types.

These permissions are applied to (left to correct)
user - the owner of the file
group - a group of people, e.g. a project team or department
others - anyone else that has a login to the figurer

These are so split into 3 different permissions, that of being able to:

read	- Expect at the contents of a file / find out what files are in a directory  write 	- Change or delete the contents of a file / create or remove files in a directory  execute - Can execute (run as a program) a file / tin change to the directory or copy from the directory.

These are laid out equally follows (note these are the first 10 characters of the ls -50 display):

Linux file access permissions
Admission permission layout

If the entry is filled in then it is in touch on. If it is dashed out '-' and so it does non apply.

There are also further permissions that tin be set, yet these are more advanced and are explained later. As well note that root can override nearly of the permissions.

Irresolute File Permissions (chmod)

Assuming that y'all are either the owner of the file or root it is possible for you lot to change the permissions of a file to either add or remove permissions. This is washed using the chmod (alter style) command.

The chmod command can be used in one of ii ways. The Symbolic Format or the octal format. Symbolic is useful for new users as it is easier to use, notwithstanding if effort is made to understand the octal format then it tin be a powerful and quick way of changing file permissions.

The basic format of the command is:

chmod manner filename

Information technology is only the format of the mode parameter that is different when using the different permission formats.

In symbolic format permissions are added or deleted using the following symbols

u  =  owner of the file (user)  m  =  groups possessor  (grouping)  o  =  anyone else on the organization (other)    + =  add permission  - =  remove permission    r  =  read permission  w = write permission  x  = execute permission

For example to add write access to the group the following command is used:

chmod thousand+w file1

In Octal format the mode is based upon a octal number representing the different mode permissions, where each of the permission groups (user, grouping, others) has an octal value representing the read, write and execute $.25. This requires a lilliputian bit of noesis on binary or octal number bases. The format is actually octal (merely this tin be likened to 3 split up binary to decimal conversions for each of the user/group/all permissions). The principal benefits of using octal format is that all the permissions are gear up at the same time and the control is much shorter than if all the permissions were fix using the symbolic format.

          User    Grouping   Others  Symbolic    rwx     rw-     r--  Binary      111     110     100              4+2+i   four+ii+0   4+0+0  Octal       7       6       four

The above file would have the octal number 764 and would therefore be inverse using the command

chmod 764 file1

An alternative way of working out the octal values is to add the following numbers depending upon the permission required.
Read = iv
Write = 2
Execute = 1

Therefore if you wanted to gear up read to yes, write to no and execute to aye, this would exist 4+1=five

Setuid, setgid and the sticky bit

So far nosotros have covered the most common file permissions that users volition demand to be familiar with. At that place is a further set of permissions that gives more functionality across that of the standard permissions. These are the setuid and setgid options, and the sticky bit. These are shown by ls inside the normal file permissions by replacing the execute bit is normally shown by replacing it with S, s, T or t as appropriate.

A lower case south is used where the execute bit is on, and an upper case S where the execute bit is non set.
When used on an executable file this will brand the command run equally the possessor of the file (often root) rather than the person that launched the awarding. This is required where a regular user needs to run a program that needs to access files that can merely be read/written to by root. For case the passwd command which needs to access the protected shadow password file:

          $ ls -50 /usr/bin/passwd  -rwsr-xr-ten 1 root root 37084 2009-04-04 06:49 /usr/bin/passwd

It can however be a security risk if it is set up on a command that either has a way that users can run other commands (equally they volition likewise run as root), or if there is a problems in the application.

The setgid scrap is like to the setuid bit, but is assault the group permissions. This means that a command will run as the group that owns the file rather than the user's default grouping.

The pasty bit is used to restrict who can delete a file in a directory. When viewing using ls it replaces the earth execute permission with a lower case t if the execute bit is ready on, and an upper example T if the execute bit is off. When this is fix on a directory then simply the owner of a file (or root) can delete a file within that directory. This is used in the /tmp directory to allow users to create temporary files, but cease anyone other than that user from deleting the temporary file.

          ls -ld /tmp  drwxrwxrwt 20 root root 413696 2009-08-14 fifteen:39 /tmp

To ready any of these special permissions using the octal format then an additional digit is used before the rest of the octal number. This is created the same as another octal value using setuid, setgid, sticky in place of rwx.

For instance the octal number 4755, would set the setuid bit (4) and the rest of the permissions equally per the passwd command shown previously.

Changing the file possessor (chown)

The owner and group possessor of a file is ordinarily ready to the user and default group of the person that created the file.

The possessor or group can be changed using the chown (change possessor) control.

The format is equally follows:

chown user:group filename

Setting default permissions (umask)

The default permission for new files created depends upon the umask value.

Umask works by restricting what permissions are given to a file when it is created by a new program. If the program tries to give total permissions and then the umask volition restrict what permissions are actually gear up. If nevertheless the programme requests permissions that are less than the umask then umask volition not add whatever additional permissions.

The mask works by applying the negative of the umask setting anded with the permissions requested. In outcome performing an AND NOT against the umask value.

This is set in the /etc/contour or /etc/bashrc for all users, but can be inverse in the users ~/.bashrc

The umask should be prepare as a inverse mask of the permissions required.

For example the umask of 077 will mean that the group and all users take no permission.