RHCSA: Red Hat Permissions
Here is part 3 of the learning Red Hat sessions. This is an overview of everything permissions based.
You will learn about
- How to find permissions
- File Permissions
How to find file and file system permissions
There are a number of different ways to find out file permissions in Linux.
One of my favourite Linux commands is the stat command.
Stat – gives you detailed information about the file permissions.
There are a number of operator parameters to refine the stat command
display filesystem status instead of file status
use the specified FORMAT instead of the default
print the SELinux security context
print the information in terse form
output version information and exit
The LS command
Every Linux administrator has used this command before. It is used to list the contents of a directory, but it also displays a great number of information about permissions.
The command gives you the read/write/execute permissions for the Owner / Group / Everyone. The permissions are given in the octal format.
- 4 = read
- 2 = write
- 1= execute
- (add them up to get the octal value)
A Sticky bit is a permission bit that is set on a file or a directory that lets only the owner of the file/directory or the root user to delete or rename the file.
Sticky bits are very useful on sFTP servers when multiple users have access to a files system. Files can be written to directory by anyone, but only the owner can remove the files.
The sticky bit is represented by a full stop (period) .
drwxrwxrwt. 14 root root 4096 Jan 22 07:24 /tmp
chmod is a command to change the permissions of a file. the command and system call which is used to change the access permissions of file system objects. It is also used to change special mode flags. The request is filtered by the umask. The name is an abbreviation of change mode.
chmod 754 myfile
The Chown command is used to change the owner/group of a file or folder.
Change the owner of a file
chown root testfile1
Change the group of a file
chown :wheel testfile2
Change owner and group of a file
chown rich.bailey:sysadim testfile3
Default permissions – When a file or directory is created it has to have some set of default permissions. Linux by default assigns Read and Write permissions on the user, group, and other sets, for files, but does not assign any execute permissions. Directories, however, get assigned Read, Write and Execute permissions to all sets by default
Masking – Default permissions are fine, but it would be tedious to change them for every new file created.
Masking directories – Directories are similar – we just add the execute bit into the default. Remember that directories need the execute bit so a user can navigate into the directory. 777 – default
Setting the mask can be done using the umask command. umask is not persistent. It can be set for a specific task in a script, meaning that all new files created during the script will have their permissions masked differently than the default.
Two files – /etc/profile and /etc/bashrc control the umask settings for both interactive and login shells. Note that the method they do so contains a conditional statement – so root and other system accounts have a different umask from normal user accounts