Learn about expanding the features of filesystem associated with many types of permissions.
- [Instructor] Welcome to the fourth video of section three. Working with File Permissions, Ownerships, and the Sticky Bit. In the previous video, we've learned how to find and delete duplicate files. In this video, we'll walk through the different use cases of working with file permissions, ownership, and the sticky bit. File permissions and ownership are one of the distinguishing features of Unix/Linux file systems such as extended file, system extended FS. In many circumstances while working on Unix/Linux platforms, we come across issues related to permissions and ownership.
In Linux systems, each file is associate of many types of permissions. Out of these permissions, three sets of missions, user, group, and others are commonly manipulated. The user is the owner of the file. The group is the collection of users defined by the system administrator that are permitted some access to the file. Others are entities other than the user or group owner of the file. Permissions of a file can be listed using the ls -l command. The first column of the output specifies the following with the first letter corresponding to dash.
If it's a regular file, d if it's a directory, c for character device, b for blocked device, l if it's a symbolic link, s for socket, p for pipe. The rest can be divided into groups of three letters each. The first three characters correspond to the permissions of the user, owner. The second set of three characters corresponds to the group. And third set of characters corresponds to the permissions of others. Each character in the nine character sequence, nine permissions specifies whether a permission is set or unset.
If the permission is set, a character appears in the corresponding position. Otherwise, a dash character appears in that position. Which means that the corresponding permission is unset, unavailable. Let's take a look at what each of these three character sets means for the user group and others. User, permissions string, rwx. The first letter in the three letter specifies whether the user has read permission for the file. If the read permission is set for the user, the character r will appear as the first character.
Similarly, the second character specifies write modify permission, w. And the third character specifies whether the user has executed x permission, the permission to run the file. The execute permission is usually set for executable files. The user has one more special permission called SetUID, s which appears in the position of execute, x. The SetUID permission labels an executable file to be executed effectively. An example for a file with SetUID permission is -rws.
The read, write, and execute permissions are also applied to the directories. However, the meaning of read, write, and execute permissions are slightly different in the context of directories as follows. The read permission, r, for this directories enables reading the files and subdirectories in the directory. The write permission for our directory enables creating or removing files in directories from a directory. The execute permission, x, specifies whether the access to the files and directories in directory is possible or not. Group permission string ---rwx---.
The second set of three characters specifies the group permissions. The interpretation of permissions rwx is the same as permissions for the user. Instead of SetUID, the group has SetGID s bit. This enables the item to run an executable file with an effective group as the owner group. But the group which initiates the command may be different. An example of group permission is ----rws---. Others permission string ------rwx.
Other permissions appear as the last three character set in the permissions string. Others have the same read, write, and execute permissions as the user and group. But does not have permission, s, such as SetUID or SetGID. Directories have a special permission called a sticky bit. When a sticky bit is set for a directory, only the user who created the directory can delete files in the directory. Even if the group and others have write permissions. The sticky bit appears in the position of the execute character x in the others permission set.
It's represented by character T or uppercase T. The T character appears in the position of x, if the execute permission is unset and the sticky bit is set. If the sticky bit is set and the execute permissions are set, the character T appears in the position of x. For example, a typical example of a directory with sticky bit turned on is /tmp. In each of the ls -l output lines, these string sline x sline x corresponds to the owned user and owned group.
Here, the first sline x is user and the second sline x is the group owner. Let's see how to do it. In order to set permissions for files, we use the chmod command. Assume that we need to set permission rwxrw-r-- This could be set using chmod as follows here. u, specifies user permissions, G, specifies group permissions, O, specifies others permissions.
Use plus to add permission to a user group or others and minus to remove the permissions. Add the executable permission to a file which is already having a permission rwxrw-r-- as follows. This command adds the x permission for others. Add the executable permission to all permission categories that is for user group and others as follows. Here, a means all. In order to remove mission, use minus.
For example, alternatively permissions can also be noted by three digit octal numbers. In which each of the digits corresponds to user group and other in that order. Read, write, and execute permissions have unique octal numbers as follows. We can get the required combination of permissions by adding the total octal values for the required permission sets. For example, the permission rwxrw-r--- in the numeric method is as follows.
Therefore rwxrw-r-- is equal to seven six four. And the command for setting the permissions using octal values is. Let's go some through some additional tasks that can be performed for files and directories. Changing ownership. In order to change ownership of files use the chown command as follows. For example, here, slinex is the user as well as the group.
Setting sticky bit. The sticky bit is an interesting type of permission applied to directories. By setting the sticky bit, it restricts only the user owning it to delete the files even though group and others may have sufficient permissions. In order to set the sticky bit, +t is applied on a directory with chmod as follows. Applying permissions recursively to files. Sometimes it may be required to recursively change the permissions on all of the files and directories inside the current directory. This can be done as follows.
The minus capital R options specifies to apply change to a mission recursively. We have used dot to specify the path as the current working directory. It's equivalent to applying ownership recursively. We can apply the ownership recursively by using the -R flag with the chown command as follows. Running an executable as a different user SetUID. Some executable needs to be executed as a different user other than the current user initiates the execution of the file.
Effectively whenever they are executed by the file paths such as dot slash executable underscore name dot a. Special permission attribute for files called SetUID permission enable effective execution as the file owner when any other user runs the program. First, change the ownership to the user that needs to execute it and then log in as the user. Then run the following command. Now it executes effectively as the root user end every time. SetUID is restricted such as SetUID won't work for scripts but only for Linux ELF binaries.
This is a fix for ensuring security. Also, in this video, we learned about working with file permissions, ownership, and sticky bit. In the next video, we'll learn about making files immutable.
Note: This course was created by Packt Publishing. We are pleased to host this training in our library.
- Printing in the terminal
- Performing math in the Linux shell
- Getting and setting dates
- Working with functions and arguments
- Reading output
- Making comparisons
- Concatenating text
- Finding, editing, generating, and deleting files
- Running parallel processes
- Using regular expressions
- Downloading webpages
- Parsing data from a website
- Finding broken links
- Backing up and archiving
- Transferring files and data through the network
- Monitoring your Linux system
- Gathering data for system administration