Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux Permissions ● Meryll Larkin - that's me ● Why you are here: – You do this at work or want to – General curiosity - want to learn – Your first choice.

Published byNickolas Wilkerson Modified over 8 years ago

Similar presentations

Presentation on theme: "Linux Permissions ● Meryll Larkin - that's me ● Why you are here: – You do this at work or want to – General curiosity - want to learn – Your first choice."— Presentation transcript:

1 Linux Permissions ● Meryll Larkin - that's me ● Why you are here: – You do this at work or want to – General curiosity - want to learn – Your first choice workshop was full – To heckle ● Any burning questions you need answered? ● I'll make sure to get to them. ● Additional info? Shout it out!!!!

2 Linux Permissions Topics chmod advanced permissions sticky bits umask chattr selinux acls

3 chmod ● http://en.wikipedia.org/wiki/Chmod http://en.wikipedia.org/wiki/Chmod ● ls -l displays permissions ● There are 3 file permissions, they are: ● r w x - read, write, execute ● r - Read the file. ● w - Write or edit the file. ● x - Execute or run the file as a program, ● OR cd into a directory

4 chmod symbolic notation ● Horrible Hugo u-g-o ● uU ● u - User who owns the file. ● gG ● g - Group that owns the file. ● oO ● o - Other. ● aA ● a - All - u and g and o combined. ● Examples: ● chmod a+x allow all to execute ● chmod g+r allow group to read ● chmod o-w remove write from other

5 chmod numeric notation ● read = 4 ● write = 2 ● execute = 1 ● read + write = 6 ● read + execute = 4 ● read + write + execute = 7 ● chmod 755 directory ● chmod 660 file

6 details ● Who can change a file's permissions? ● Who can change a file's ownership? ● Who can delete or rename a file/dir? ● Can you add a user to a group? ● * need to use usermod -aG ● rather than usermod -G ● * also ok to add directly to /etc/group

7 details - answers ● the owner and root ● only root ● anyone with write permission to the file which always includes root ● (of the native environment).

8 stickybit = chmod +t ● view as “t|T” (lc if x is included) in perms. Always in the right-most column. ● historically it was used to keep a script in memory file owner ● today it is used to prevent anyone except the file owner from deleting or renaming a file or directory that is INSIDE the dir with the stickybit. Empty dir with sticky is removable. ● chmod 1777 /home/sbooth/FORANYONE

9 chmod +s aka setuid setgid ● chmod 2775 ● rwxrwsr-x /export/share ● preserves the group inside the directory with +s set. ● Caveat: ● Directory is subject to inheritance ● Can't effect those already in the dir ● (see named pipe)

10 chmod sticky, suid, sgid numeric ● chmod 1775 drwxrwxr-t sticky ● chmod 2775 drwxrwsr-x 2=SGID ● chmod 3775 drwxrwsr-t 3=SGID & sticky ● chmod 4775 drwsrwxr-x 4=SUID (owner) ● chmod 5775 drwsrwxr-t 5=SUID & sticky ● chmod 6775 drwsrwsr-x 6=SGID & SUID ● chmod 7775 drwsrwsr-t 7=SUID & SGID plus sticky

11 umask ● A way of setting DEFAULT chmod in advance ● Can be set in.profile, scripts, or env variables but only lasts as long as those processes. ● umask is the opposite of chmod in numerical values. Example: ● umask 0022 = chmod 0755 ● (based on 7 being full permission) ● show example

12 chattr ● Neither sticky nor setuid preserve the content of the file - suppose that is what you want to do? ● requires root authority ● chattr does NOT show up in permissions ● lsattr to display ● show example

13 chattr ● + add attribute ● - remove attribute ● = set as only attribute * ● chattr +i set immutable ● chattr +a set append only ● chattr +u set undeletable ● * The 'e' attribute indicates that the file is using extents for mapping the blocks on disk. It may not be removed using chattr(1).

14 acls ● Displayed as a plus sign to the right of permissions ● rwxrwxrwx+ ● Might see this in a samba directory ● Will definitely see on partition where mount originates on Windows server ● See when AD controls permissions ● setfacl, getfacl

15 getfacl ● getfacl filename ● # file: filename ● # owner: root ● # group: hum_res ● user::rwx ● user:csaroyan:rwx ● group::rwx ● mask::rwx ● other::---

16 setfacl ● setfacl -m user:lsweets l:rwx not_hum_res ● setfacl --help ● id

17 selinux ● a dot on the right side of permissions indicates that the file is protected by selinux ● rwxrwxrwx. ● if you want to know if selinux is preventing you from file access: ● sestatus ● ls -Z ● ls --scontext ● sealert -b

18 Linux Permissions ● What else could block you from ● reading/writing/executing if the permissions look right? ● answers: ● a corrupted file system, damaged hd ● a file system mounted read-only (check /etc/fstab) ● you are root but mounted fs has different root

19 Linux Permissions End ● Thanks for your attention and especially your participation! ● I created a few scripts so to give you a “sample set” of users so you can try out permissions and how they work on your own laptop or test machine. They should found in the same place where you downloaded this presentation. ● Happy hacking!

Download ppt "Linux Permissions ● Meryll Larkin - that's me ● Why you are here: – You do this at work or want to – General curiosity - want to learn – Your first choice."

Similar presentations

MORE FILE ATTRIBUTES. ls –l to display file attributes (properties) Listing of a specific directory Ownership and group ownership Different file permissions.

MORE FILE ATTRIBUTES. ls –l to display file attributes (properties) Listing of a specific directory Ownership and group ownership Different file permissions.
Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
Engineering Secure Software. Linux File Permissions  Each file and directory has bits for.. Read, Write, Execute: rwx Files: works as it sounds  Directories:

Engineering Secure Software. Linux File Permissions  Each file and directory has bits for.. Read, Write, Execute: rwx Files: works as it sounds  Directories:
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang
Linux Linux File System.

Linux Linux File System.
UNIX Chapter 08 File Security Mr. Mohammad Smirat.

UNIX Chapter 08 File Security Mr. Mohammad Smirat.
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.

Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2.

LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2.
Using Linux Commands Lab 4. Using the Shell in Linux Commands Syntax  Options: could be added to the commands to change their behavior (-a, -la, --help)

Using Linux Commands Lab 4. Using the Shell in Linux Commands Syntax  Options: could be added to the commands to change their behavior (-a, -la, --help)
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.

File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.
Chapter 3.3: Filesystem Security 1. General Definitions Files and folders (directories) are managed by the operating system Applications, including shells,

Chapter 3.3: Filesystem Security 1. General Definitions Files and folders (directories) are managed by the operating system Applications, including shells,
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.

Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
Linux Directory Navigation. File & Directory Commands This is a minimal list of Unix commands that you must know for file management: ls (list) mkdir.

Linux Directory Navigation. File & Directory Commands This is a minimal list of Unix commands that you must know for file management: ls (list) mkdir.
CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.

CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.

Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.

Similar presentations

Ads by Google