Linux File Permissions Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

In a multi- user environment security of user, data and system information is very important. Access should be granted only to users who need to access the data. One such multi-user environment is Linux. Linux is a server OS and efficient file security is built right into Linux. Though the security does create problems for novice users, the benefits that Linux provides dominate its problems. Most of the user queries are due to incorrect file permissions or just because a user ignores the fact that the file permissions do not allow access to navigate on the file.[1]

In Linux, security permissions are provided by combining two separate concepts.

In Linux permissions may be set on directories (folders) or files. Permissions of files are slightly different than they are for directories, but their representation is always the same. Doing a directory listing in the long format (ls -l) will quickly reveal permissions on files and sub-directories. These permissions are represented with a series of letters preceding the user name, the group name, and the filename. These letters are d, r, w, x, t, and s (or S). [2]

In a typical Linux system every user belongs to three categories. These are the user account, the group account, and everyone not covered by the user or group, called 'others. Every user irrespective of the category will have a login id and password to login to the Linux system.

Linux files are setup with different role based access and the access to them is controlled. There are several basic permissions that can be set on any object in Linux. Objects typically mean files or directories. The different file permissions are: - [3] [2]

All permissions are broken down into three categories: those that apply to the user, those that apply to the group, and those that apply to others. The user is the owner of the file or directory. The group corresponds to one of the groups in the /etc/group file, and consequently those permissions apply to every member of that group. The others are everyone not covered in either the user or group definitions [2]

[3]File permissions are shown according to the following syntax example: drwerwerwe

There are a total of 10 characters in this example, as in all Linux files. The first character indicates the type of file, and the next three indicate read, write, and execute permission for each of the three user types, user, group and other. Since there are three types of permission for three users, there are a total of nine permission bits. The table below shows the syntax:

1

2

3

4

5

6

7

8

9

10

File

User Permissions

Group Permissions

Other Permissions

Type

Read

Write

Execute

Read

Write

Execute

Read

Write

Execute

d

r

w

e

r

w

e

r

w

e

Character 1 is the type of file: - is ordinary, d is directory, l is link.

Characters 2-4 show owner permissions. Character 2 indicates read permission, character 3 indicates write permission, and character 4 indicates execute permission.

Characters 5-7 show group permissions. Character 5=read, 6=write, 7=execute

Characters 8-10 show permissions for all other users. Character 8=read, 9=write, 10=execute

There are 5 possible characters in the permission fields. They are:

r = read - This is only found in the read field.

w = write - This is only found in the write field.

x = execute - This is only found in the execute field.

s = setuid - This is only found in the execute field.

If there is a "-" in a particular location, there is no permission. This may be found in any field whether read, write, or execute field [3]

Setting File Permissions :-

Only a file owner and root can set or change permissions on a file or directory. Permissions can be set or modified using two main programs:

chmod

chown

[2]chmod changes the file or directory permissions and chown changes the ownership. You can use chmod in a number of ways the shorthand way is perhaps the easiest. In this manner you specify a plus or minus sign depending on whether you wish to add or revoke a privilege proceeded by the character indicating whether the change should apply to the user, group or other. More than one character can be specified. For Example:

chmod ug-w

will revoke the write permission for both the user and the group. 's' is used for the set uid and set gid, and 't' is used for the sticky bit. For instance:

chmod g+s

will set the group id on the target and

chmod +t

will set the sticky bit for the target.

One can also use octal notation for file changes. In this system the permissions are represented by a series of four numbers. The first number is the suid, sgid or sticky bit indication, the second number is the user indicator, the third is the group indicator, and the last is the other indicator. The first number corresponds to the following layout:

------------------------------------------

| 0 | Nothing

------------------------------------------

| 1 | Sticky bit is set

------------------------------------------

| 2 | Setgid is set

------------------------------------------

| 3 | Setgid and sticky bit are set

------------------------------------------

| 4 | Setuid is set

------------------------------------------

| 5 | Setuid and sticky bit are set

------------------------------------------

| 6 | Setuid and setgid are set

------------------------------------------

| 7 | Setuid, setgid, and sticky bit set

------------------------------------------

In this schema the sticky bit (value 1), the sgid (value 2) and setuid (value 4) always add up to form the correct permission. For instance, a value of 6 (4+2) indicates sgid and setuid, while a value of 3 (2+1) indicates the sticky bit and sgid are set.

The other permissions are set using the following designation:

------------------------------------------

| 0 | No Permissions

------------------------------------------

| 1 | Execute

------------------------------------------

| 2 | Write permissions

------------------------------------------

| 3 | Write and execute

------------------------------------------

| 4 | Read

------------------------------------------

| 5 | Read and execute

------------------------------------------

| 6 | Read and write

------------------------------------------

| 7 | Read, write, and execute

------------------------------------------

Using the combination of four number designations, the first for sticky/suid/sgid, the second for user, the third for group and the fourth for other you can create complex permissions quite tersely. Consider the following example:

chmod 1660

Will set the sticky bit, give the user read and write, the group read and write and no permissions to others.[2]

Nuances:-: -[2] File permissions are assigned in a hierarchical order. The system examines the file permissions starting with the user permissions, then the group permissions and finally the owner permissions. The privilege checking halts on the first match. This means that one could potentially have a situation where a file owner doesn't have read access to the file, but s/he is a member of the group that does have read access to the file. In this scenario the user would be denied read permissions since the first privilege set that matched was the user set. This problem can be eliminated by using Access Control List.[2]

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.