Skip to content

Instantly share code, notes, and snippets.

@dat-adi

dat-adi/PermissionManagement.md

Created December 22, 2021 09:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dat-adi/443efd674c307cad1a440fc13c4c575e to your computer and use it in GitHub Desktop.
Save dat-adi/443efd674c307cad1a440fc13c4c575e to your computer and use it in GitHub Desktop.
Download ZIP
Notes taken on Permission Management in Linux.
Raw
PermissionManagement.md

Introduction

Before we get started, it is important to execute a command that shows us what we are working with.

ls -l

Executing it on a system's home directory, with a particular file gives us the following response,

-rwxr-x-r-x 1 dat-adi users 2048 Dec 6 12:56 example.sh

This is a command that provides us with a list of the various files present in the current directory and the properties of the file. And, we are going to be focusing on the sequence that we find at the start of this line.

What determines the type of a file?

The first character in the string -rwxr-xr-x is -. This character is used as a means to provide a distinction on the files that we are working with. In this case, it is a normal file.

If the file that we attempted to showcase was a directory, we would have the code as follows, drwxr-xr-x.

Similarly, the same rule applies for a symlink, which is a file that acts as a link to another file, lrwxr-xr-x.

How are files managed in the Unix Operating System?

The file management in terms of permission in the Unix Operating System is sorted by specifying which categories the particular file falls into, these are,

  • Read In this case, the specific file checks whether or not it is a readable file. If it is noted as a readable file for the particular user group, whoever wishes to access these files for reading can do so if they fall into that group. Otherwise, one cannot read the particular file.

  • Write Similar to the read operation, the specific file checks whether or not it is a writeable file. If it is noted as a writeable file for the particular user group, whoever wishes to access these files for writing can do so if they fall into that group. Otherwise, one cannot write to the particular file.

  • Execute Unlike the previous two operations, this property of the file determines whether or not the file can be executed as an application/script to be run in the computer. Allowing the script to run, is how we run programs in any Unix-based Operating System.

In the properties of the file, these are displayed as rwx. Where the - in the permissions means that the particular permission is not allocated to the group. Example: r-x where the file is readable and executable, but cannot be modified.

Access Control Lists

Each of these permissions can be allocated to a file.

Proceeding forward, they are implemented three different times, for the following categories,

  • User This is the category that the owner of the file falls into and what features of the file the owner can access.

  • Group This is the category that a group has over the file, and states what the file can perform, whether it be read, write or execute.

  • Owner This is the category that all other users fall into, and generally states what anyone can do with the file.

The format that we follow for ACLs and permission management is, rwxrwxrwx.

How do I change the permissions of these files?

A lot of the times, when we wish to modify the properties of files to be writeable or executable, we will need to invoke the superuser. This is because file permission management is not a property that is provided to users by default, for security reasons.

In this case, we call the superuser to avoid this restriction, and perform the file permission modification safely. The command that we use, is the change modifier command. In the Unix Operating System, this is the chmod command.

chmod +x filename.sh

If you can recall that the permission management is done in the format of rwx, you may be able to understand that there is a particular sequence to the permissions. That is, the binary format.

The method for analyzing whether the file has the required permission is done through the verification of whether a character exists in this place.

So, when we write the permissions to be r-x, it actually stands as a representation of 101 in binary code. Converting this into decimal provides us with the value 5.

So, a 777 converts into an rwxrwxrwx, which then converts into 111111111 understandable by computers.

An example of the utilization of this command for the previous example is,

chmod 777 filename.sh

Root and the files you should not modify.

The root of the computer resides at the / directory. This is where the core of the operating system resides, and all of these permissions are restricted to the user by default. Most of the time there is no need for the user to navigate to this directory unless there is a specific use case that they wish to implement that affects the computer as a whole.

The directory where all information of the various users are located is the /home directory.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment