One of the important
features that make a operating system good is Security. Linux is considered One
of the secured Operating system. In this article we will see the basics of
security in Linux.
Normally in Linux we have 3
types of permissions that change the behavior of 3 entities.
The 3 types of permissions
are
'r'(Read ) : This
allows you to read, view, or open a file
'w'(Write) : This allows you to edit or delete the file
'x'(execute) : This allows you to run the file as a program if that is executable.
'x'(execute) : This allows you to run the file as a program if that is executable.
The 3 entities are
Owner: Owner is
the person who created the file. Most of the files in linux are owned by root
saying that the files are created by root user and not allowing other users to
modify of delete the files.
Group: Group is
nothing but users who are set under specific group. So when changing
permissions to groups, the users that belong to group are only affected leaving
other users intact.
Other: As the
name implies, the permission applies to everybody. We need to take care of this
entity as altering permissions for this without knowledge can lead to the
executing things by all users.Permissions on the file can
be viewed by using “ls –l” command in linux
Dev:vx2100:jbs002-jag $ ls
-alrt
drwxr-xr-x 6 djbs002
jksgrp 4096 Jul 26
2012 syslog-ng
-rw-r--r-- 1
djbs002 jksgrp 925 Nov 13 00:00 clean-logs.log
The format for the
permissions looks as “ _rwxrwxrwx
1 owner:group “.
In the above line, the first character represents a
file or a directory, Others including
|
|
|
|
-
|
Regular
file
|
|
d
|
Directory
|
|
l
|
Symbolic link
|
|
c
|
Character device
|
|
b
|
Block
special device
|
|
p
|
FIFO
|
|
s
|
Socket
|
The first 3 char (rwx) are the owner permission
The second 3 char (rwx) are group permissions
The last 3 char (rwx) are the user permissions
The next integer value is the number of hard links
to that file
The next one is the owner of the file (djbs002)
The next line is the group to while the file exists
(jksgrp)
Owner
and group Changes
Linux provides us utilities to change Owner and group
permissions on a file using “chown” and “chgrp” commands.
Create a file with a different user as
-rw-r--r-- 1 oracle
oinstall 0 Nov 14 15:01 test_file
Now we have create a file
with owner as “oracle”. In order to change the owner of the file to a different
user we can use
[root@localhost oracle]# chown root test_file
-rw-r--r-- 1 root
oinstall 0 Nov 14 15:01 test_file
The group also can be
changed using
[root@localhost oracle]# chgrp root test_file
[root@localhost oracle]# ll
-rw-r--r-- 1 root
root 0 Nov 14 15:01 test_file
Now both can be changed at
same time using,
[root@localhost oracle]# chown root.root test_file
[root@localhost oracle]# ll
-rw-r--r-- 1 root
root 0 Nov 14 15:05
test_file
Mode
Changes
There are two ways of
specifying the new permissions using chmod: symbolic and absolute.
Absolute mode deal with
numbers. Every file permission can be considered as numbers. We can use the
below values for setting permissions on the file.
------------------------------------------------------------------------------------------
| owner | group | everyone |
------------------------------------------------------------------------------------------
| read | write | execute | read | write |
execute | read | write | execute |
------------------------------------------------------------------------------------------
| 400
| 200 |
100 | 40
| 20 |
10 | 4
| 2 |
1 |
------------------------------------------------------------------------------------------
If you have a file names
test_file
[root@localhost oracle]# ll
-rw-r--r-- 1 root
root 0 Nov 14 15:05
test_file
We can see the file
permissions are read & write for owner, read to group and read to others.
Now if we want to remove the read permission to the group and other we can do
as,
Take owner read and write
values as 400+200=600.Since we are disabling the permissions for both group and
everyone we don’t add those values.
We can use the “chmod”
command for providing the permissions as
[root@localhost oracle]# chmod -R 600
test_file
Once we check the
permissions we can see as
[root@localhost oracle]# ll
-rw------- 1 root
root 0 Nov 14 15:05 test_file
Similarly if we want to add
or delete specific permissions we can add values from the above diagram and use
them with the chmod command.
Octal
mode
We can also use octal
representation for add/modify and delete permissions. We can use the table,
|
Octal number
|
Symbolic
|
Permission
|
|
0
|
---
|
none
|
|
1
|
--x
|
execute
|
|
2
|
-w-
|
write
|
|
3
|
-wx
|
write/execute
|
|
4
|
r--
|
read
|
|
5
|
r-x
|
read/execute
|
|
6
|
rw-
|
read/write
|
|
7
|
rwx
|
read/write/execute
|
So if we have to give a
user read/write/execute (octal 7 = rwx), group read/execute
(octal 5 = r-x), and other read only (octal 4 = r--)
for the file test_file we can use
chmod 754 test_file
Relative mode
In
this mode we change permissions that are not based on numbers and we have
entities , operators and permissions in this. The below diagram tell give us
the
|
Option
|
Description
|
|
a
|
user,
group, and other access
|
|
g
|
group
access
|
|
o
|
other
access
|
|
u
|
user
access
|
|
+
|
add
specified permissions to the group, other, or user category of the specified
files
|
|
-
|
remove
specified permissions from the group, other, or user category of the
specified files
|
|
=
|
set
the specified permissions for the group, other, or user category of the
specified files
|
|
r
|
read
permission
|
|
s
|
set
userid or groupid when executed
|
|
w
|
write
permission
|
|
x
|
execute
permission
|
We will use the above
options as defined in the diagram. These options can be used in changing the
permissions on a file as
[root@localhost oracle]# ll test_file
-rw-r--r-- 1 oracle
oinstall 0 Nov 14 15:09 test_file
Add execute permission to
all
[root@localhost oracle]# chmod a+x test_file
[root@localhost oracle]# ll
test_file
-rwxr-xr-x 1 oracle
oinstall 0 Nov 14 15:09 test_file
Remove read and write
permission to other on a file
[root@localhost oracle]# chmod o-rw test_file
[root@localhost oracle]# ll
test_file
-rwxr-x--x 1 oracle
oinstall 0 Nov 14 15:09 test_file
A few other examples
include
chmod u+x filename # adds
execute permissions to the file's owner
chmod ug+w filename # adds
write permissions to the file's owner and group
chmod a=rx filename #
creates a 555 permission from scratch
In the next lesion we will
see about other access permission like setgid,setuid and sticky bits.
No comments :
Post a Comment