Learn Linux - Chapter - 7 - Ownership and Permissions
This article is originally posted on Peerlyst.
In the last chapter we learnt about working with files and directories, you can read it here. Now we are going to learn about Ownership and Permissions in Linux.
Linux is a multi-user operating system. Multiple users can access the same system. It would be chaos if any user can access and read/modify/delete files of other users. Hence Linux has a built-in security feature called permissions. Permissions make sure that only a desired user can access and modify files. The security of files is ensured through the concept of "ownership" and "permissions" in Linux.
Ownership:
To manage permissions properly, Linux uses the concept of user, group, and other.
Each file/directory in Linux has three types of ownership. They are user, group, and other.
Let us explore a bit about user, group, and other.
User:
The user, when he creates a file/directory, is the owner of that file/directory. Each user is given a username, password, userid, groupid, home directory, and a shell.
You will get a list of all the users with some details in the file /etc/passwd. At the prompt you can type cat /etc/passwd to list the users with some associated details.
For example on my system the entry for user basheer is as follows
[basheer@Linux-Box ~]$ cat /etc/passwd | grep basheer basheer:x:1000:1000:Basheer Ahmed Khan:/home/basheer:/bin/bash [basheer@Linux-Box ~]$
Let us dissect it.
There are seven fields. Each field is separated by a colon.
1 - User name, this is the name we use for logging in to the system. The username should be between 1 to 32 characters in length.
2 - Password, the value x tells us that the password is encrypted and stored in a separate file /etc/shadow.
3 - User ID (UID), every user is assigned a user id. UID 0 is the root user id. 1 to 999 are reserved for system and administrative account. Hence as i'm the first normal user, my id is 1000.
4 - Group ID (GID), every user is assigned a group. By default a group with the same name as the username is created with the same GID number as the UID for that user. You can see from the above line that my UID and the GID are the same ie 1000. This entry in the /etc/group will be basheer:x:1000:
5 - Comment, here extra information about the user is stored like Full Name, Address, Phone number etc.
6 - Home Directory, this is the directory created by default with the username as the directory name and when the user logs in, he lands in this directory. This directory is created in /home by default. For example /home/basheer is my home directory.
7 - Shell, this is the default shell.
Group:
Every user by default is associated with a group. Each group is given a group name and groupid. A group can have zero or more users. A user can be a member of many groups. All users belonging to a group will have same access permissions to the file/directory. Adding multiple users to a group is very handy when a set of users is working on a project and everyone needs access to a particular file. You can set the group permission to the file and all the members in the group can read/modify the file. Apart from the group members no one else can read/modify the file.
Note: When a user is created, by default a group with the same name as the user and the same id as the userid is created.
You will get a list of all the groups in the file /etc/group. On my system the entry for group basheer is as follows
[basheer@Linux-Box ~]$ cat /etc/group | grep basheer basheer:x:1000: [basheer@Linux-Box ~]$
Let us dissect it.
There are three fields and each field is separated by a colon. Unlike the entry in /etc/passwd, here there is an extra colon at the end of the line. This is just in case you have multiple users. You can add users separated by a comma.
1 - Group name.
2 - Password, the value x tells us that the password is encrypted and stored in a separate file /etc/gshadow.
3 - Group id
Note: On my system we have basheer as username and groupname and 1000 as userid and groupid. This is the default groupname and groupid which got created when we created user basheer.
Other:
A user who has access to the file which he did not create and he does not even belong to the group which has the file access permissions. When you set the permissions to a file for other, this means you set the file/directory access permissions to the world. This practically means every user can access the file/directory.
Permissions:
Three types of permissions can be set to a file/directory for all the three type of owners.
Read, Write, and Execute.
Read:
This permission allows you to open and read a file and list the contents of a directory.
Write:
Write permission allows you to modify the contents of a file. Write permission on a directory allows you to add, remove, and rename files stored in a directory.
Execute:
Unless and until you don't have an execute permission set to a program file, you will never be able to run that program. Execute permission on a directory allows you to cd into it.
Let me list my home directory.
[basheer@Linux-Box ~]$ ls -l total 104952 drwxr-xr-x. 2 basheer basheer 6 Nov 1 02:47 Desktop drwxr-xr-x. 13 basheer basheer 4096 Jan 27 19:30 Documents drwxr-xr-x. 2 basheer basheer 6 Jan 28 00:31 Downloads drwxr-xr-x. 2 basheer basheer 6 Nov 1 02:47 Music drwxr-xr-x. 3 basheer basheer 208 Jan 27 19:29 Pictures drwxr-xr-x. 2 basheer basheer 6 Nov 1 02:47 Public drwxr-xr-x. 2 basheer basheer 6 Nov 1 02:47 Templates drwxr-xr-x. 2 basheer basheer 6 Nov 1 02:47 Videos
[basheer@Linux-Box ~]$
As we can see the first directory entry is
drwxr-xr-x. 2 basheer basheer 6 Nov 1 02:47 Desktop
Let us dissect the first field which has the permissions.
drwxr-xr-x.
d - denotes that Desktop is a directory owned by user basheer.
After d comes the actual permissions. There are three sets for user, group, and other.
In the above example the permissions are rwx for user, r-x for group, and r-x for other.
In simple words we can say that
- User basheer has read, write and execute permission to the directory Desktop. This means user basheer can list, rename, delete, add files or directories in it.
- Users belonging to group basheer can list the contents of the directory and can cd into it.
- And others can also list the contents of the directory and cd into it.
In the next section of this chapter we will learn about chown and chmod commands to change the ownership and setting file access permissions.
This series is an attempt to make aspiring cyber security professionals gain good knowledge of Linux.