The basics of security within the file system must begin with setting Linux Permissions at the command line using the tool chmod. In this article we show the use of the tool but very often, you will want to list the permissions directory after. We will show you how setting permissions at the cli will also allow you to list them once set.
Linux file permissions make up the very basics of any security model and is known as the file mode. Hence the command chmod or change mode is used in setting these permissions. The file mode is stored within the file’s inode or metadata. The magic number being 3 within the mode, we have 3 modes that can be applied to 3 objects. Included as part of the file mode, but separate from the permission, is identifying the file type, (regular file, directory, link etc).
Permissions:
- Read
- Write
- Execute
Objects:
- User
- Group
- Others
File Types
- Regular files
- Directories
- Links
- Sockets
- Pipes
- Block devices
- Character devices
To list the permissions in Linux we can use the command ls or the command stat.
$ ls -l /etc/hosts -rw-r--r-- 1 root root 228 Aug 22 2018 /etc/hosts
This standard file in any Linux distribution becomes an easy way to see the permissions. We can also use stat
$ stat -c %A /etc/hosts -rw-r--r--
A great tool to isolate just the mode or permissions in Linux. If we one the file, being listed as the user owner of the file, we can use the tool chmod as a method of setting permissions. Firstly we will move to our home directory and then create a new empty file using touch before setting permissions:
$ cd $ touch new_file $ chmod u+x $ stat -c %A new_file -rwxrw-r--
It is common that after setting permissions we would want to list them to see that we have gained what we though we were setting; howler this can be done directory from chmod. We will work with that same file but add execute also for the group:
$ chmod -v g+x new_file mode of 'new_file' changed from 0764 (rwxrw-r--) to 0774 (rwxrwxr--)
By including the -v (verbose) opting with chmod we are able to print the permissions and what they were changed from directly after setting Linux file permissions.
This was taken from my eBook which takes you through 20 pages of detail about setting Linux Permissions. You can download the PDF from here.