File Permissions in Linux

File Permissions in Linux

 

This post was last updated on May 27th, 2020 at 04:40 pm

Note: Any time you change permissions (such as what groups a user belongs to, etc) while that user is logged in, the permission change will not take affect in the current session. The user will need to log out and log back in (or start a subshell with “su – username”) in order to get an environment with the changed permissions. The Administrator may optionally force (kick) those users off the system so that they will have to log back in to get the updated file permissions.

File Permissions

Lets take a directory listing:

[[email protected] /root]# ls -ltra
-rw-r--r--    1 root     root            0 Oct 12 07:51 testfile
lrwxrwxrwx    1 root     root            8 Oct 12 08:20 linktotestfile -> testfile

Notice the first column which has 10 entries “-rw-r–r–“. This should be divided out into 4 sections.

  1. 1st section – 1 character long
  2. Owner Permissions – 2nd section – 3 characters long
  3. This first set of rwx controls what the owner of the file can do with it.

  4. Group Permissions – 3rd section – 3 characters long
  5. This second set of rwx controls what the group users of the file can do with it.

  6. Other/Everyone Permissions – 4th section – 3 characters long
  7. This second set of rwx controls what all other users of the file can do with it.

What is rwx for files?

r = read (4)
w = write (2)
x = execute (1)

If an “r” shows in a field, then the users defined by that field are able to read the file.

If a “w” shows in a field, then the users defined by that field are able to write to the file.

If a “x” shows in a field, then the users defined by that field are able to execute that file.

How does rwx work on Files?

The following tests are run as follows: Create a new directory and set its permission to full control (0777). Create 8 new files with permissions as listed in the table. Then began performing the various actions and noting the results. The owner and group are set to root, I am testing as a non-root user.

File Permissions

Actionr–-w-–xrw-r-x-wxrwx
read – cat filenoyesnonoyesyesnoyes
write – ls /tmp >> filenonoyesnoyesnoyesyes
write – ls /tmp > filenonoyesnoyesnoyesyes
remove fileyes*yes*yesyes*yesyes*yesyes
executing a scriptnononononoyesnoyes

remove file = yes* – These files gave a “rm: remove write-protected file ‘filename’?” error. Saying “yes” removes these files. Also performing a “rm -rf” file removes the file without any warning. The ability to remove a file is controlled at the directory level.

How does rwx work on Directories?

The following tests are run on 8 directories with permissions as listed in the table. Each of these directories contain 1 file each with full permissions (0777) on the file. The owner and group are set to root, I am testing as a non-root user.

Directory Permissions

Actionr–-w-–xrw-r-x-wxrwx
cd into directorynononoyesnoyesyesyes
ls directorynoyes*nonoyes*yesnoyes
file name completionnoyesnonoyesyesnoyes
create new file in dir.nonononononoyesyes
read file in dir.nononoyesnoyesyesyes
modify file in dir.nononoyesnoyesyesyes
remove filesnonononononoyesyes
execute scriptnononoyesnoyesyesyes

ls = yes* – Only the files are listed with error. No other file attributes are able to be listed. File name completion works in these cases as well.

Using the”file” Command

Strange way to use the sh Command

[[email protected] /root]# cat file-0774.txt | sh

File actually executes

Executing a script

8 directories with 8 scripts each were created. The 8 directories had the 8 different combinations of the permissions – so did each of the 8 scripts in each of the directories. 64 scripts in all. The following results were noted:

Directory/File permissions
0771/0775 and 0777 ran, 0770 thru 0774 and 0776: permission denied*
0773/0775 and 0777 ran, 0770 thru 0774 and 0776: permission denied*
0775/0775 and 0777 ran, 0770 thru 0774 and 0776: permission denied*
0777/0775 and 0777 ran, 0770 thru 0774 and 0776: permission denied*
0770/all: permission denied
0772/all: permission denied
0774/all: permission denied
0776/all: permission denied

denied* – All of these gave a strange error on 0771 and 0773 – seems like “r” on the file permission is required for execution

Executing a script by way of “cat script| sh”

8 directories with 8 scripts each were created. The 8 directories had the 8 different combinations of the permissions – so did each of the 8 scripts in each of the directories. 64 scripts in all. The following results were noted:

Directory/File
0771/0774 thru 0777 ran, 0770 thru 0773: permission denied
0773/0774 thru 0777 ran, 0770 thru 0773: permission denied
0775/0774 thru 0777 ran, 0770 thru 0773: permission denied
0777/0774 thru 0777 ran, 0770 thru 0773: permission denied
0770/all: permission denied
0772/all: permission denied
0774/all: permission denied
0776/all: permission denied

Previous Linux I/O Redirection
Next Printer Ports
 

About author

Sibananda Sahu
Sibananda Sahu 186 posts

A Linux Kernel Developer and a Firmware Developer by profession. Have worked with few big companies: BROADCOM Corporation, Cypress Semiconductor, LSI Corporation, TOSHIBA Corporation, Western Digital; on various cutting edge technologies and product lines, such as: RAID storage Driver, SSD Firmware, WLAN Firmware etc. Having more than 9 years of experience in Software Engineering domain. Now, took a pledge to educate all aspirant students to teach about Linux Kernel Development.

View all posts by this author →

You might also like

System Understanding 0 Comments

Using Here Documents in Linux

This post was last updated on June 3rd, 2020 at 04:38 pmcat <<EOF>/tmp/newfile This is the contents of the here document It can span multiple lines A here document says

System Understanding 0 Comments

Difference Between MBR And GPT

Large storage disks usually have logical partitions. An Operating System uses a partition table to identify the start address, filesystem information, and other details of a specific logical partition. The

System Understanding 0 Comments

Linux and Memory

This post was last updated on May 26th, 2020 at 10:10 pmContents1 Determining if your entire memory is being detected:2 Specifying Undetected Memory – Method #12.0.1 The following format is

0 Comments

No Comments Yet!

You can be first to comment this post!

Leave a Reply