Agenda
description
Transcript of Agenda
Agenda
The Linux File System (chapter 4 in text) Setting Access Permissions
Directory vs File Permissions chmod Utility
Symbolic Method Absolute Method
umask Utility
Access Permissions Limiting unauthorized access to your
directories and files is a very important concern for ALL Linux (Unix) users.
Consequences of Unauthorized Access: Copying your assignments (cheating) Using your account for illegal activity Using your account to send obscene
messages Tampering with files
File / Directory Permissions
The Linux (Unix) OS can allow the user to specify read, write and execute permissions to the user (owner of file), group (same group members) or all others (different group members)
Directory Permissions: Read (r) – View directory contents (filenames only) Write (w) – Create / Remove subdirectories and files Execute (x) – Access directory contents
File Permissions Read (r) – View contents (inside) of file Write (w) – Make changes to file’s contents Execute (x) – Run program or shell script
chmod Command(Relative Method)
Used to change the access permissions of a file or directory
Format:
chmod [who] [operation] [permission] file
who relates to user (u), group (g), others (o), or all (a)
operation relates to adding (+), removing (-), orsetting (=) permissions
permissions are read (r), write (w), or execute (x)
chmod Command(Relative Method)
Examples: Add Permission
chmod g+rw file.name chmod o+x file.name
Remove Permission chmod g-w file.name chmod a-w file.name (removes write for ugo)
Set Permission chmod o=rx file.name chmod go=rx filename
Note: you can use wildcard symbols (eg *) to match particular files
chmod Command(Absolute Method)
You can use the chmod command with octal number to represent (in binary) a permission (1) or removal of a permission (0) for the file or directory.
This is referred to as an Absolute method, and many prefer this “short-cut” method to changing file / directory permissions.
chmod - Example(Absolute Method)
Applying octal values of rwx using the absolute chmod command:
chmod 777 file - r w x r w x r w x chmod 755 file - r w x r - x r - x chmod 711 file - r w x - - x - - x chmod 644 file - r w - r - - r - -
Practical Applications ofchmod Command
Directory Pass-Through Permission (x) Pass-through permission allows users to
pass-through a directory in order to access the contained files and subdirectories
To deny access to your files by other users, you can remove group and other pass-through permissions on your home directory (rwx------)
Practical Applications ofchmod Command
Sharing Files Set up directory and file permissions to
allow users to modify a file or set up permissions to allow user to view, but not modify a file.
Webpages Allow or deny access to files. For example,
use chmod command to allow group & others execute permission to “pass-through” your directories.
Creating a User Mask The Unix / Linux OS allows “masks” to be
created to set default permissions for “newly-created” directories and files.
The umask command automatically sets the permissions when the user creates directories and files (umask stands for “user mask”).
This process is useful, since user may sometimes forget to change the permissions of newly-created files or directories.
umask Command Used to automatically establish file
permission upon creation
umask [mask]
where mask represents a 3-digit octal number for permissions to be denied for UGO.
Think of a mask as “hiding” permissions that are available from the system.
Setting Directory Mask To change directory mask:
Determine octal number that would set directory permission
Subtract octal number determined above from octal number 777 to get result
issue the command : umask [octal number]
Setting Directory Mask Example:
To set mask for newly-created directories to:r w x r - - r - -
Determine octal number1 1 1 1 0 0 1 0 0 = 744
Subtract 744 from 777 = 033
Issue command umask 033
Issue command umask to verify change
Why 777?
Because the system wants to give full permissions for user, group and others. The mask 033 takes away the specified permissions.
Determining Default Directory Permissions
Example: With umask of 033 from previous
example:
Subtract 033 from 777 = 744
Convert to permissions:r w x r - - r - -
umask for Files When creating new regular files, the
system can only provide read and write permissions (i.e. no execute permissions).
Thus there is no way to have execute permission as a default for files.
Note that there is only one umask setting, which determines default permissions for newly created files and directories.
Determining Default File Permissions
Example: With umask of 033 from previous example:
Subtract 033 from 777 = 744
Convert to permissions:r w x r - - r - -
Remove any “x” permissions remaining:r w - r - - r - -