Agenda

The Linux File System (chapter 4 in text) Setting Access Permissions

Directory vs File Permissions chmod Utility

Symbolic Method Absolute Method

umask Utility

Access Permissions Limiting unauthorized access to your

directories and files is a very important concern for ALL Linux (Unix) users.

Consequences of Unauthorized Access: Copying your assignments (cheating) Using your account for illegal activity Using your account to send obscene

messages Tampering with files

File / Directory Permissions

The Linux (Unix) OS can allow the user to specify read, write and execute permissions to the user (owner of file), group (same group members) or all others (different group members)

Directory Permissions: Read (r) – View directory contents (filenames only) Write (w) – Create / Remove subdirectories and files Execute (x) – Access directory contents

File Permissions Read (r) – View contents (inside) of file Write (w) – Make changes to file’s contents Execute (x) – Run program or shell script

chmod Command(Relative Method)

Used to change the access permissions of a file or directory

Format:

chmod [who] [operation] [permission] file

who relates to user (u), group (g), others (o), or all (a)

operation relates to adding (+), removing (-), orsetting (=) permissions

permissions are read (r), write (w), or execute (x)

chmod Command(Relative Method)

Examples: Add Permission

chmod g+rw file.name chmod o+x file.name

Remove Permission chmod g-w file.name chmod a-w file.name (removes write for ugo)

Set Permission chmod o=rx file.name chmod go=rx filename

Note: you can use wildcard symbols (eg *) to match particular files

chmod Command(Absolute Method)

You can use the chmod command with octal number to represent (in binary) a permission (1) or removal of a permission (0) for the file or directory.

This is referred to as an Absolute method, and many prefer this “short-cut” method to changing file / directory permissions.

chmod - Example(Absolute Method)

Applying octal values of rwx using the absolute chmod command:

chmod 777 file - r w x r w x r w x chmod 755 file - r w x r - x r - x chmod 711 file - r w x - - x - - x chmod 644 file - r w - r - - r - -

Practical Applications ofchmod Command

Directory Pass-Through Permission (x) Pass-through permission allows users to

pass-through a directory in order to access the contained files and subdirectories

To deny access to your files by other users, you can remove group and other pass-through permissions on your home directory (rwx------)

Practical Applications ofchmod Command

Sharing Files Set up directory and file permissions to

allow users to modify a file or set up permissions to allow user to view, but not modify a file.

Webpages Allow or deny access to files. For example,

use chmod command to allow group & others execute permission to “pass-through” your directories.

Creating a User Mask The Unix / Linux OS allows “masks” to be

created to set default permissions for “newly-created” directories and files.

The umask command automatically sets the permissions when the user creates directories and files (umask stands for “user mask”).

This process is useful, since user may sometimes forget to change the permissions of newly-created files or directories.

umask Command Used to automatically establish file

permission upon creation

umask [mask]

where mask represents a 3-digit octal number for permissions to be denied for UGO.

Think of a mask as “hiding” permissions that are available from the system.

Setting Directory Mask To change directory mask:

Determine octal number that would set directory permission

Subtract octal number determined above from octal number 777 to get result

issue the command : umask [octal number]

Setting Directory Mask Example:

To set mask for newly-created directories to:r w x r - - r - -

Determine octal number1 1 1 1 0 0 1 0 0 = 744

Subtract 744 from 777 = 033

Issue command umask 033

Issue command umask to verify change

Why 777?

Because the system wants to give full permissions for user, group and others. The mask 033 takes away the specified permissions.

Determining Default Directory Permissions

Example: With umask of 033 from previous

example:

Subtract 033 from 777 = 744

Convert to permissions:r w x r - - r - -

umask for Files When creating new regular files, the

system can only provide read and write permissions (i.e. no execute permissions).

Thus there is no way to have execute permission as a default for files.

Note that there is only one umask setting, which determines default permissions for newly created files and directories.

Determining Default File Permissions

Example: With umask of 033 from previous example:

Subtract 033 from 777 = 744

Convert to permissions:r w x r - - r - -

Remove any “x” permissions remaining:r w - r - - r - -